Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
On my server I need to be able to run a program provided by a user however I do not trust users to provide code that is not malicious. The programs that are provided should only ever be pure, that is, the result the output only depends on the inputs and running the program has no side effects. To achieve this, I would need to take as input some python code (or js code, or c or java or something else) and then run the code in such a way as to insure there are no side effects. For example, I don't want the user to be able to start running system calls and maybe get up to some mischief. To my knowledge, this is not possible in any main stream language (eg: python, C, js, java etc). Is there a language that does enforce the absence of side effects? I want to be able to run the user provided code and feel safe that nothing will be effected.
If there is no language that does this internally, is there a some kind of 'stripped down' language where one can specify a pure function and companion compiler that can then run the pure function on some input? Ideally I would like any such language to be Turing complete.
Is there a language that does enforce the absence of side effects?
no there is not. Because, languages are general-purpose and not only limited to small area of programming.
I want to be able to run the user provided code and feel safe that
nothing will be effected.
If you want to limit users to run codes that have not side effects, for example sorting algorithms and etc. Indeed, most programing languages have a basic lib like stdio, system, sys that are limited to basic operations and for extra operations like file read/write (side-effects), they need for example File.io to do these kinds of operations.
As a result, You need to check what libs are allowed and what libs are not and also when your security-profiler receives a pure code then it checks what libs are used and are they legal? if false rejects and if true runs.
These words are just minimum valuable solution, Indeed, for a perfect security-profiler you have to spend a lot of times for it.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
In any operating system, which programming language is the most oriented to perform actions, such as:
Delete files from the computer
Add files to the computer
Unzip files automatically
Having many files like 01file.jpg - 02file.jpg, rename them all automatically using regular expressions (this point is very important to me)
And many things like that, which include automating actions that are regularly very tedious to perform.
I do not need the most "appropriate" language, but the one that is generally used for these purposes.
Choice of programming language is obviously a combination of technical factors and personal tastes. However, there are many strengths to Python for doing the tasks you mention in a way that is very portable between different operating systems. The "os" module contains lots of functions for adding/removing files and directories, renaming files, etc. Similarly, the regexp module allows replacing chunks of strings using regular expressions. As for zipfiles, there's a module for that too.
Any language can do these things really, so pick one that you’d want to learn. Python comes by default with lots of libraries, I believe including zip file manipulation, so it may be easier to get going.
From your question, I've inferred that you are looking for a language that is portable and easy to use with low friction in order to perform the operations that you mentioned.
If you mostly work with UNIX-based systems such as macOS and Linux, then shell programming might be a good option, especially considering the basic tasks you require.
The advantages of using the shell is that it's very well suited for the tasks you mention, you can easily alternate between automating your tasks with a shell script or just issuing commands as needed. The syntax can be a little bit surprising for beginners, but for your purposes, you wouldn't need to learn much.
The disadvantages are that there can be small but subtle differences between Operating Systems between commands, so you would need to know about these differences if working on these different platforms was important to you. Also, while you could get a shell like bash to work on Windows, it's nowhere near as convenient as on a UNIX-based OS.
If cross-platform compatibility was very important to you, then using a higher level general-purpose language like Python might be a good option. It has the advantage of being mostly consistent across platforms and abstracting away the differences.
The disadvantage there is that you might need to install Python depending on the platform that you have and you would lose a little bit of the interactivity and flexibility that the shell provides you with. On a UNIX-based machine, you're pretty much in a shell as soon as you fire up your terminal and ready to issue commands, so there is very little friction.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Recently My Project Manger has asked me to work on InterSystems Cache ObjectScript. Earlier i used to work as Java Developer (J2EE). So my question is how different is Cache from java. Comparison would be great to have.
Caché ObjectScript is very different from Java and has very little in common. It is more like dynamically typed compiled scripting language with meta language built in (class definitions) and with a large number of features you need to know to write the good code. All the code is compiled to a low-level (but pretty readable) so-called routine code and is processed by DBMS Caché and its application engine.
Take for example this reference. As you may notice, there are many weird symbols and structures like $, $$, $$$, ##class, &sql(...), &javascript<...>, #dim, $System, .#, $get, $zu(...), %, ^%, { ... }, ... (this list is big). Some of the language features are very unpredictable from the first glance. For example, function $get(...) looks like a fundtion but silently acts like a try/catch statement, as well as $data and some other system functions.
So prepare to work with InterSystems documentation! Also, recently developed InterSystems community is a great resource. And while Googling, you may find quite a few answers out of the internet, but just keep in mind to search with “intersystems” or “objectscript” keywords. But many things you won’t find there, and in this case you should use InterSystems docs or community to ask the questions. Once you will get used to the language (which for me took over 6 months), you will feel more confident in it.
Also it is worth mention that Caché ObjectScript is literally “dinosaur” language, which involves and upgrades over time. That’s why there are so many different features. Some of them you shouldn’t use anymore: for example, instead of writing code in routine, like people did before OOP concepths were introduced, you should use classes. ObjectScript’s JSON capabilities (ability to write JSON inside ObjectScript) was intoduced just approximately 1 year ago. And you may find a plenty of “prehistoric” code in Caché and should take it normally: it is a really huge ecosystem.
Hope this helps, happy hacking!
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
Almost all conventional languages today represent programmers intention as text source, which is then (lets say for sake of simplicity) translated to some bytecode/machine code and interpreted/executed by a VM/CPU.
There was another technique, which, for some reason, isn't that popular theese days: "freeze" the run-time of your VM and dump/serialize the environment (symbol bindings, state, code (whatever that is)) into an image, which you can then transfer, load and execute.
Consequentially, you do not "write" your code in a usual way, but you modify the environment with new symbols, while in "run-time".
I see great advantages to this technique:
Power-boosted REPL: you can introspect your code as you write it, partially evaluate it, test it directly and see the effects of your changes. Then roll back if you've messed up and do it again, or commit it to the environment finally. No need for long compile-run-debug cycle;
Some of the usual problems about dynamic languages (that they cannot be compiled, as compiler cannot reason about environments statically) are obliviated: the interpreter knows where what is located and can subsitute symbol references with static offsets and do other optimizations;
It's easier on programmer's brain: you "offload" different contextual information about the code from your head, i.e. you don't need to keep track about what your code has already done to some variable/data structure or which variable holds what: you see it directly in front of your eyes! In the usual way (writing source), programmers add new abstractions or comments to the code to clarify intents, but this can (and will) get messy.
The question is: what are disadvantages of this approach? Is there any serious critical disadvantage that I am not seeing? I know, there are some problems with it, i.e.:
try building a module system with it, that will not result in dependancy hell or serious linkage problems
security issues
try to version-control such images and enable concurrent development
But these are, IMHO, solvable with a good design.
EDIT1: concerning status "closed,primarily opinion-based". I've described two existent approaches and it is clear and obvious that one is preferred over another. Whether the reasons for that are purely "opinion-based" or there is a reasearch to back this up, is unknown to me, but even if they are opinion-based, if someone would list these reasons for such an opinion to develop, it should, actually, answer my question.
As a daily user of smalltalk, I've to say I haven't found any fundamental disadvantages and have to agree that there are lots of advantages.
It makes metaprogramming, reasoning about your program easy, and much better supports refactoring and code rewriting.
It requires/develops a different way of looking at your code, though. Smalltalk has little to offer to developers who are not interested in abstraction
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
Now that Apple relaxed the restrictions on developer tools/programs, I wonder what tempts developers to other languages than Apple offers by default, Objective-C, which is quite fun to program with. What missing feautures makes you not to program with it but something else?
Lack of Objective-C expertise or a large/complex code base in another language would be among common reasons.
Cross-platform coding might well be another.
I haven't done any iPhone development yet, but generally speaking, here's a few reasons:
Cross-platform development
The other language suits your coding style better
The other language is a better tool for the job
You are comfortable in the other language and don't have the time / budget / motivation to learn Objective-C
Existing libraries / codebase
Specific tools you might want to use
Testing some concepts in Objective-C can sometimes be kind of tedious to set up. Sometimes you just want to see how a single method works or play around with an object's functionality to see how it works.
Setting up a new project is somewhat tedious, and it's not always feasible to incorporate the test code in to a new project.
In this case, I do one of two things:
Keep an empty project around specifically for testing things
Drop down to the Terminal and use irb (or PyObjC) to play with the objects in Ruby or Python.
In a nutshell, the thing that's missing is the ability to use Objective-C in an interpreted manner. You have to use another language (like Ruby or Python) to do this.
I recently wrote some networking code in Python, then had to translate it into Objective-C for use on the iPad. A typical line of clear Python would become five or ten lines of busy-work C. I just work faster in higher-level lanugages; the language puts up less resistance, requires fewer forms to be filled out.
I have ported a couple of tiny language interpreters (for my own use, not for App store distribution) to the iPhone. This allows me to write short snippets of code on the road, without having to carry my Mac, and run them locally. I don't know of any small Objective C interpreters, and the language is not really designed for interactive use.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
In a content management system, moderators have to approve changes to existing articles. Currently the system shows the old and the revised version of the text in plain text. It is a pain to find the actual differences.
In GoogleDocs, there is a 'Compare revisions' feature which highlights the differences between two documents.
If there a free component out there that does the same thing?
If not, would you write such a component in JavaScript or on the server side?
All the usual diff tools are desktop applications.
John Resig wrote one in JavaScript that looks interesting.
Here it is.
Try Pretty Diff tool. It is based upon jsdifflib, but is enhanced to highlight per character differences and rebuilt for speed. It also compares minified code to unminified code. It is entirely written in JavaScript and supports JavaScript, CSS, and XML/XHTML input.
http://prettydiff.com/
jsdifflib looks like an interesting javascript-based client side library. I would lean strongly toward a client-side implementation if it provided the features that you needed. Why tax your servers on presentation logic when you're already handing the client the data anyway?
The Diff, Match and Patch Library is available with an identical API in JavaScript, Java, C#, Python, and other languages. (It seems to have been and may still be the one used in Google Docs.)
There is an online demo of the HTML output of the diff'ing options.
Given the identical API available on both client- and server-side languages, it should be easier to make a switch between them should you decide you want to...
If you're working with PHP, you may find SimpleDIFF to be helpful.
Check out the JavaScript diff library wikEd diff. It is used on Wikipedia in the gadget wikEdDiff for exactly the asked purpose to compare revisions of articles. The free (public domain) library can detect and highlight block moves, works on the word/character level, and spits out a nicely formatted text with insertions, deletions, moved blocks, and their original positions marked up. See the online demo to play with settings.