[langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May 18, 2014

Vitaly Osipov vitaly.osipov at gmail.com
Tue Nov 26 06:21:15 UTC 2013


>Things DO get better.  Very few people use raw GOTO statements any more

Depends what you mean by “very few people”. "Goto out" is a popular idiom
in the Linux kernel.

“Freetext search: goto (17689 estimated hits)”

http://lxr.linux.no/linux+v3.12.1/+search=goto

Things do get better, it’s just the betterness is not evenly distributed.

Regards,
Vitaly


On Tue, Nov 26, 2013 at 9:19 AM, Will Sargent <will.sargent at gmail.com>wrote:

> I generally find it helps to think about the good programmers who would
> like to improve but don't know quite how, rather than the worst.
>
> Things DO get better.  Very few people use raw GOTO statements any more.
>  It's been years since I saw people eval input.  I'd say Ruby is better for
> purpose than Perl, and Java (and the JVM) is safer than using raw C or C++.
>
> Ultimately, the nicest thing about using value objects produced from a
> recognizer is that it's a richer experience.  For the same reason that
> people want to use types and abstract data types like Option / Maybe and
> Either, they'll want to use value objects.
>
>
> On Mon, Nov 25, 2013 at 12:51 PM, Grawrock, David <
> david.grawrock at intel.com> wrote:
>
>> Nils, this is almost the same as answering the question "what is the best
>> programming language". The answer isn't X or Y, it is "well what is the
>> program supposed to do". If your answer is always Java, please tell me how
>> you are going to write Java code for a device driver that executes during
>> early boot, including when memory isn't initialized yet. Don't think Java
>> will fit :)
>>
>> You select the best tool for the job and use that. We have to get
>> programmers to understand that one tool doesn't fit all and one way of
>> validating and formatting input doesn't work either.
>>
>> But we HAVE to make this easier to use and understand, with some very
>> EXPLICIT helps to get people moving.
>>
>> David Grawrock
>> Security Architect
>> 503 264 3642
>>
>> -----Original Message-----
>> From: langsec-discuss-bounces at mail.langsec.org [mailto:
>> langsec-discuss-bounces at mail.langsec.org] On Behalf Of Nils Dagsson
>> Moskopp
>> Sent: Monday, November 25, 2013 12:36 PM
>> To: travis+ml-langsec at subspacefield.org
>> Cc: langsec-discuss at mail.langsec.org
>> Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May
>> 18, 2014
>>
>> travis+ml-langsec at subspacefield.org schrieb am Mon, 25 Nov 2013
>> 10:20:39 -0800:
>>
>> > […]
>> >
>> > The hard part is going to be spending the time and effort to integrate
>> > with those framework/library/language teams and get your stuff in
>> > there and up-to-date.  And that's where most solutions fail.  But that
>> > exactly the same difficulty that the developers face in integrating
>> > your work into their apps.
>> >
>> > Not saying it's right, just that that's how it is.  For the best
>> > security, we need to minimize the cost of using the systems.
>>
>> Unfortunately, few things prevent a mediocre programmer writing a quick
>> hack that subverts the purpose of software designed to avoid systemic
>> failure. Exhibit A: handlebars.js, <http://handlebarsjs.com/> which
>> manages to introduce logic into (logic-less) mustache templates <
>> http://mustache.github.io/mustache.5.html>.
>>
>> Having talked to proponents of e.g. Ruby on Rails and JavaScript, I am
>> now firmly convinced that hipster programmers are – by and large – not
>> interested in systems that work well or are easy to use, but systems that
>> are either popular or give a distinction (ego) benefit. Exhibit B:
>> “Power users” who complain that any system unfamiliar to them is hard to
>> use, yet “grudgingly” accept the countless annoying idiosyncrasies of their
>> preferred “solution”. In the end, programming is pop culture.
>>
>> --
>> Nils Dagsson Moskopp // erlehmann
>> <http://dieweltistgarnichtso.net>
>> _______________________________________________
>> langsec-discuss mailing list
>> langsec-discuss at mail.langsec.org
>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>>
>
>
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20131126/b9ed5f19/attachment.html>


More information about the langsec-discuss mailing list