jueves, febrero 17, 2005

Un problema de arquitectura?

Un artículo de Builder.com (link en el título de esta nota), recoje la crítica de James Gosling, de Sun, sobre la decisión de Microsoft de soportar C y C++ en el esquema de ejecución de .NET . Gosling, "padre del lenguaje Java", dijo en Sydney en la primera semana de febrero, que esto crea un agujero de seguridad, y que éste es "one of the biggest and most offensive mistakes that they could have made", uno de los más ofensivos errores que hubieran podido cometer. ¿Por qué?:
(...) the security hole is based upon the fact that several features of the older languages are ambivalent with regards to security: "C++ allowed you to do arbitrary casting, arbitrary adding of images and pointers, and converting them back and forth between pointers in a very, very unstructured way.
(...) Gosling is concerned about "unsafe" code, which is produced by traditional languages like C and C++. Unsafe code is old code that does not strictly follow the rules of type safety that .NET defines, and this sort of code requires additional permissions to execute.
(...)
An important point is that the so-called unsafe code does have the potential to run faster than "managed" code due to some languages' ability to include machine-specific features that may sacrifice platform portability for speed.
Charles Sterling, del lado de Microsoft, sostiene que .NET define distintas clases de código, dentro de las cuales el "código manejado" o "administrado", corre bajo el control de .NET y sus reglas de seguridad. Sterling reconoce que el código "inseguro" tiene la ventaja de estar adecuado a la plataforma, por lo que puede correr más rápido en una plataforma específica. Así, la decisión de usar código seguro o inseguro, es una decisión de cuánto riesgo se quiera aceptar:
the choice between the two platforms is all about risk: if developers are willing to "accept the risk" of unsafe code then they may gain access to "the best performance system on the planet."

No hay comentarios.: