when will we see a language in popular use other than modula 2 with multilevel cycles and exits is the question ... specific better is better than vague better :)
On Tuesday, November 26, 2013, Vitaly Osipov wrote: > >Things DO get better. Very few people use raw GOTO statements any more > > Depends what you mean by “very few people”. "Goto out" is a popular idiom > in the Linux kernel. > > “Freetext search: goto (17689 estimated hits)” > > http://lxr.linux.no/linux+v3.12.1/+search=goto > > Things do get better, it’s just the betterness is not evenly distributed. > > Regards, > Vitaly > > > On Tue, Nov 26, 2013 at 9:19 AM, Will Sargent <[email protected]>wrote: > > I generally find it helps to think about the good programmers who would > like to improve but don't know quite how, rather than the worst. > > Things DO get better. Very few people use raw GOTO statements any more. > It's been years since I saw people eval input. I'd say Ruby is better for > purpose than Perl, and Java (and the JVM) is safer than using raw C or C++. > > Ultimately, the nicest thing about using value objects produced from a > recognizer is that it's a richer experience. For the same reason that > people want to use types and abstract data types like Option / Maybe and > Either, they'll want to use value objects. > > > On Mon, Nov 25, 2013 at 12:51 PM, Grawrock, David < > [email protected]> wrote: > > Nils, this is almost the same as answering the question "what is the best > programming language". The answer isn't X or Y, it is "well what is the > program supposed to do". If your answer is always Java, please tell me how > you are going to write Java code for a device driver that executes during > early boot, including when memory isn't initialized yet. Don't think Java > will fit :) > > You select the best tool for the job and use that. We have to get > programmers to understand that one tool doesn't fit all and one way of > validating and formatting input doesn't work either. > > But we HAVE to make this easier to use and understand, with some very > EXPLICIT helps to get people moving. > > David Grawrock > Security Architect > 503 264 3642 > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Nils Dagsson > Moskopp > Sent: Monday, November 25, 2013 12:36 PM > To: [email protected] > Cc: [email protected] > Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun May > 18, 2014 > > [email protected] schrieb am Mon, 25 Nov 2013 > 10:20:39 -0800: > > > […] > > > > The hard part is going to be spending the time and effort to integrate > > with those framework/library/language teams and get your stuff in > > there and up-to-date. And that's where most solutions fail. But that > > exactly the same difficulty that the developers face in integrating > > your work into their apps. > > > > Not saying it's right, just that that's how it is. For the best > > security, we need to minimize the cost of using the systems. > > Unfortunately, few things prevent a mediocre programmer writing a quick > hack that subverts the purpose of software designed to avoid systemic > failure. Exhibit A: handlebars.js, <http://handlebarsjs.com/> which > manages to introduce logic into (logic-less) mustache templates < > http://mustache.github.io/mustache.5.html>. > > Having talked to proponents of e.g. Ruby on Rails and JavaScript, I am now > firmly convinced that hipster programmers are – by and large – not > interested in systems that work well or are easy to use, but systems that > are either popular or give a distinction (ego) benefit. Exhibit B: > “Power users” who complain that any system unfamiliar to them is hard to > use, yet “grudgingly” accept the countless annoying idiosyncrasies of their > preferred “solution”. In the end, programming is pop culture. > > -- > Nils Dagsson Moskopp // erlehmann > <http://dieweltistgarnichtso. <http://dieweltistgarnichtso.net> > >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
