Comments for The Library of Assorted Spiffy Things

21 Jul 2003 23:49 mejenn01

Re: Don't use for the string ADT APIs
Again, you have not provided any information (either here, or (preferably) via e-mail) on what, if any, buffer overflows exist in the string object. If you have any pertinent information, please provide it.

21 Jul 2003 13:13 nevyn

Re: Don't use for the string ADT APIs

> contrary to your web site,
> LibAST does have a test suite which is
> included with every source tarball,
> including the release of 0.5 (on which
> you presumably based your "review").
%
> You've already made your point on your
> web site. The only logical reason you
> could have for posting a comment here is
> to advertise your own "competing" work.
> A rather childish act, to say the
> least.
>

I apologize, I'm not sure how I missed the test suite. I corrected this as soon as I got your comment.

My reason wasn't necessarily that people would use Vstr, as much as they would hopefully not use your string APIs based on you beign well known, in the community. I'd be more than happy if people used SafeStr, or even glib, as that would drastically reduce their chance of producing buffer overflows.

And if I get to patch one less buffer overflow because I was "childish", I will happily make that trade.

I've included a response section, so feel free to email me with a different URL. At the moment I've linked directly to your comment.

02 Jun 2003 18:40 mejenn01

Re: Don't use for the string ADT APIs


I've read your comparison page previously. My initial reaction was disappointment that a former co-worker of mine lacked the courtesy to discuss my work with me personally rather than posting information on his web site that was at least in part inaccurate.


For the record, I have read your comments and have taken them under advisement. Particularly the namespace issue is of concern to me, and I am in the process of correcting that. Furthermore, contrary to your web site, LibAST does have a test suite which is included with every source tarball, including the release of 0.5 (on which you presumably based your "review"). And finally, the LibAST objects are still works in progress; the string API in particular is not intended as a universal solution to all data storage needs. Specifically, storage of non-NUL-terminated strings will utilize a different object (one that is NOT a string, but rather a data buffer, since strings in C are ALWAYS NUL-terminated) which has not been written yet.


You've already made your point on your web site. The only logical reason you could have for posting a comment here is to advertise your own "competing" work. A rather childish act, to say the least.


LibAST is more than just a string API. If that's all someone needs, they're certainly welcome to use something else, like vstr. However, I'm sure they can make such a decision without your advertising on the pages of other projects.

02 Jun 2003 17:59 nevyn

Re: Don't use for the string ADT APIs

> If you have constructive criticism to
> make, James, please feel free.
> Otherwise, you're just a troll.
>

The information on the link seems pretty self explanetary to me (and I know you're inteligent enough to understand it). So then copying and pasting section of the string API comparison document (http://www.and.org/vstr/comparison.html) titled "libast (formerly libmej)" and then also pasting the libast/patrick powel sections of the prinitf comparison document (http://www.and.org/vstr/printf_comparison.html), doesn't seem like what you'd be asking me to do either ... so I can only presume you read my comment, didn't like the tone and so replied instead of reading.

If you aren't sure what I'm saying in any of the info., or want more info. then feel free to email etc. ... I'm not out to get you, I'm just sick of C programers using half useful string APIs, getting it wrong and making me watch bugtraq everyday.

01 Jun 2003 14:45 mejenn01

Re: Don't use for the string ADT APIs
If you have constructive criticism to make, James, please feel free. Otherwise, you're just a troll.

31 May 2003 15:20 nevyn

Don't use for the string ADT APIs

The parts of the library to do with string manipulation don't provide a safe string ADT, and the implmentation of the printf() like function is broken. I'd recommend at least looking at your other options at this comparison page (http://www.and.org/vstr/comparison.html).

16 Aug 2002 03:03 mswieton

how... nifty!
Dude, this lib rules!

Also, mad props to whoever picked the name: It has to be the best name ever!

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.