Daily Archives: June 17, 2009

On Programming: Why Ruby and SQL are Fundamentally Wrongs

Jack Schwartz once told me that he had spoken with E. J. Codd early on in the days when Codd was creating SQL. Jack said he had suggested that SQL was misguided in that the best way to design a database-specific language was to apply the lessons learned by mathematicians over a century ago when modern set theory was created.

That is, SQL should have been SETL, or a slight modification thereof.

That Jack was right can be found by perusing any of the religious-like texts that attempt to explicate SQL. See for example Microsoft SQL Server: Higher-Precision System Date and Time Functions, or SELECT – Transact-SQL, which says in part:

<SELECT statement> ::=
    [WITH <common_table_expression> [,...n]]
    [ ORDER BY { order_by_expression | column_position [ ASC | DESC ] } 
  [ ,...n ] ] 
    [ COMPUTE 
  { { AVG | COUNT | MAX | MIN | SUM } ( expression ) } [ ,...n ] 
  [ BY expression [ ,...n ] ] 
    [ ] 
    [ OPTION (  [ ,...n ] ) ] 
    {  | (  ) } 
         | (  ) [...n ] ] 
    [TOP ( expression ) [PERCENT] [ WITH TIES ] ] 
    [ INTO new_table ] 
    [ FROM { <table> } [ ,...n ] ] 
    [ WHERE  ] 
    [  ] 
    [ HAVING  ] 

This is elegant only in that it artfully combines*both* gibberish and rubbish in a deadly potpourri.

I’m sure Jack would have made the same suggestion to the Ruby team. For example, I just headed over to Ruby – A Programmer’s Best Friend. The lead article was DoS vulnerability in BigDecimal!

It says in part:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

ActiveRecord relies on this method, so most Rails applications are affected by this. Though this is not a Rails-specific issue.

An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as:


Simply put, to use Ruby is to launch a denial of service attack on the rational numbers! How irrational is that?

Insanely large number? You idiots. Even “google” — 10**100 — is not large. For example, let g1 = 10**100. Then construct the series, g2=g1**g1, g3 = g2**g2, and so forth. [1]

No number is insanely large..

Some so-called language designers are, however, insanely stupid. They can’t even count!

Programmer’s Best Friend?

You idiots.

Every real programmer knows that a programmer’s best friend is assembly language.

Real programmers write code, not gibberish.

Real programmers can count, too. In decimal, hexadecimal, octal, and binary. For example, I once used a circular hexadecimal-decimal slide rule to help me wade through System/360 core dumps.[2]

1. It remains an open question whether any of Google’s “engineers” can count anything besides money, though at least they have to master scientific notation to parse their biweekly paychecks: $1,000,000 = $1e6, and so forth.

2. I set the cursor to the base register address so I could then determine the offsets on a load map or listing from the absolute values given in the core dump.

The slide rule, along with my custom-built pool cue, NYC Taxicab license and coin-changer, as well as my NYC peddler’s permit that I used to sell baloons, are among the possessions that I misplaced many years ago. Damn.

I don’t miss hexadecimal arithmetic, save for its artful use in picking WiFi router passwords.

  • Pages

  • June 2009
    M T W T F S S
  • RSS The Wayward Word Press

  • Recent Comments

    daveshields on SPITBOL for OSX is now av…
    Russ Urquhart on SPITBOL for OSX is now av…
    Sahana’s Respo… on A brief history of Sahana by S…
    Sahana’s Respo… on A brief history of Sahana by S…
    James Murray on On being the maintainer, sole…
  • Archives

  • Blog Stats

  • Top Posts

  • Top Rated

  • Recent Posts

  • Archives

  • Top Rated