>Things DO get better. Very few people use raw GOTO statements any more
Depends what you mean by “very few people”. "Goto out" is a popular idiom in the Linux kernel. “Freetext search: goto (17689 estimated hits)” http://lxr.linux.no/linux+v3.12.1/+search=goto Things do get better, it’s just the betterness is not evenly distributed. Regards, Vitaly On Tue, Nov 26, 2013 at 9:19 AM, Will Sargent <[email protected]>wrote: > I generally find it helps to think about the good programmers who would > like to improve but don't know quite how, rather than the worst. > > Things DO get better. Very few people use raw GOTO statements any more. > It's been years since I saw people eval input. I'd say Ruby is better for > purpose than Perl, and Java (and the JVM) is safer than using raw C or C++. > > Ultimately, the nicest thing about using value objects produced from a > recognizer is that it's a richer experience. For the same reason that > people want to use types and abstract data types like Option / Maybe and > Either, they'll want to use value objects. > > > On Mon, Nov 25, 2013 at 12:51 PM, Grawrock, David < > [email protected]> wrote: > >> Nils, this is almost the same as answering the question "what is the best >> programming language". The answer isn't X or Y, it is "well what is the >> program supposed to do". If your answer is always Java, please tell me how >> you are going to write Java code for a device driver that executes during >> early boot, including when memory isn't initialized yet. Don't think Java >> will fit :) >> >> You select the best tool for the job and use that. We have to get >> programmers to understand that one tool doesn't fit all and one way of >> validating and formatting input doesn't work either. >> >> But we HAVE to make this easier to use and understand, with some very >> EXPLICIT helps to get people moving. >> >> David Grawrock >> Security Architect >> 503 264 3642 >> >> -----Original Message----- >> From: [email protected] [mailto: >> [email protected]] On Behalf Of Nils Dagsson >> Moskopp >> Sent: Monday, November 25, 2013 12:36 PM >> To: [email protected] >> Cc: [email protected] >> Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May >> 18, 2014 >> >> [email protected] schrieb am Mon, 25 Nov 2013 >> 10:20:39 -0800: >> >> > […] >> > >> > The hard part is going to be spending the time and effort to integrate >> > with those framework/library/language teams and get your stuff in >> > there and up-to-date. And that's where most solutions fail. But that >> > exactly the same difficulty that the developers face in integrating >> > your work into their apps. >> > >> > Not saying it's right, just that that's how it is. For the best >> > security, we need to minimize the cost of using the systems. >> >> Unfortunately, few things prevent a mediocre programmer writing a quick >> hack that subverts the purpose of software designed to avoid systemic >> failure. Exhibit A: handlebars.js, <http://handlebarsjs.com/> which >> manages to introduce logic into (logic-less) mustache templates < >> http://mustache.github.io/mustache.5.html>. >> >> Having talked to proponents of e.g. Ruby on Rails and JavaScript, I am >> now firmly convinced that hipster programmers are – by and large – not >> interested in systems that work well or are easy to use, but systems that >> are either popular or give a distinction (ego) benefit. Exhibit B: >> “Power users” who complain that any system unfamiliar to them is hard to >> use, yet “grudgingly” accept the countless annoying idiosyncrasies of their >> preferred “solution”. In the end, programming is pop culture. >> >> -- >> Nils Dagsson Moskopp // erlehmann >> <http://dieweltistgarnichtso.net> >> _______________________________________________ >> langsec-discuss mailing list >> [email protected] >> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >> > > > _______________________________________________ > langsec-discuss mailing list > [email protected] > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
