wxWidgets Discussion Forum

Microsoft, not happy with their illegally attained empire over IT, decide to impose their own proprietary standards onto the C++ programming language, by adding tons of perverse language extensions to please the likes of VB and C# coders and starting to call perfectly safe standard algorithms "deprecated". The day will soon come M$ patents C and C++ as their own invention.

Details in linked article: http://www.informit.com/guides/content. ... m=259&rl=1

I'm glad I haven't bought Microsoft products like the Media Center or the XBox360, and I certainly am not going to give them my money for Vista...

/ends rant and spam

NO. Why do we need another proprietary language?
If C or C++ became proprietary I would stop programming!
I seem to recall reading something on Bjarne Stroustrup's page about YAPL (Yet another proprietary language), anyways can't seem to find it....

http://public.research.att.com/~bs/

About MS compilers what do you expect? I don't like MS that much, and one way to voice the displeasure is to not buy/use their products.

Your poll and question are both different. I don't see any harm in using safe strings function instead of regular one. The latest C++ standard also talks about that, the other compiler vendors are too slow to pick. If you have knowledge of various security vunerabilty and are working on some secure software, then may be you should give thanks to MS. There are a lot more serious now-a-days about secure coding practices after the windows security push. The older string functions are highly unsafe and the stack overflow can cause any hacker to take over your computer remotely.

priyank_bolia wrote:Your poll and question are both different. I don't see any harm in using safe strings function instead of regular one. The latest C++ standard also talks about that, the other compiler vendors are too slow to pick. If you have knowledge of various security vunerabilty and are working on some secure software, then may be you should give thanks to MS. There are a lot more serious now-a-days about secure coding practices after the windows security push. The older string functions are highly unsafe and the stack overflow can cause any hacker to take over your computer remotely.

You're absolutely right about my poll, I should have made the question less dubious by saying "the C++ standard" instead of just "C++".

Having explained that, the standards comitee usually sees no problem with platform-specific implementations of the standard. What MS does, however, is introduce warnings - or perhaps, heaven forbid, errors - in their compiler for perfectly correct STL code, unlike those really deprecated old function calls to char* you mention. This is the latest iteration of the STL we're talking about, it's type-safe and not easily exposed to buffer overflows.
This is like you said, a push from MS, but one that aims at creating Windows-centric habits in C++ developers. Once a programmer gets too used to code in VC++ 8, he won't try other compilers/platforms that fast. The alternatives will just sound "wrong" to him.

Your post gives the impression that you are overestimating the importance of Microsoft's "pushes". It was the Win9x generation that spawned 80% of today's security problems. Microsoft only started to push security because a good number of big enterprise clients starting flirting alternatives like Linux. Windows Vista is finally going to cut down on user priviledges, like any UNIX-based OS has always done for more than 3 decades. Some push...
Among all major commercial compilers, VC++ was the last to correctly implement templates recursion and portions of the STL. If you google for it, you can find out how to routinely crash VC++6 with legal code.

Your poll is completely out of line, and you are completely overreacting just as badly as the author of this article is. Firstly, just because microsoft adds new functions to C++ does not make C++ a proprietary language. GCC also has their own extensions to C and presumably C++ as well, does anybody accuse them of having a proprietary C++?

Having explained that, the standards comitee usually sees no problem with platform-specific implementations of the standard. What MS does, however, is introduce warnings - or perhaps, heaven forbid, errors - in their compiler for perfectly correct STL code, unlike those really deprecated old function calls to char* you mention. This is the latest iteration of the STL we're talking about, it's type-safe and not easily exposed to buffer overflows.

The code given in the article is actually unsafe when placed into a real working environment where it won't be properly constructed only to demonstrate its safety. Buffers won't always be 10 characters and source strings won't always be less than 10 characters. There is no gaurentee that this construct won't break. The warning that microsoft chose to give to programmers may have been a bad choice, but its intentions are correct.

This is like you said, a push from MS, but one that aims at creating Windows-centric habits in C++ developers. Once a programmer gets too used to code in VC++ 8, he won't try other compilers/platforms that fast. The alternatives will just sound "wrong" to him.

May I call you paranoid? What are Windows-centric coding habits anyway? To think that microsoft is trying to take over the world due to one compiler warning is completely off base. The function invocation as coded in the article for std::copy is safe, surely, but that is a very isolated piece of code. There is only the gaurentee that the dest buffer is large enough because he wrote all of it to demonstrate that fact. Real world code has no such gaurentees, and is therefore unsafe. This similar argument can be applied to his problems with microsofts new versions of strncat_s and similar functions. He constructs an example very carefully showing that undefined behavior can still occur by doing pointer arithmetic and purposfully trying to achieve undefined behavior. Congradulations! You proved that if you try hard enough you can write a broken program. Does that make the functions inherantly unsafe? No. It makes the coder who wrote that example inherantly foolish.

Your post gives the impression that you are overestimating the importance of Microsoft's "pushes". It was the Win9x generation that spawned 80% of today's security problems. Microsoft only started to push security because a good number of big enterprise clients starting flirting alternatives like Linux. Windows Vista is finally going to cut down on user priviledges, like any UNIX-based OS has always done for more than 3 decades. Some push...

This has nothing to do with your accusation that MS is making C++ proprietary.

If you google for it, you can find out how to routinely crash VC++6 with legal code.

VC6 came out before the C++ standard was finalized (as in, before 98 ). Therefore, it compiles some language which is not standard C++. Realize this before making accusations that microsoft sucks at writing compilers, because VC7.1 and now VC8 are some of the best (and most compliant) C++ compilers in existance.

SnakeChomp wrote:Firstly, just because microsoft adds new functions to C++ does not make C++ a proprietary language. GCC also has their own extensions to C and presumably C++ as well, does anybody accuse them of having a proprietary C++?

You missed the part where I mention that standard extensions - not replacements - are OK. I couldn't correct the poll question, for some reason.
And no, because i) GCC never emits warnings that state only their own extensions to be fundamentally correct and ii) they also remove extensions that may make code break under other compilers, such as the ">?" and "< ?" operators. That was certainly a wrong call, but they retracted it in time.

The code given in the article is actually unsafe when placed into a real working environment where it won't be properly constructed only to demonstrate its safety. Buffers won't always be 10 characters and source strings won't always be less than 10 characters. There is no gaurentee that this construct won't break. The warning that microsoft chose to give to programmers may have been a bad choice, but its intentions are correct.

A number of "small bad choices" from Microsoft can add up to a considerable influence in the field. But your next statement already replies to this one.

May I call you paranoid? What are Windows-centric coding habits anyway? To think that microsoft is trying to take over the world due to one compiler warning is completely off base.

Sure, you may. How about thousands of programmers who respond to Microsoft's highly arbritated interpretation of the standard as though it were the correct one? Shouldn't MS just propose changes to the standard instead of trying to replace it?

Your post gives the impression that you are overestimating the importance of Microsoft's "pushes". It was the Win9x generation that spawned 80% of today's security problems. Microsoft only started to push security because...

This has nothing to do with your accusation that MS is making C++ proprietary.

No, but it has to do with me thinking twice before thanking Microsoft for so many wonderful things, according to the previous reply.

VC6 came out before the C++ standard was finalized (as in, before 98 ). Therefore, it compiles some language which is not standard C++. Realize this before making accusations that microsoft sucks at writing compilers, because VC7.1 and now VC8 are some of the best (and most compliant) C++ compilers in existance.

I used VC6 for a long time, and had to wait some time before Microsoft decided to implement "advanced features" that their competition did as soon as the standard was ready. The point of this being, they are more of fast followers rather than leaders. I agree that VC7.1 and VC8 are probably the best running compilers on Windows, but standards should be as predictable as well as practical.

AkiraDev wrote:

SnakeChomp wrote:(...)VC7.1 and now VC8 are some of the best (and most compliant) C++ compilers in existance.

(...)I agree that VC7.1 and VC8 are probably the best running compilers on Windows

Since you both refer to VC as "C++ compiler" and not "IDE" I just would like to point out that as stated at http://cmeerw.org/prog/freecpp/ DigitalMars C++ is closer to C++, works fine with MS SDK, his maintainer is full time accessible, responds to bug reports and releases fixes in a few days. Really impressive work done by author of first native C++ compiler ever (a few compilers in fact, http://www.walterbright.com/ )

ABX

AkiraDev, this is the real example of microsoft security push after 2000
http://www.informationweek.com/story/sh ... d_IWK_news

Hi!

AkiraDev wrote:The day will soon come M$ patents C and C++ as their own invention.

No. Never, as nobody "owns" C++. This would be like Duden patenting the german language or the Britannica patenting english.... Ok, not the best analogy, but you get the impression. (http://public.research.att.com/~bs/bs_faq.html#revenues)

I don't want to contribute to the "Is MS good or bad" discussion. After all it's all about the money.

priyank_bolia wrote:AkiraDev, this is the real example of microsoft security push after 2000
http://www.informationweek.com/story/sh ... d_IWK_news

Instead of actually proving your point, you choose to attack *NIX systems with vague numbers.

In the same article you sent:
"The end-of-year vulnerability score should be taken with a grain of salt, however, since US-CERT doesn't filter out updates (so one actual vulnerability can be counted numerous times) nor does it break out individual vulnerabilities from warnings that cover multiple bugs (as in the many Mac OS X vulnerability listings)."

To my personal experience, patches on Linux distros regularly come out much more frequently than the "monthly patch cycle".

What's more, the vast majority of *NIX exploits are only possible locally, and often associated with the root account, in contrast to Windows exploits, which are almost always possible remotely, and in many cases with hardly any user intervention.

Here's a couple of more real examples of Microsoft security push for you: ActiveX and the WMF exploit. Despite it's high level of danger, look how long it took to a third-party technician to issue an unofficial fix, and contrast that to the average response time of Microsoft.

SnakeChomp wrote: Realize this before making accusations that microsoft sucks at writing compilers, because VC7.1 and now VC8 are some of the best (and most compliant) C++ compilers in existance.

And these are some of the few "only one supported platform"-compilers.

Regards
Michael