[langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May 18, 2014
vitaly.osipov at gmail.com
Tue Nov 26 06:21:15 UTC 2013
>Things DO get better. Very few people use raw GOTO statements any more
Depends what you mean by “very few people”. "Goto out" is a popular idiom
in the Linux kernel.
“Freetext search: goto (17689 estimated hits)”
Things do get better, it’s just the betterness is not evenly distributed.
On Tue, Nov 26, 2013 at 9:19 AM, Will Sargent <will.sargent at gmail.com>wrote:
> I generally find it helps to think about the good programmers who would
> like to improve but don't know quite how, rather than the worst.
> Things DO get better. Very few people use raw GOTO statements any more.
> It's been years since I saw people eval input. I'd say Ruby is better for
> purpose than Perl, and Java (and the JVM) is safer than using raw C or C++.
> Ultimately, the nicest thing about using value objects produced from a
> recognizer is that it's a richer experience. For the same reason that
> people want to use types and abstract data types like Option / Maybe and
> Either, they'll want to use value objects.
> On Mon, Nov 25, 2013 at 12:51 PM, Grawrock, David <
> david.grawrock at intel.com> wrote:
>> Nils, this is almost the same as answering the question "what is the best
>> programming language". The answer isn't X or Y, it is "well what is the
>> program supposed to do". If your answer is always Java, please tell me how
>> you are going to write Java code for a device driver that executes during
>> early boot, including when memory isn't initialized yet. Don't think Java
>> will fit :)
>> You select the best tool for the job and use that. We have to get
>> programmers to understand that one tool doesn't fit all and one way of
>> validating and formatting input doesn't work either.
>> But we HAVE to make this easier to use and understand, with some very
>> EXPLICIT helps to get people moving.
>> David Grawrock
>> Security Architect
>> 503 264 3642
>> -----Original Message-----
>> From: langsec-discuss-bounces at mail.langsec.org [mailto:
>> langsec-discuss-bounces at mail.langsec.org] On Behalf Of Nils Dagsson
>> Sent: Monday, November 25, 2013 12:36 PM
>> To: travis+ml-langsec at subspacefield.org
>> Cc: langsec-discuss at mail.langsec.org
>> Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May
>> 18, 2014
>> travis+ml-langsec at subspacefield.org schrieb am Mon, 25 Nov 2013
>> 10:20:39 -0800:
>> > […]
>> > The hard part is going to be spending the time and effort to integrate
>> > with those framework/library/language teams and get your stuff in
>> > there and up-to-date. And that's where most solutions fail. But that
>> > exactly the same difficulty that the developers face in integrating
>> > your work into their apps.
>> > Not saying it's right, just that that's how it is. For the best
>> > security, we need to minimize the cost of using the systems.
>> Unfortunately, few things prevent a mediocre programmer writing a quick
>> hack that subverts the purpose of software designed to avoid systemic
>> failure. Exhibit A: handlebars.js, <http://handlebarsjs.com/> which
>> manages to introduce logic into (logic-less) mustache templates <
>> now firmly convinced that hipster programmers are – by and large – not
>> interested in systems that work well or are easy to use, but systems that
>> are either popular or give a distinction (ego) benefit. Exhibit B:
>> “Power users” who complain that any system unfamiliar to them is hard to
>> use, yet “grudgingly” accept the countless annoying idiosyncrasies of their
>> preferred “solution”. In the end, programming is pop culture.
>> Nils Dagsson Moskopp // erlehmann
>> langsec-discuss mailing list
>> langsec-discuss at mail.langsec.org
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss