commit: 94d4ff1de66cf6c960ecaa44d6f554a599644c3f parent c9f8711a4286b86c0ca7c76df4f4ae67151d3f7e Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> Date: Sun, 18 Apr 2021 10:00:52 +0200 notes/computing-truths.txt: NewDiffstat:
A | notes/computing-truths.txt | 71 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 71 insertions(+), 0 deletions(-)diff --git a/notes/computing-truths.txt b/notes/computing-truths.txt
@@ -0,0 +1,71 @@ +This is inspired by some "CS Falsehoods" that you can find over the internet[1]. +As I do not like having to invert everything I prefer to use truths directly instead, I believe it is more readable this way, at least it makes it easier for me to describe the issues. +I would love to be proved wrong or shown doubts on any of this, thanks a lot if you do. + +- This list isn't absolute truth (but I hope me and you exercise enough doubts) +- Yourself/Academia/Internet/Myself/Chuck Norris/Any Computer/… cannot be always right +- We've yet to discover enough of how computers works to know what we're doing (reminder: it's not because you know how to pile bricks that you're a good architect) +- You can sometimes detect after parsing if a program will or will not end (finite-automata / loop with no end condition) +- You cannot detect for all programs if they will or will not end ("The halting problem") +- Most programs can be made to crash (and under most Operating Systems it's All) +- Cryptography isn't some magic fairy dust to make something secure (it can actually make it worse) +- There is no magic solutions to make something secure, but there is good practices +- You will need actual debugging tools (gdb/lldb, dtrace, ping, tcpdump/wireshark, …), learn them +- Open-Source isn't as different from Libre/Free-software as some people say +- There is only few CS/IT fields where some advanced math knowledge is actually useful (not to say that you shouldn't give it a shot anyway) +- There isn't a programming language where a human can directly build everything they want +- All programming languages interpreters/compilers aren't written in C (see Go, Haskell, Rust, …) +- One does not simply knows how copyright laws works on the internet (hint: that means worldwide) +- Public Domain in most of Europe is only valid for "Copyright Expiration" (consider licences like CC0) +- A large number of lines does not means that the programmer was efficient +- A small program does not means that it runs efficiently +- A version number isn't a good indicator of quality +- Data decays eternally +- You need threat models for your security +- So called "Unique IDs" aren't always unique + +## Correctness +- You can easily assert correction in a program (I do not believe that languages like F* actually do solve this entirely) +- An audit only shows the problems found, it cannot found all of them +- You cannot build an entirely secure machine + +## Parsing +- You cannot parse non-regular languages/formats with one regex +- You cannot entirely validate emails +- You cannot write a parser for all version numbers +- Some regex languages aren't (regular) +- You can parse non-regular languages/formats with multiple regexes (see lex/yacc, awk, perl, …) +- You cannot parse human formats reasonably well +- PEMDAS isn't enough to express Math evaluation priorities + +## Unix maintains bugs +- You cannot trust PIDs to point to the same program at two different times (making uptime part of the IDs would help a lot though) + +## Standards +"The nice thing about standards is that you have so many to choose from." — Andrew S. Tanenbaum; Computer Networks, 2nd ed., p. 254. +- POSIX is not followed by most Unix systems (in fact the certifications seems off/wrong) +- W3C standards first; implementations (maybe) latter +- 2+ implementations first; description in RFCs latter +- Most standards aren't enforced or properly certified (even with considering Correctness issues) + +## Time +- Time sometimes goes backwards (And I believe that you need to be able to set an earlier date during runtime for most operating systems) +- You probably cannot represent time (on earth) in one format correctly (as in, ISO8601 isn't absolute and <a href="https://www.jwz.org/blog/2018/02/timezones/">iCal is a gigantic mess</a>) +- In a human representation: Hours aren't between 0 and 23, Minutes aren't between 0 and 59, Seconds aren't between 0 and 59 +- We do not have a universal way to count seconds, see RFC3339's introduction and https://what-if.xkcd.com/26/ + +## Internet lies +- Files in lossy formats do not loose more data over time than lossless ones + +## Git +- You can rewrite history (git-filter-branch, git-rebase, git-reset, ...) + +## See Also +I would also highly recommend watching https://www.destroyallsoftware.com/talks/ideology which has: +- Functionnal Programming can be efficient enough +- Garbage Collection can be efficient enough +- NULL isn't the only way to represent absence +- Type systems cannot replace tests +- Tests cannot replace types + +1: https://www.netmeister.org/blog/cs-falsehoods.html