On Programming: Why Ruby and SQL are Fundamentally Wrongs

Jack Schwartz once told me that he had spoken with E. J. Codd early on in the days when Codd was creating SQL. Jack said he had suggested that SQL was misguided in that the best way to design a database-specific language was to apply the lessons learned by mathematicians over a century ago when modern set theory was created.

That is, SQL should have been SETL, or a slight modification thereof.

That Jack was right can be found by perusing any of the religious-like texts that attempt to explicate SQL. See for example Microsoft SQL Server: Higher-Precision System Date and Time Functions, or SELECT – Transact-SQL, which says in part:

<SELECT statement> ::=
    <query_expression> 
    [WITH <common_table_expression> [,...n]]
    [ ORDER BY { order_by_expression | column_position [ ASC | DESC ] } 
  [ ,...n ] ] 
    [ COMPUTE 
  { { AVG | COUNT | MAX | MIN | SUM } ( expression ) } [ ,...n ] 
  [ BY expression [ ,...n ] ] 
    ] 
    [ ] 
    [ OPTION (  [ ,...n ] ) ] 
 ::= 
    {  | (  ) } 
    [  { UNION [ ALL ] | EXCEPT | INTERSECT }
         | (  ) [...n ] ] 
 ::= 
SELECT [ ALL | DISTINCT ] 
    [TOP ( expression ) [PERCENT] [ WITH TIES ] ] 
     
    [ INTO new_table ] 
    [ FROM { <table> } [ ,...n ] ] 
    [ WHERE  ] 
    [  ] 
    [ HAVING  ] 

This is elegant only in that it artfully combines*both* gibberish and rubbish in a deadly potpourri.

I’m sure Jack would have made the same suggestion to the Ruby team. For example, I just headed over to Ruby – A Programmer’s Best Friend. The lead article was DoS vulnerability in BigDecimal!

It says in part:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

ActiveRecord relies on this method, so most Rails applications are affected by this. Though this is not a Rails-specific issue.
Impact

An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as:

BigDecimal(“9E69999999”).to_s(“F”)

Simply put, to use Ruby is to launch a denial of service attack on the rational numbers! How irrational is that?

Insanely large number? You idiots. Even “google” — 10**100 — is not large. For example, let g1 = 10**100. Then construct the series, g2=g1**g1, g3 = g2**g2, and so forth. [1]

No number is insanely large..

Some so-called language designers are, however, insanely stupid. They can’t even count!

Programmer’s Best Friend?

You idiots.


Every real programmer knows that a programmer’s best friend is assembly language.

Real programmers write code, not gibberish.

Real programmers can count, too. In decimal, hexadecimal, octal, and binary. For example, I once used a circular hexadecimal-decimal slide rule to help me wade through System/360 core dumps.[2]
Note:

1. It remains an open question whether any of Google’s “engineers” can count anything besides money, though at least they have to master scientific notation to parse their biweekly paychecks: $1,000,000 = $1e6, and so forth.

2. I set the cursor to the base register address so I could then determine the offsets on a load map or listing from the absolute values given in the core dump.

The slide rule, along with my custom-built pool cue, NYC Taxicab license and coin-changer, as well as my NYC peddler’s permit that I used to sell baloons, are among the possessions that I misplaced many years ago. Damn.

I don’t miss hexadecimal arithmetic, save for its artful use in picking WiFi router passwords.

Advertisements

3 Comments

  1. Steven Hoff
    Posted July 20, 2009 at 15:47 | Permalink | Reply

    Quote:
    “Every real programmer knows that a programmer’s best friend is assembly language.”

    Dear Lord, I do hope you are simply being facetious. If not, then I would ask you why bother even with the assembly language abstraction, REAL programmers write in binary.

    Dave replies:

    If a so-called programmer doesn’t know at least two assembly languages — for RISC and CISC — at an expert level, then they don’t have basic knowledge about how computers operate. Evidence suggests that fewer than 1 in 1000 working programmers have this knowledge. The proof of the pudding can be found in the poor quality of many current implementations of programming languages. CPython and PHP are cases in point.

    • ben
      Posted July 25, 2010 at 00:12 | Permalink | Reply

      God, I think you are into semantic gap. I mean how to translate from one ‘language’ (human) to another (machine) is not exactly a well known science, as far as i know of.

      I mean, why you want to bother the poor 999 programmers out of the 1k about such BS, as that wont earn them the paycheck, savvy (sig)?

      Although the 1 out of 1k, or more likely somebody such as Dijkstra or some such is enough for the rest of us do the honor of copy and paste, isnt it? cause the rest of the humanity cant even perform that.

    • Chris
      Posted August 16, 2010 at 05:02 | Permalink | Reply

      Real programmers are surely the ones who are productive, rather than reinventing the wheel to soothe their ego – they are writing programs that people actually want 🙂 Not everyone knows everything about computers, indeed, they are complex and multi-layered machines. Not everyone *needs* to know everything about computers. The idea is that they are tool to achieve greater things with. People specialise, and there is a place for assembly language in operating systems, but you wouldn’t get to work by manually feeding fuel into your engine pistons, calculating the correct amount of air to feed in, and manually sparking each piston one at a time. That would be absurd. Just like it would be absurd to build a modern web app in assembly language. You could do it, but most people don’t have that much time, and really, there is no point to doing it.

      And SQL – it’s a tool for a job. It helps relate sets of data in a reasonably understandable way – if you bother to learn SQL that is. Most of the complaints about SQL are from people who don’t want to learn how it works – that’s fine, but the reason it’s used in most relational databases is because it is an appropriate language for an RDBMS. I agree that it’s procedural abilities are often tacked on, but the fundamental language works well for many, many tasks. And that is the point. If a better language becomes more popular for the job, then people will begin to use it. What language you use is neither here nor there, it’s what you can achieve with it which is the point.

One Trackback

  1. […] The “nosql” folks seem to agree with me that SQL is fundamentally wrong. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Pages

  • June 2009
    M T W T F S S
    « May   Jul »
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  
  • RSS The Wayward Word Press

  • Recent Comments

    russurquhart1 on SPITBOL for OSX is now av…
    dave porter on On being the maintainer, sole…
    daveshields on On being the maintainer, sole…
    Paul Tallett on On being the maintainer, sole…
    mrrdev on On being the maintainer, sole…
  • Archives

  • Blog Stats

  • Top Posts

  • Top Rated

  • Recent Posts

  • Archives

  • Top Rated

  • %d bloggers like this: