September 1996: Letters

LETTERS

Why our Windows don't Open

Dear DDJ,

I am perhaps DDJ's least-knowledgeable reader. I write some AppleScripts, and I am learning a bit of C. Still, I enjoy your magazine very much. Michael Swaine's "Programming Paradigms" of December 1995 discussed little languages available for the Macintosh, including the Chipmunk Basic interpreter, whose programs can be run by an AppleScript DoScript command. I downloaded Chipmunk, bought a book on Basic for a quarter, and carefully copied its ten-line sample programs, which I executed from Apple's script editor.

Will DDJ's editorial staff throw itself from a window upon hearing that the magazine has a reader at this level?

Frisco Del Rosario

Belmont, California

Frisco_Del_Rosario@iacnet.com

The Virtues of Assembler

Dear DDJ,

I just received my June 1996 issue of DDJ and immediately turned to the "Letters" section because I look forward to the information and code segments other readers send in. For some reason, Pat Farrell's letter on the future of programming caught my eye, and I very carefully reread it.

I must admit that I find it hard to believe that Pat has been programming for the last 20 years. His opinion regarding core and memory dumps reminds me of the unrealistic expectations of some of my fellow students in my first-year programming classes. Likewise, his opinion resembles that of some language zealot who continuously states that "such and such language solves all programming errors."

I work as a contract programmer. I usually am required to work in Visual Basic and AccessBasic because that's what my customers bought, before I was contracted! When I do get a chance to write using a language such as C/C++ or Delphi with built-in debugging tools that are available, I rejoice. I rely heavily on my debuggers, code profilers, and CASE tools. I prefer writing in Delphi or C++, but if I need the speed that assembler will give, I use assembler. I could not imagine trying to rely solely on the built-in optimization in Delphi, although I admit that it is, in a generic way, pretty good. As for expecting it to fully optimize my code for the 385/486/Pentium, I'm not that much of a fool. I suggest that Pat might gain a better understanding of why I hold this opinion if he were to buy and read Michael Abrash's book Zen of Code Optimization (Coriolis Group Books, 1994).

I think that Pat is right that the next generation of CPU designs will increase the demand for optimizing compilers. However, I expect that, given the ever-increasing lag between CPU features and software utilization of those features, hand- optimizing assembly code will continue to be the normal way to achieve the highest levels of optimization.

Derek A. Benner

Citrus Heights, California

Cryptic Noise

Dear DDJ,

Cryptography is becoming ubiquitous in our communications; as the number of commercial transactions through the Internet increases, more people use cryptography as a standard component in many programs.

There is a problem, however. Public-key schemes in use (for example, random keys generated for secure HTTP connections, or the proposed SSH, Secure Shell, remote login protocol) rely heavily on the quality of the random-number generators from which the keys are derived.

You can use a key as big as you want; if your source for key generation defines a smaller key space, your key becomes as small as the set of random numbers you can generate. This means that current usage of strong cryptography algorithms doesn't ensure adequate security; currently, a developer using a cryptography library must be able to use a good enough random-number source, and so, every program using random-generated keys should document the random-number source.

As an example, there has been a lot of coverage on a problem discovered in the key generation method of the Netscape Navigator, and more problems will arise as more programs are studied.

I think there's only one solution, and I think it can be done quite cheaplya hardware random-number generator. Given a reasonably good analog noise generator and a method of sampling it, it will always be better than a pseudorandom-number generator based on the PID of a program, time since last reboot, current time, a hash applied to the name of the user, and any of those predictable sources. This will be considered a mandatory component for computers in some years.

Borja Marcos

Spain

borjam@we.lc.ehu.es

Patents and the Web

Dear DDJ,

Has anybody considered the legal implications of LZW and the GIF format that is built into Java. I remember the issue of LZW, CompuServe, and Unisys was under discussion in DDJ a year or two ago and there was a lot of talk in the industry of replacing GIF with a new format. It would be interesting to know how all this applies to Java. Sun obviously does not require a license from Unisys for Java, since Java is free. However, if I write an application with Java, which I sell commercially (say, it is a development tool), do I then require a license for LZW, since any developers using my tools have the ability to read GIF images and, indirectly, I sold them the software that has this ability. I contacted Unisys about clarification on this point, but have not been able to get any information out of them for the past two weeks!

Piet Obermeyer

Atlanta, Georgia

pieto@atlanta.com

It's a Date

Dear DDJ,

I decided to subscribe to DDJ on the strength of your April 1996 issue. I have three comments relevant to the "Letters."

I didn't read the Homer Tilton calendar algorithm. I have saved for 13 years a copy of Gordon King's code for the conversion of calendar date to Julian date (DDJ, June 1983) and for 28 years Henry Fliegel and Thomas VanFlandern's code for the same purpose published in Communications of the ACM, October 1968. The latter was interesting because it accomplished the conversion in one Fortran statement, allowing it to be used as an arithmetic statement function. It is long but it worked: JD(I,J,K) = K-32075+1461*(I+4800+(J-14)/12) /4+367*(J-2-(J-14)/12*12)/12- 3*(I+4900+(J-14)/12)/100)/4, in which I is year, J is month, K is day. It may be necessary to remind modern programmers that variables beginning with i, j, k were integer variables. Also, the Fortran compiler processed operators from left to right so (j-14)/12*12 meant ((J-14)/12)*12.
In 1965 or so, my friend wrote a calendar routine for a new operating system which determined the day of the week. He was quite proud of it because it was small and fast, important in the center of the operating system. A customer complained that it would fail in the year 2000. My friend told me that the comment was irrelevant. He knew the algorithm would fail in the year 2000. He also knew that that operating system would be long gone by 2000. He was right, of course.
Again, I haven't read the material Jack Reeves discusses and Al Stevens defends. I have taken up C since I retired and it is a fine language. It does demonstrate the mind set of the academic. My experience was in applications programming and I find C to be extremely demanding in terms of syntax and, as a consequence of its compactness, errors (mine) can be very difficult to locate. I believe strongly that a certain amount of redundancy in a language is highly desirable. It allows the compiler to catch a lot of typos, inadvertent omissions, and the like. A good example is requiring an if statement to be terminated by an endif. The precise delimiter is unimportant. The use of a specific delimiter is important. A little more redundancy would have made C a lot better in the applications world.

Marvin H. Allison, Jr.

Acushnet, Massachusetts

MarvinA311@aol.com

Java Naysayer or Realist?

Dear DDJ,

First off, let me say that I consider your magazine very interesting and professional (more often than not, I buy a copy even if my company subscribes). One thing I regret, though, is your contribution to all of the Java hype.

I am not talking about Java as a development language specifically, but rather about its applications to Internet/Intranet solutions (even though some of the following considerations apply in general to Java).

I was one of the first in Norway to download HotJava (one year ago). I was impressed with the idea of applications running on the client side and I expected to see innovative solutions to be visible in the next few months.

What I saw instead are students drinking beer on their homepages, bubbles of many colors, small green waves, and spinning logos. A ridiculously simple spreadsheet was the most serious application I came across. I lost count of how many times I read the "wait and see" sentence in connection with Java. Analyzing the architecture of Java in connection with the Web explains many things.

Java applets can't write to the local disk (and they never will, unless we want to get a Java rm -rf * virus the day afterwards). This means that there's no way to register information between two different Java sessions (unless we rely, as usual, on the server side).
Java applets take ages to download even for the simplest applications.
Java is complex enough to require professional developers for not so complex applications (compare this to the simplicity of HTML, which fueled the Web revolution).
Ninety-nine percent of the time, people need to interface a database or an application with the Internet (it would be stupid, for example, to download an 18-MB database for querying two records). In other words, CGI technology is a universally supported technology which offers interaction (will Java people please stop saying that the WWW was not interactive before Java. I find this particularly irritating!).
If you need a complex client/server solution, which CGI cannot offer, then it's much better to code your client and server with another tool (using RAD tools with TCP/IP for communication, for example) without wasting time and money trying to make your requirements fit into the Java paradigm.
The AWT library is different on many architectures. This allows support for maintaining the look and feel of the actual platforms, in theory, but in practice, the AWT classes have their own different bugs that spoil platform independence (once more, no serious Java application can run smoothly on all of the supported platforms, yet you have already given up the platform-specific advantages!).
Netscape Plug-Ins. Aren't they much better for the development of customized Intranet solutions? Maybe they are not supported for every platform, but imagine having to download a Java .PDF-like reader every time you encounter a .PDF document.
With Java you can get some control on what the user puts in the forms before shipping to the CGI on the server, but you can also do this on the server side and reissue the form with the previously typed text already inserted. This solution keeps forms loading with the speed of HTML; no need for an applet, and, above all, gives you compatibility with all of the browsers (even Lynx).

Yes, Java needs time (usually) to mature, but while languages in this state dwell in universities, Java is being sold as state of the art. The whole Java issue should be split in two (that this has not been said loud and clear, contributed a lot to the confusion):

Java as a development language. Sure it is interesting, but keep on with your work. I guess Java will have a hard time replacing C/C++, but it's worth trying from a research viewpoint.
Java as a Web client-side language. Forget it! The idea of transferring an automatically executed application should be dropped. The obvious alternative is an enrichment of the CGI alternative (I'm thinking of a form that lets you select a subregion from a picture by sending the corners' coordinates, for example).

In short, Java, far from being a revolution, is not even a reform.

Luca Passani

Oslo, Norway

lpa@sysdeco.no

Founding Father Flub

Dear DDJ,

Al Stevens' May 1996 "C Programming" column briefly discusses the Bill Gates' book The Road Ahead, especially the pervasiveness of monitoring technology, and Gates' dismissal of this as "unremarkable." I completely agree with Al about this attitude: It is frightfully chilling. I also agree with the wisdom behind his quotation. But my reference book (Bartlett's Familiar Quotations) gives Ben Franklin as the originator of that quote, not Thomas Jefferson (although Jefferson does have some other wise things to say about liberty). The Franklin quote is given as "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

What with Gates' attitude and the so-called Communications Decency Act, we "ordinary citizens" had better keep an even closer eye on our leaders, lest they lead us along a road ahead that is:

"A passage broad,

Smooth, easy, inoffensive, down to Hell."

Milton, Paradise Lost

Greg Guerin

Tempe, Arizona

glguerin@amug.org

P.S. Since I used the "H" word, is this e-mail now in violation of the CDA, making me a felon?