well put Aaron - bluntness is required at times, when there is clearly a
right and a wrong;
it's amazing how mis-applied "macho" is so common even amongst us geeks :)
Aaron J. Seigo wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 20, 2004 08:30, s. keeling wrote:
That's funny. A guy I know who, in my crowd, is generally considered
one of the best writes his CGI's in C specifically for security
reasons.
LOL. r-r-r-ight ... languages that require manual mem management (inc bounds
checking on arrays and buffers) are SO much safer than those that don't. esp
when the data coming in is predominantly user supplied over an untrusted
network. i'd just LOVE to hear this fellow enumerate the "security
advantages" of C over, say, Perl or PHP for CGI. would make for a good laugh
over beer ...
i wonder if he's ever considered maintainability, including by others who may
not be as skilled, clever or brash as he. i'd also be interested in how he
tests his code; e.g. does he have an automated testing harness for his CGIs
that provides 100% code coverage and which he runs regularly? of course, C
programmers often spurn such unecessary details. =/
Bad or sloppy programmers can write bad or sloppy code in
any language.
it's like saying that since i'm really good with guns, i remove the safeties
from the ones i own[1]. i mean, stupid or clumsy people can make a hole in
their foot with any sufficently heavy/sharp object, right? so what do i need
with a gun safety if i'm not stupid or clumsy? oh. right. i'm *HUMAN*.
the machismo that turns "bad programmers write bad code, regardless of the
language" into "i write in a language with maximum dangers because i'm not a
bad programmer in my opinion" is EXACTLY what's wrong with so many Free/Open
Source Software projects when it comes to security and other types of general
sanity. it's a blatantly stupid way of thinking, one that keeps getting the
community in general into trouble.
one of the hallmarks of a master is that they know their limits and know which
tools are best for which job regardless of the machismo factor. your friend,
no matter how good he can sling the code, is obviously no master.
i'm sorry to be so blunt and harsh, but such attitudes are the antithesis of
the progress we so desparately need to make.
[1] i don't actually own any guns. =)
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
while (!horse()); cart();
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFArbpj1rcusafx20MRAhuYAJ46Pgr+cDIG+54WYcE30GKzsNlADgCfURzb
QD7fooYoOxv3+njmrvtNixE=
=oaKI
-----END PGP SIGNATURE-----
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
