From: Oliver Wong on

"Alfredo Novoa" <alfredo_novoa(a)hotmail.com> wrote in message
news:1138628504.735894.120650(a)z14g2000cwz.googlegroups.com...
> Hi,
>
>>If true, then we are in for some nasty SQL viruses.
>
> No, because TC has nothing to do with viruses. To develop viruses we
> need to have access to low the level operating system API.

If we define "Virus" as a (sub-)program which attaches itself to other
programs, then yes, any computing device that is a Universal Turing Machine
is capable of hosting viruses. Programs are stored on the tape, and programs
are capable of modifying the tape. Determistic Finite Automatas can't modify
the location where programs are stored (i.e. the states themselves), and so
there are no DFA viruses, for example.

- Oliver


From: Patrick May on
"topmind" <topmind(a)technologist.com> writes:
> > > To keep the discussion on track, I will generally stick to biz
> > > apps here.
> >
> > What exactly do you mean by "biz apps?" Are you using that
> > term as a synonym for "CRUD data pipelines?"
[ . . . ]
> Call them whatever you want. Unless you can show a public example
> and why it is more "complex" then something else, that is not really
> usable info. Anecdotes and personal internal opinions are a dime a
> dozen.

You failed to answer the question. What exactly do you mean by
the term "biz app?" Do you consider systems like OSSs,
MRP/ERP/Financials integration, and clearing and settlement systems to
be business applications or do you limit that term to describe CRUD
processing?

> > > Most non-trivial biz apps will be helped by a RDB. I have seen
> > > very few exceptions given.
> >
> > That's not the point under discussion. You asked why tables
> > don't model problem domains as well as OO constructs. That
> > question has been answered.
>
> Not. No specific scenarios given.

If you feel the arguments presented by myself and, more
eloquently, Mr. Lahman unconvincing, please identify your specific
concerns. Your rhetorical ploy of asking for scenarios that you will
then use to take the discussion down multiple ratholes is easily
recognized given your history and is no less disingenuous now than it
has ever been.

The answers given to you have been given are independent of
particular scenarios. Here is the history for your convenience:

> > > You asked "But how are tables less close to the domain than
> > > classes, methods, and attributes?" The answer is, they lack
> > > behavior. The most common language for manipulating tables is
> > > SQL and it is not as powerful as general purpose OO languages.
> >
> > How does not covering the entire behavior spectrum make it "less
> > close" to the domain?
>
> As Mr. Lahman has eloquently pointed out, only CRUD/USER
> applications map directly to the relational model. Other
> applications require different models of both data and behavior.
> Since SQL has a limited support for modeling behavior relative to
> general purpose languages, by your own admission, it is less capable
> of reflecting the abstractions of problem domains other than those
> of CRUD data pipelines.

What objections do you have to that position?

> [Deleted mutator issues. Mutators immaterial to this discussion]

Another claim you are unable to support. How unsurprising.

> > So yet again you have made a bunch of unfounded assertions
> > with no capability or intention of backing them up. Have you even
> > a passing acquaintance with the concept of intellectual honesty?
>
> No, you are just trying to make an international tribune out of side
> opinions. If you wish to know if a claim of mine is something
> formal, then please ask.

So the base assumption should be that you are spewing
unsubstantiated nonsense unless you clearly state otherwise? That was
my working assumption, but I'm surprised to see you admit it.

Flaming aside, making claims that you cannot or will not support
in the course of a public discussion is grossly dishonest. You use
these assertions to argue against well-supported positions of other
participants in this newsgroup. Do you really want to publicly state
that all of your statements should be consider lies unless labeled
otherwise?

> > You are, I suspect deliberately, avoiding the point. You
> > asserted that all NFRs in an enterprise system could be met by
> > 'purchasing a "big-iron" RDBMS.
>
> I did NOT say ALL! My statement has been misrepresented here.

Your exact words were:

I would note that a lot of the issues you mentioned, such as
performance, scalability, resiliency, and recoverability can be
obtained by purchasing a "big-iron" RDBMS such as Oracle or DB2.

In context, this is clearly a claim that performance, scalability,
resiliency, and recoverability can be provided to enterprise systems
solely through the use of Oracle or DB2. Anyone willing to look
through the thread will see that you were attempting to convey the
idea that big RDBMSs are all that is necessary to meet the needs of
enterprise systems. That's nonsense.

> > Again, you appear to be deliberately missing the point. It
> > isn't a matter of ACLs failing, it's a matter of them not even
> > being capable of addressing the security requirements that are met
> > by systems like Kerberos.
>
> What is the difference? Just pick something that Kerbo does well and
> show why RDB/ACL's fail it. Why are you resisting?

Since you clearly aren't interested in learning anything about
the topic you're embarrassing yourself about, even when pointers to
the documentation are provided, here is a quick summary for you.

Kerberos is a service that allows mutual authentication between
users and services in a distributed system. By design, it avoids the
need to re-enter passwords for each interaction. What is important to
this discussion is the protocol. Simply having ACL information
accessible via a database provides no value against the threat models
addressed by Kerberos.

Realize that this is just one set of security requirements
typically found in enterprise systems and you will see why your
statement that "security is mostly just massive ACL tables" is
laughable.

Sincerely,

Patrick

------------------------------------------------------------------------
S P Engineering, Inc. | The experts in large scale distributed OO
| systems design and implementation.
pjm(a)spe.com | (C++, Java, Common Lisp, Jini, CORBA, UML)
From: Patrick May on
"topmind" <topmind(a)technologist.com> writes:
> > > Even assembler has a lot of implementations. They claimed
> > > "significantly less code". I gave them a sample application and
> > > they made up every (lame) excuse under the sun. But that is
> > > another matter. FP is not the topic.
> >
> > I ask this question for the same reason and much the same
> > feeling as when I take a good look at a serious accident
> > encountered on the highway, but could you please point me to the
> > location of this discussion?
>
> Sure. You will fit right in with the "We don't need no stinkin'
> public evidence" crowd there. What is yet one more anecdite.

Given your history of repeatedly refusing to support your
assertions, your snide comments are not only unjustified but
outrageously hypocritical.

> http://c2.com/cgi/wiki?ChallengeSixVersusFpDiscussion

Thank you for the link.

Sincerely,

Patrick

------------------------------------------------------------------------
S P Engineering, Inc. | The experts in large scale distributed OO
| systems design and implementation.
pjm(a)spe.com | (C++, Java, Common Lisp, Jini, CORBA, UML)
From: topmind on
> > > What exactly do you mean by "biz apps?" Are you using that
> > > term as a synonym for "CRUD data pipelines?"
> [ . . . ]
> > Call them whatever you want. Unless you can show a public example
> > and why it is more "complex" then something else, that is not really
> > usable info. Anecdotes and personal internal opinions are a dime a
> > dozen.
>
> You failed to answer the question. What exactly do you mean by
> the term "biz app?" Do you consider systems like OSSs,
> MRP/ERP/Financials integration, and clearing and settlement systems to
> be business applications or do you limit that term to describe CRUD
> processing?

I don't want to get into another definition battle about what a "biz
app" is. I generally deal with custom biz apps so I cannot say much
about packaged biz apps such as SAP. If you claim DB's stink for SAP, I
probably won't challenge it.

If you want an example to reference and talk about, how about:

http://c2.com/cgi/wiki?CampusExample

Most degreed readers can relate to such an example fairly well because
they've spent 4+ years at one.


>
> > > > Most non-trivial biz apps will be helped by a RDB. I have seen
> > > > very few exceptions given.
> > >
> > > That's not the point under discussion. You asked why tables
> > > don't model problem domains as well as OO constructs. That
> > > question has been answered.
> >
> > Not. No specific scenarios given.
>
> If you feel the arguments presented by myself and, more
> eloquently, Mr. Lahman unconvincing, please identify your specific
> concerns.

They don't provide specific demonstrations. They rely too heavily on
fuzzy words and anecdotes.

> Your rhetorical ploy of asking for scenarios that you will
> then use to take the discussion down multiple ratholes is easily
> recognized given your history and is no less disingenuous now than it
> has ever been.

I'm guilty until proven innocent?

> > As Mr. Lahman has eloquently pointed out, only CRUD/USER
> > applications map directly to the relational model. Other
> > applications require different models of both data and behavior.
> > Since SQL has a limited support for modeling behavior relative to
> > general purpose languages, by your own admission, it is less capable
> > of reflecting the abstractions of problem domains other than those
> > of CRUD data pipelines.
>
> What objections do you have to that position?

He is using the "thing must be potentially capable of being the whole
app" definition of "general purpose". I have rejected that def of
"general purpose" for reasons I don't want to repeat again regarding
the "Yin-Yang" debate.


> > > You are, I suspect deliberately, avoiding the point. You
> > > asserted that all NFRs in an enterprise system could be met by
> > > 'purchasing a "big-iron" RDBMS.
> >
> > I did NOT say ALL! My statement has been misrepresented here.
>
> Your exact words were:
>
> I would note that a lot of the issues you mentioned, such as
> performance, scalability, resiliency, and recoverability can be
> obtained by purchasing a "big-iron" RDBMS such as Oracle or DB2.
>
> In context, this is clearly a claim that performance, scalability,
> resiliency, and recoverability can be provided to enterprise systems
> solely through the use of Oracle or DB2. Anyone willing to look
> through the thread will see that you were attempting to convey the
> idea that big RDBMSs are all that is necessary to meet the needs of
> enterprise systems. That's nonsense.

Sorry, but I don't see anything that implies "all". Note "a lot of" in
the opening sentence.

Lot != All

> > What is the difference? Just pick something that Kerbo does well and
> > show why RDB/ACL's fail it. Why are you resisting?
>
> Since you clearly aren't interested in learning anything about
> the topic you're embarrassing yourself about, even when pointers to
> the documentation are provided, here is a quick summary for you.
>
> Kerberos is a service that allows mutual authentication between
> users and services in a distributed system. By design, it avoids the
> need to re-enter passwords for each interaction. What is important to
> this discussion is the protocol. Simply having ACL information
> accessible via a database provides no value against the threat models
> addressed by Kerberos.
>
> Realize that this is just one set of security requirements
> typically found in enterprise systems and you will see why your
> statement that "security is mostly just massive ACL tables" is
> laughable.

That statement was a mistyping on my part, as already pointed out. It
should have said, "security can be done with mostly just massive ACL
tables". I was describing a scenario there, not meaning to paint the
scenario as representative of everything.

If you are claiming that ACL's cannot do "mutual authentication", then
simply say so. Is that what you are claiming?

>
> Sincerely,
>
> Patrick
>

-T-

From: topmind on

Dmitry A. Kazakov wrote:
> On 1 Feb 2006 19:14:42 -0800, topmind wrote:
>
> > Dmitry A. Kazakov wrote:
> >> On 31 Jan 2006 19:36:38 -0800, topmind wrote:
> >>
> >>> Relational normalization is
> >>> driven pretty much by avoiding duplication (at least the first 3
> >>> "laws"). OO tends to duplicate interface patterns such as add, change,
> >>> delete, sort, etc. for each class. It does not factor similar "database
> >>> verbs" into one spot, replicating them per class (with "creative"
> >>> twists for each personality). And many-to-many in OO often results in
> >>> two-way pointers.
> >>
> >> The difference is between one type and multiple types. Relational model
> >> deals with *one* class: table. OO tries to handle more than one class.
> >> Consider tables of types instead of tables of objects, and we'll see if
> >> that will be any simpler.
> >
> > I don't believe in "types" as a useful model, at least not for my
> > domain.
>
> That's up to you, but there is no any viable alternative. The point is that
> the relational model is a particular case of more general typed model. Then
> you aren't sincere. In SQL you are using types like integers, strings and
> some others. If you didn't believe in them, then you should have replaced
> them all with relations. Note that mathematically it is quite possible. Now
> the question, why didn't you?

Related discussion:

http://c2.com/cgi/wiki?DoesRelationalRequireTypes

The "expression engine" can be logically seperated from a relational
engine it appears to me. As long as the expression engine supports
equality comparisons (less than, equal, etc.), then relational can
operate on it. (And possibly only just equal or not equal are needed.
Need more pondering on this.) SQL is a specific language with certain
constructs hard-wired in. However, SQL is not the end-all-be-all of
relational nor query languages.

Thus, if somebody wanted to include imaginary numbers in a relational
query language, in theory they could without busting relational. It
demands very little of the underlying expression model.

>
> > If I was forced to be an OO'er, I would probably take Smalltalk
> > or Python over Java or Eiffle.
>
> They all are typed, as well as SQL. It is impossible to have a truly
> untyped language. You might reduce it to a very narrow or singleton set of
> types, but not further. There could only be well and poorly typed
> languages.

Well, this gets into a sticky issue of a definiton of types. Let me
just put it this way: "a reduction of a reliance on types to model the
domain". In other words, the language may have a few native "types"
(functions, arrays, variables) to serve as the building blocks.
However, one does not add new "types" to model the domain in such
languages, rather using other approaches instead (schemas, functions,
etc.).

>
> >>>>> Yes, mass repetative verbose static Set/Get's.
> >>>>
> >>>> There are bad languages, which don't fully implement ADT. So?
> >>>
> >>> Converting attribute-driven interfaces into ADT's is still pretty much
> >>> Set/Get.
> >>
> >> They implement attribute access. It is up to the language to provide
> >> X.Attribute notation rather than nasty X.Get_Attribute. I don't see any
> >> problem here.
> >
> > For simple stuff it might be okay, but for more complicated stuff it
> > turns into a Bachmanian navigational mess. For example, specifying
> > many-to-many relationships.
>
> Between what an what? Again, with one table type you have
>
> X."Attribute" or (X."A1" and X."A2" and X."A3" ...)
>
>
> instead of
>
> X.Attribute or (X.A1 and X.A2 and X,A3 ...)
>
> See what is different?

Indirection?

>
> It is up to you to map things to types or to objects. There is no best
> choice. In each concrete case the software designer shall reconsider it
> anew.

Well, if everything you are considering is an attribute, then you will
have a kind of database anyhow, just a navigational one in your case.
But that is not usually what is done, so it is only a speculative
situation.

>
> >>>> What about inserting when no
> >>>> row exists and updating otherwise?
> >>>
> >>> MySql has a command just for this.
> >>
> >> The advantage of ADT is that you can define that command and provide an
> >> implementation for. SQL does not have proper ADT, otherwise people would do
> >> higher-level programming directly in SQL. The methodology of higher-level
> >> programming is OO.
> >
> > I can write a function to do the same thing. However, function
> > interfaces to such are often not as flexible as query-based interfaces.
>
> How INSERT is different from user function? Why is it more flexible?

Because SQL stinks in certain areas. And, there are cases where a
procedural interface may be more appropriate than a declarative one. I
don't dispute that. I never claimed SQL or relational was best for the
*entire* app. Sometimes use Yin, sometimes Yang.

>
> > Ideally the query language would be extendable if a DBA etc. wanted to
> > add an operation to it. However, SQL's excessively complex syntax makes
> > such very difficult. SQL has some weak spots, I will agree. However, no
> > standard is perfect and the current alternatives are net uglier.
>
> And the only good way to extend languages is by letting user to define
> ADTs! [ In 60-70s there was a lot of extendable languages in the sense of
> syntax-extensible. They all are gone, because programs were unreadable and
> unmaintainable. ]

There is a certain balance between standards and flexibility.
Relational reigns in the some of "creativity" found in navigational
structures, and this is usually a good thing. Sure, there are
side-effects that can be annoying, but it is the net benefits that
count.

>
> --
> Regards,
> Dmitry A. Kazakov
> http://www.dmitry-kazakov.de

-T-