Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Programming

New NSA-Funded Code Rolls All Programming Languages Into One 306

Posted by timothy
from the so-your-program-can-confuse-itself dept.
An anonymous reader writes "What's your favorite programming language? Is it CSS? Is it JavaScript? Is it PHP, HTML5, or something else? Why choose? A new programming language developed by researchers at Carnegie Mellon University is all of those and more — one of the world's first "polyglot" programming languages. Sound cool? It is, except its development is partially funded by the National Security Agency, so let's look at it with a skeptical eye. It's called Wyvern — named after a mythical dragon-like thing that only has two legs instead of four — and it's supposed to help programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.
This discussion has been archived. No new comments can be posted.

New NSA-Funded Code Rolls All Programming Languages Into One

Comments Filter:
  • by Taco Cowboy (5327) on Sunday August 10, 2014 @05:58PM (#47643987) Journal

    I arrived at America pretty late - at the 60's - but at least at that time America had several institutions doing all kinds of wonderful basic research

    Bell Labs
    Xerox's famous lab at Palo Alto
    The Skunkworks

    And at that time Darpa funded a lot of basic research as well

    Today, all gone

    Even Darpa's funding are not aiming at basic research - such as what TFA has outlined - what they are doing at Carnegie Mellon is actually an applied research ... taking what has been known and add another layer onto it

    What's happening in America nowadays is very worrying

  • Shit summary (Score:5, Insightful)

    by Anonymous Coward on Sunday August 10, 2014 @06:01PM (#47643999)

    CSS and HTML5 are not programming languages. You don't "choose" html5 over, say, php.
    (And don't fucking say HTML5 + CSS3 is turing complete)

  • Ummm... Fuck beta. (Score:0, Insightful)

    by Anonymous Coward on Sunday August 10, 2014 @06:09PM (#47644035)

    Yeah, again....

  • why- just why? (Score:4, Insightful)

    by sumdumass (711423) on Sunday August 10, 2014 @06:14PM (#47644103) Journal

    Why in the hell would you need to look at something with a skeptical eye just because money came from a certain source? Is the reputation of carnegie mellon suspect or something? And if so, shouldn't that in and of itself be the reason of suspect?

    The submiter is a shallow person suffering from guilt by association which is never a valid premise. I mean i know skin heads who donate to planned patrenthood specifically because they have all their abortion clinics in areas with high minority populations and keep the minority populations in check. Does that mean we have to look at them wiyh a skeptical eye too? Of course not- or at least npt because a source of their funding has issues most of us find repulsive.

    The merrits of this will rest on its own. There is absolutely no reason to put the integrity of the development into question simply because the NSA gave funding.

  • by tommeke100 (755660) on Sunday August 10, 2014 @06:20PM (#47644153)
    To write better Apps and Websites?
    Are these what the kids call programming languages these days?
    It doesn't sound very serious.
  • Re:Shit summary (Score:5, Insightful)

    by Bing Tsher E (943915) on Sunday August 10, 2014 @06:51PM (#47644265) Journal

    I didn't see any programming languages in the list on the summary. Just a bunch of web shit.

  • by 50000BTU_barbecue (588132) on Sunday August 10, 2014 @07:00PM (#47644289) Homepage Journal

    Of course, a lot of research was done by the private labs of corporations back then, like IBM, RCA, etc.. Engineering was a respected profession, you needed real talent to become an engineer or programmer and you could earn a good living that way in the West.

    Then one day some bright psychopath realized it would be cheaper if universities did the research with government money instead.

    Then you get the research done, your future employees come already in debt, and then they work for peanuts paying back their student loans.

    So companies used to pay YOU to do research, now YOU pay to go to university and the companies get to keep the IP!

    And social engineering and manipulation means that people will WILLINGLY do so!

    Brilliant!

  • by Henriok (6762) on Sunday August 10, 2014 @07:02PM (#47644297)
    May I point out that the LLVM logo is a wyvern? http://llvm.org/Logo.html [llvm.org]
  • Re:why- just why? (Score:5, Insightful)

    by Spinalcold (955025) on Sunday August 10, 2014 @07:05PM (#47644309)
    You should always look at the funding path. It tells you a lot about the quality of research. In the past 60 years funding towards 'think tanks' has gone into making bad science to combat good science research, all in an effort to move political goals. I'm not saying this particular research is bad, however it is good to know some of the funding came from the NSA.
  • by raymorris (2726007) on Sunday August 10, 2014 @07:32PM (#47644399)

    It doesn't do what the summary says.

    If it did, that would take care of half of my bugs. Within a 30-minute period, I might well work in PHP, Perl, ActionScript, JavaScript, and some other language. A large portion of my errors are things like using empty() in JavaScript. Especially, ActionScript is almost the same as JavaScript, and a lot of Perl is also valid PHP, so when switching between these it's easy to absent-mindedly tap out a line in the wrong language.

    Once upon a time, I used vim syntax highlighting, which doesn't typically catch using the right syntax, but the wrong function name, but does make missed braces and such obvious. Maybe I should right a vim plugin for "wrong language, dummy." It would look for echo (phph vs print (Perl), etc.

  • by Capsaicin (412918) * on Sunday August 10, 2014 @08:31PM (#47644603)

    I really like PHP. It is however not a bloody programming language, it's a scripting language.

    I really hate PHP, but what I hate even more is being confronted with this mysterious distinction between "scripting" and "programming" languages.

    A language might be strongly or weakly, dynamically or statically typed. A particular implementation might employ a compiler, a virtual machine or interpreter. These are meaningful distinctions. But what (with the possible exception of a hardware specific control language) does it even mean for a language (as distinct from its implementation) to be a "scripting" language?

    Would PHP cease to be a scripting language if an object code compiler were available for it? Is 'C' a "scripting language" just because it's interpreted [softintegration.com]? And what about a language which has never actually been implemented, what in the language specification determines unequivocally if that language is 'scripting' or a a 'programming' language?

  • Re:CSS? (Score:5, Insightful)

    by doublebackslash (702979) <doublebackslash@gmail.com> on Sunday August 10, 2014 @08:57PM (#47644673)

    I'd like to point out that you can't represent irrational numbers accurately without a new system. Let alone trancendental numbers.

    Also some numbering systems are more convenient. Binary, for example. Not different numerals, but used differently.

    I know, not exactly your point, but don't dismiss languages other than C, Basic, and Pascal.

  • Re:why- just why? (Score:2, Insightful)

    by TubeSteak (669689) on Sunday August 10, 2014 @09:35PM (#47644775) Journal

    There is absolutely no reason to put the integrity of the development into question simply because the NSA gave funding.

    Uh yes, there is.

    As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

    How much longer are you willing to be a battered spouse, making excuses for your abuser?

  • by Karmashock (2415832) on Sunday August 10, 2014 @09:56PM (#47644817)

    The NSA's reputation has been annihilated. There are good people that work for such organizations. People that could and do benefit our society on a regular basis. Their institution was simply coopted by irresponsible people that sadly destroyed everything. Its a shame.

  • Re:Wyvern = Wyrm (Score:5, Insightful)

    by Bite The Pillow (3087109) on Sunday August 10, 2014 @10:24PM (#47644899)

    Why?

    To write applications in one language, instead of HTML, CSS, JavaScript, SQL, and something else. Not including multiple levels of configuration files (website and web server at least).

    What's the worst that could happen?

    The NSA could insert backdoors which, unless they were incomprehensible crypto, would be easily found by both white and black hat investigators. Also, Carnegie Mellon University, which has a pile of research announcements every year, has its entire research department under suspicion of colluding with an oppressive government agency and spends decades regaining international status as someone you can do anything other than make the punchline of a joke.

    CMU losing status is, to CMU, absolutely an intolerable option. I'm not saying it won't just because of the potential impact, but you asked what is the worst that could happen. Backdoors, and a respected university bursts into flames and is disregarded for decades internationally. That's bad.

    What's the best?

    Fewer bugs.

    Why is the NSA interested in something like that directly?

    Because despite recent bad press, they are interested in security. If we can write stuff with fewer bugs, we are more secure. Maybe there are still plenty of bugs in the hardware/OS that they know about, but fewer bugs in the application level, which means the foreigners don't know about them because they don't exist.

    What is the potential for abuse?

    Pretty small. White hats will vet the libraries, black hats will try to penetrate it, and it's no more or less secure than anything else a human has written. But people can make mistakes in fewer languages. And they aren't replacing languages, from the sound of it.

    Is it to make code analysis that much more centralized and (supposedly) simple?

    I suppose you could read the article.

    Why didn't this come up with itself before now?

    Why didn't the airplane come up before it did? Are you insinuating something? Do you know something we don't know? Did someone mod you up for any particular reason, or just because you spewed thoughtless rhetorical questions?

  • stupid argument (Score:2, Insightful)

    by globaljustin (574257) <justinglobal.gmail@com> on Monday August 11, 2014 @01:06AM (#47645235) Homepage Journal

    CSS & HTML5 ***are*** code languages for programming machine behavior

    *at the presentation level*

    it's not an "original gangster" hardcore badass super 1337 C#+! language...it's not complex or "bragable" at a gathering of dorks trying to impress each other...

    but it's symbols that form a code that humans use to 'program' machine behavior...that's a programming language

    just accept it, once and for all, and stop all of you....just stop

    it doesnt make your skillz any less bragable...it's a coding language...mostly visual design oriented...

    ***HTML5&CSS are not threats to your bragging rights***

  • Re:Wyvern = Wyrm (Score:5, Insightful)

    by Anonymous Coward on Monday August 11, 2014 @02:11AM (#47645373)

    backdoors [...] would be easily found by both white and black hat investigators.

    That's about the same as stating it is as simple to find a needle in a haystack as to put one in.

    We already have issues finding normal bugs. We have seen flaws in kernels and encryption libraries that might have well been a typo, yet were in for years.

  • To properly need to debug such a language, you would need to be aware of all of the possible rules, pitfalls, bugs, and race conditions of every language under its hood.

    At a basic level, is your "if else" condition running on it's Java or C++ or C version? Does it catch exceptions? Where is data being handled in memory? Are buffer overruns possible in some of these languages?

    No one human could possibly we simultaneously cognisant of all possible sources of error. Programs in such a language would be a security disaster waiting to happen.

Every successful person has had failures but repeated failure is no guarantee of eventual success.

Working...