Slashdot Mirror
The Peon's Guide To Secure System Development
libertynews writes "Michael Bacarella has written an article on coding and security. He starts out by saying 'Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion.' It is well worth the time to read it."
How come all the bad and incompetent people end up writing software for big companies?
The P.Eng has one thing right - we need 'software engineers' or 'computer engineers' that are liable for their work (and the company that uses them are liable for too).
If Microsoft's products are so good, why do they disclaim liability on it?
Of course it isn't just microsoft doing this either. The whole licensing thing. If a 'license' is supposted to give you the privledge to do or use something, then in most things you are completely liable for your actions. For example, I have a drivers license, I kill somebody it is my fault. If Acme's Nuclear Control Software 2002 goes faulty and blows up part of the states - they would probably claim no fault (bad example I know - special case currently probably).
What we see depends on mainly what we look for. -- John Lubbock Now search for that bug slave!
They're just paying for what they get. I tend to believe that its not so much bad programmers as it is a general apathetic attitude that good programmers have now. If there's no incentive to bust your balls, you're not going to!
One thing that bugs me about opensource is that bad coders always tend to end up there. If anyone has used the bleeding-edge versions of KDE, Gnome2 or whatever their poison is, then they'll know what "bad code" really means. Thankfully, the security is not too shabby since there's always tons of people who look at opensource code and either exploit it or report it / fix it.
This article goes to show that Slashdot editors need to be subject to moderation. This one merits -1, Flamebait. Ask yourself: does the guy make a point in a civilized manner, or do you have to wear the proverbial asbestos suit to make sense of it?
for me to peon.
Karma: Good (despite my invention of the Karma: sig)
He read a few books on the subject, and summarized the most simple concepts in an article.
Nothing new here.
Head to Amazon and find some books
Software Project Survival Guide by Steve C McConnell (Paperback)
Writing Solid Code: Microsoft's Techniques for Developing Bug-Free C Programs by Steve Maguire (Paperback)
The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition (2nd Edition) by Frederick P. Brooks (Paperback)
The Pragmatic Programmer: From Journeyman to Master by Andrew Hunt, et al (Paperback)
A non-Windows system is not a guarantee of invulnerability, but keeping a Windows system is guaranteed to put you at risk.
The real world seems to agree with him on these.
Too bad the Linux programmers didn't read this book, eh?
"
Linux, Open Source have 'more security problems than Windows'
By Robin Miller, NewsForge.com
Posted: 15/11/2002 at 08:37 GMT
According to a report published November 12 by Aberdeen Group, "Security advisories for open source and Linux software accounted for 16 out of the 29 security advisories - about one of every two advisories - published for the first 10 months of 2002 by Cert (www.cert.org, Computer Emergency Response Team)."
Aberdeen says Microsoft products have had no new virus or trojan horse advisories in the first 10 months of 2002, while Unix, Linux, and Open Source software went from one in 2001 to two in the first 10 months of 2002, that in the same 2002 time period "networking equipment" (operating system unspecified) had six advisories, and Mac OSX had four.
In other words, all except Microsoft had increases in reported vulnerabilities this year.
"Contrary to popular misperception," the report says, "Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms. Furthermore, Apple's products are now just as vulnerable, now that it is fielding an operating system with embedded Internet protocols and Unix utilities. Lastly, the incorporation of open source software in routers, Web server software, firewalls, databases, Internet chat software, and security software is turning most Internet-aware computing devices and applications into possible infectious carriers."
The report lauds Microsoft for having overhauled its development process in an attempt to fix security problems, and says, "Perhaps it is time for some of the suppliers of open source and Linux software to take similar measures."
(You'll need to register with Aberdeen to read the rest of the report -- it's one of their free ones -- but I believe I've covered the Linux-relevant high points here.)
And yet, here I sit with my virus-free, trojan-free Linux box, receiving tons of viruses and trojans from Windows users (that don't affect me), watching news item after news item about sites run on Windows servers getting defaced and broken into.
According to what I've heard from my many sysadmin and network security specialist friends, no OS or network-connected software is secure unless it's administered properly and security patches are applied as soon as they are available.
And then, after I started writing this story, a ZDNet article with the headline Linux utility site hacked, infected came across my monitor, and I started wondering, "What if these Aberdeen people are right? What if this isn't just Microsoft-sponsored nonsense?"
A look at CERT's 2002 Advisories and Incident Notes pages was not overly reassuring. Yes, I saw some Microsoft vulnerabilities there that Aberdeen apparently missed, and one for Oracle.
I also think we have enough Microsoft viruses left over from last year that we don't need any new ones this year.
But the real issue is that we all need to be more security-conscious. The Aberdeen report points out that the system with the most reported vulnerabilities can change from year to year, but that the overall vulnerability and incident trend is up. Way up. In other words, whatever operating systems we use, we all need to watch out more for security flaws than we have in the past, and work harder to protect ourselves from them.
© Newsforge.com
"
I work for an IT security company that does works some pretty secure systems. When we come across custom apps we are amazed time and time again how the logic was put into developing them, not just security. Its one thing to code, its another to do it well. My favorite catch was an SQL developer who created a hyperlink to care and feed his system that simply had to many bugs and pushed to production. Its important that companies have good end to end IT polices, apps, usage and security, but in large part managements dont recognize the risk until its to late.
The coders are still shackled to the management that are trying to push it out as soon as it compiles and runs.. management doesnt CARE about stability or security and sales/marketing doesn't even care if it works.
until you can get the COMPANY liable for their software claims. and make their claims open and public, not buried in legalease.. I.E. if you dont want to be liable for it not working then the packaging must state "MIGHT NOT WORK" on the front in big letters.
until then it will not change... not in commercial software anyways...
Do not look at laser with remaining good eye.
?????
While I have taken this out of context, its not worthwhile to dispense with systems coding issues - thats exactly where most security problems start and need to be stopped. Anyone can be safe in a sandbox.
When I look back at my programming classes in college, the majority of the people didn't have a freakin clue. I don't think most of them could install a program on their own. Unfortunately the teachers all walked them through it, and they ended up passing, because they had their hands held the entire way. Its scary to think that some of them could end up in high places.
I found 2 quotes particularly enjoyable:
Call yourself a computer professional? Congratulations. You are responsible for the imminent collapse of civilization.
and
The user is pure evil.
Very true and sometimes misunderstood bits of information.
Fully licensed blockchain psychiatrist
the real question that any developer needs to ask...
"What you need doing? Daboo!"
going back to minding my fortress now...
m-
You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
Yet more nonsense. Unix [in general, including Unix-typical tools] has had the most pathetic security history of any operating system.
Cast ye not rocks from a precipice of cracked glass. Unix security is just as crappy as Windows, and has been for a lot longer.
Try Smalltalk.
I used to work at a software house, and I noticed our code always adapted to whatever the organization cared about. When they cared about timeliness, we gave it to them, but the bug count went up. When they cared about a low defect rate, we gave it to them, but the volume of code (completed feature set) went down. When they cared about maintainability too, they got that, but app performance suffered.
Most competent programmers can probably make meaningful conributions to secure apps, especially if the efforts are led by good architects. Not everyone has to be the best. The only thing is, whoever is commissioning the software has to rank security (which includes a low defect rate) above timeliness and feature count. If that's done, most programmers can rise to the challenge.
Don't blame the programers. They're just adapting to their environment. They do have to put food on the table after all, so they'll do what their companies value.
While 'tis true I'm sure that secure coding practices grow more likely to contain security flaws as more and more of us code, I think the best way for coding to become more secure is to have more managers in the bizz that know about code.
The more experienced a manager is in actual coding,the more likely he or she will:
>Listen to and support action upon security
>Allow time to make apps secure in project deadlines
>Be less likely buy crappy software from the start (see the section in the article on middleware)
>Hire good sys admins
I don't think coders should always get such a bad rap when those "above" tend to sell products without often thinking of how to make it secure, and sometimes don't allow programmers the time to design solid security into a system.
Don't retire, just replace someone that thinks powerpoint is a good web development app.
It should be a crime to teach people C/C++.
High level languages like Ruby, Python, or even Java are strongly recommended for all new projects.
How about a high level, compiled language with static typing like Ocaml. More speed, more protection, and it's been officially certified as "The programming tool of choice for discriminating hackers".
Ocaml
# (/.);;
- : float -> float -> float =
This "technologist" is carrying on about bad programmers and security? Wow - I assume he's a seasoned professional with many large-scale projects under his belt?
With such trenchant insights as "Don't use C/C++"! "Don't use Windows!" "Watch out for user input"!.
Wow. How truly insightful. I'm not even going to bother pointing out the utter absurdity of claiming that using or not using C/C++ has anything to do with it, or the added security problems with using high level languages (do you trust the implementation?).
I'm just going to say I've had bloody poops with more useful information in them than this article.
Everyone knows peons don't care about security. They just go around doing whatever they're told to do. Half the time, they're just standing around because there's nothing for them to do. They are oblivious to security breaches... I can't tell you how many peons I've seen getting hacked to death without them even noticing! And if they do notice, all they ever respond with is "Stop poking me!!!"
Peons, indeed
Nosce te Ipsum
Open source systems offer this power to the end user (you), that is their real strength. You can tell the difference between a developer who gets it and one who doesn't because the developer who doesn't get it is content to build a custom system using closed source components that they cannot understand, let alone keep secure.
.NET. I am so out of here as soon as possible.
That's precisely why the IT deparment of my company is setting themselves up to fall apart. My group's lead tech (lead not because of higher knowledge, but because he's hung around a while and sold himself) is convinced closed source is better. His arguments come from quoting Microsoft's advertising and web sites (which are basically just more advertising). Without even trying anything open source my company has whole-heartedly adopted
Ignorance may be bliss, but only for the person who's ignorant. They're happy... I'm not.
Developers: We can use your help.
"...Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion..."
My!
We are the important little center of the universe, aren't we!
Oh! this is just book-marketing bullshit?
Or maybe hyperbole, if the author is literate to know what that word means...
t_t_b
I'm on PJ's "enemies" list! Are you?
Gotta agree with him on this one. I finally got out of a multi-year project where we used a gigantic POS graphics package as the back end. It added unnecessary complexity and over a year of hacked code to what should have been a month-long project (had we coded the graphics functions ourselves).
We got stuck with the package because the client chose it, and refused to admit they were wrong. When the project when 10X over budget and people got fired, they still stayed with the graphics package and even upgraded it to the 2.0 version.
The only way out was to quote them an astronomical figure for upgrading our software to match the POS and hope they wouldn't bite. I cheered when they politely declined.
It's good to have a job where you can choose your clients.
While in theory I agree with the designers of said software being liable for the flaws therein, to what extent are we to pursue them? If I, as a coder in a firm unwilling to compensate me for the time, energy and resources necessary to produce good code, and they push for, and accept badly designed products, am I, as the actual creator to be held liable? Or would it be acceptable to go after the upper management types who accepted said code in the first place? A little perspective needs to be used here before we start screaming for the heads of those responsible for insecure software.
Don't park drunk, accidents cause people.
I agree whole-heartedly with the first of 2 non-superfluous statements the author makes: Why do you think Java and, to a lesser extent, C# are so popular right now? ESPECIALLY for teaching? Because with Java and C#, it's very, very hard to write code that can break the system it's running on. I also agree to some extent with his position on cyptography...most serious (non-IE/Outlook) insecurities aren't based on cracked crypto - they're in buffer overflows, and weak points in code. I don't pretend to be anything but a pathetic first year java student, but I can see where this author is coming from just be reading this website once a week...
------- "From bored to fanboy in 3.8 asian girls" ----------
I guess we better throw out everything other language, since these are "strongly recommended for all new projects." Here's a better idea: why not just write the software in the language best suited for the job, or that you're more familiar with, and code it to check for unexpected data.
Wouldn't your wife's in-laws be your parents?
Sorry, couldn't resist... :-)
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
It should be a crime to teach people C/C++.
This guy is a little rough I think.
High level languages like Ruby, Python, or even Java are strongly recommended for all new projects.
This sentence should be continued "..for mediocre programmers.". Professional experts should use whatever language they are best at as long as it's reasonable for the project.
This article looks like he's giving advice on how to take a group of wanna-be progammers and try and get useful results from them. I think that's the wrong approach. What you should do is hire real experts. That way all the wanna-be programmers won't be able to get jobs and so they might realize "hmm.. maybe I should go back to school and get some real skills". Then we wont have as many of the problems that this guy talks about. Though maybe the schools aren't teaching the skills properly, but that's a different topic.
Aw crap, ninjas!
I guess you shot out of the womb with coding skills (doubtful). Everyone has to learn in their own way. In the end if someone wants to learn to program well, they will. Otherwise they'll just coast along until it's required.
I was a shitty programmer out of college and after moving between various jobs I learned along the way.
Business works by getting the most for the least amount of cash. Unfortunately most businesses don't have competent managers that can tell the difference between anything applicable in the real world and a buzz word they just read on CNet (most technical conversations are over their heads). That is my experience anyway.
For a quick summary:
The only link I could find was the universites link to the colloquium which has the short abstract I quoted above.
Guess what? I got a fever! And the only prescription.. is more cowbell!
>High level languages like Ruby, Python, or even >Java are strongly recommended for all new >projects.
All of these languages use a C program to
run.(interperter, VM).
First this guy suggest against useing
close source components are components
that you do not understand.
Well, what are these high level languages that
he is suggesting. There just a convinent
ways to write C. (Java excluded)
Maybe he thinks that you should read through
the ruby and python source before you
start using these languages?
I think he's suggestion is the reason
we have bloated unsecure software,
everyone trust that there languages
is in a little black box just because
it has a VM. What if the VM has a security
flaw, isn't this just like running a
secure program on top of windows.
Just keeping a developer from using pointers
is no way to insure a projects security.
During the 1980s, I developed software for ICBM command and control systems and for ICBM targeting. One of these systems ran on a Rolm 16-bit computer and was programmed in Jovial, assembly and Fortran. At the time, this computer was already 5 to 10 years behind the commercial state-of-the-art. However, it worked and almost all of the bugs in the computer and the compilers were known, and THAT is the key to developing secure software.
Don't use the latest and greatest. Use something that has been in production for several years and has had the bugs worked out. The military used to do this on critical systems. Did I hate coding in Jovial on a machine that only had 64K? Yes. But I also knew the machine inside and out and had hand-checked the compiler's assembly code generation to make sure that it wasn't doing silly things. It didn't, because 5 years in production had wrung out all of the bugs.
You know, theres something to be said for ignoring articles written in a degrading way towards its audience. It does make an interesting read if you imagine the comic book shop guy from the Simpsons was the author... worst article ever...
This is one of the best all-around security articles I've read in a long time. If even 10% of the world's programmers read this and take it to heart, the world will be a measurably better place.
11*43+456^2
If something like Windows plays any part at all in your system design, you should probably give up now. Despite being closed source, holes are discovered constantly.
I hate to break it to this guy, but this article is basically a big rant of his personal opinions. Not that I have anything against that, but I feel anyone heeding this person's advice unerringly would be making just as big a mistake as if they didn't listen to any of his advice.
Open-source, closed-source, it doesn't goddamn matter. The fact is, code is written by humans, and is therefore imperfect. Realize that now and save yourself a lot of time. Open-source continues to have just as many flaws in it as closed-source. How many times has the bind package been updated in recent memory? And don't start the "many eyes" thing again, we all know it and we're all tired of it, and I realize open source gets fixed faster.
My point is, when I first got into Linux, I took a default install of Red Hat and threw it on there. I had read all sorts of advice that if I wanted a secure server, I should use *nix, so I did. Yeah... rooted. Rebuilt the box, using a way newer distro... rooted. My failing was trusting the code implicity based on what other people said. Old versions of open source stuff are just as vulnerable as old versions of closed source stuff! And you know what? I guarantee that this will always continue to be true.
Constant vigilance is your only safe-guard. The open-source/closed-source argument is secondary to this. If you can build, deploy and maintain a closed-source based system much easier/cheaper/faster than an open-source one, well, balance that against your security requirements.
I moderate "-1, Fool"
Programmers are in a way like construction works. We build something up, usually based on some specs. The big difference is that we don't have people looking over our shoulders. Putting up a wall usually takes more then one person, so the other person will see the problem.
Code reviews, ie. open source, is the answer to this delima, but in a lot of cases the teams are just too small, and the application not used by enough programmers to really make this work.
If you worry about your app being secure your going to need it inspected. Even the best "security" programmer is going to make a mistake or two. A program could be in the wild for years before a hacker realizes a design flaw and takes advantage of it. You need people looking at it with a checklist. Ensuring now buffer overruns, easy to guess password schemes, and then you just need someone who hacks for a living to try out various scenarios.
We should also stop trying to patch the problem and fix it. Things like buffer overruns are getting old. Most high level languages are immune to. It's been a while since I did C programming, but if you writing a network server, why not use some kind of Object to repersent your data, verus a straight up char[] and have check in the object. Make it harder for inexpierence programmers to make mistakes, or even expierence ones for that. If you've used Java, you know the compiler throws a lot of fatal warnings to keep these things at bay. Why can't the C++ community adopt some of these.
The article is a nice read, but it is obvious that the author have little experience in commercial software production.
Quality and security of a commercial software product is a financial decision, not a technical. Much like how software architecture is a strategic and not a technical decision, which many software developers do not realize.
When the cost of continuing to improve quality and security exceeds the income from support contracts, you have to draw the line. If you don't provide or charge for support, you draw the line when your investment exceeds your targeted income projections.
There are software products that are secure and virtually bug-free, but you and I can't afford them. They run nuclear plants, space shuttle command centers, etc etc. Hundreds of millions of dollars have been spent on that software, and it is not a question about "the user is evil". It's about having a thorough and mature development process and organization, preferable at CMM level 5.
So, I really don't know where the article would apply. Maybe when writing simple VB games for your website. Absolutely not when writing commercial grade software.
Oh, I can't help quoting you because everything that you said rings true
For my application, I have made a special string library which is resistant to buffer overflows. Instead of a string being a simple pointer to a string of characters, terminated by a null, a string is a structure with the following information:
- The current length of the string
- The maximum possible length for the string
- The encoding of the string
- The length, in octets, of a single piece of data in the string
I then make sure that any manipulations to the string library always check to make sure we do not exceed the maximum length; I also have a three-byte cusion in every sllocated string to insure that one-byte buffer overflows do not happen.Some other practices:
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
Qualifications?
Let's see...
Wow! Pretty exceptional, don't you think?
'bout the only thing going for the guy is he *doesn't* have a blog...
How the f*ck did this nonsense get put up on /. anyway?
What changed hands to get this deal done?
t_t_b
I'm on PJ's "enemies" list! Are you?
Not to mention Windows own unique security flaws.
Education. The problem is employers will hire people based only on work experience. They think work experience can be substituted for a degree. I have recently graduated with a CS degree and cannot get employed because I don't have work experience with (insert popular language). I am seen as less desirable because my degree focused on theory and higher-level concepts of what makes a good program. Theses concepts would be harder to pick up in the workplace. I would place more of the blame for insecure systems on the requirements of employers. Besides, my degree has to be worth something... right?
Programmers need to follow the KISS method of coding. I love this - RFC1925 - Fundamental Truth #12 - "In protocol design, perfection has been reached not when there is nothing left to add. but when there is nothing left to take away." You can not really say it any better. It is supposed to be funny - but it is really very true.
Being the hardware/network guy - I deal with this everyday. My place is getting crazy - everytime you pick up a dirty rug around here to shake it out you find another programmer... And they are all killin me. I try to lock something down - they cry "But my code won't work if you do that!!". I try to clean something up and they cry. I SUGGEST that we do something a different way - and they CRY!!!!!
OK - breathe.... It is really very hard to do my job. And it sucks. Mgmt doesn't understand why we need an IDS, or tighter VPN encryption, or NO access to the inside network from the DMZ and on and on and on...
Keep it simple, stupid. Words I try to live by - but you should see the code these guys write. This guy had hit it right on the head. This article is nothing special - it isn't rocket science - its FACTS. But try and teach it to a bunch of crying coders and a room full of suits. You can't - period. So I keep coming in on Sundays (salaried employee, thank you very much) and patching systems and go thru my logs everyday and sneak stuff past them when I can and just do what I can to keep us secure. Some of the really really stupid stuff they try to do I just tell them no - no one really fights with me about it - but if I try and change ANYTHING to make it more secure that would involve writting ONE line of code to fix - I get beat down till I just quit fighting it.
I love this stuff - but sometimes you can really hate doing it.
But hes right - WE have to do it. WE have to make things more secure - WE have to keep it simple. For the love of all that is holy - if you are a coder - please keep it simple and do your fucking job. Don't add shit you don't need - stop when you can't take anything else out. And don't worry about the OS patches or the firewall or the router - My end is already being taken care. See ya Sunday morning....
Duke
FreeBSD: Nothing runs like a daemon with a pitch fork.
Yet, his article appears on the front page of /., the very "home" of the people he offends. To quote Michael:
No it is definitely not.
Mother is the best bet and don't let Satan draw you too fast.
There will never be a perfectly secure operating system that a dummy can run. Dummy will fall for the old trojan program trick, and open his machine up to doing things he it didn't expect to.
If Linux ever gets up to the ease-of-use level Windows has now, and therefore hits the popularity Windows has now, the virus writers will come too, and Linux will have just as many problems. Having the source is a double edged sword. If the bug is found first by a white hat, we'll find out in the form of a patch being released. If the bug is found first by a black hat, we will descover it in the form of an exploit in the wild.
Actually someone beat me up and stole my lunch money when I was playing in the schoolyard sandbox once....
Professionalism!
This tone and language in this article is terrible! He sounds like a teenage mad at his parents. How is he supposed to be taken seriously? Most managers and businesses would walk him out the door after 5 minutes that article.
Seeing yourself as a professional, not matter what you're working on or what you're getting paid goes along way to the quality of the project. But it seems a lot of people don't take this seriously.
This sounds like an elitist attitude towards development... not surprising in today's competitive job market. Everyone has to start somewhere, and no developer can claim that they've never made mistakes (read bugs, poor design, etc).
The solution is not to be rid of "incompetent programmers". If you do that, then all the kids coming out of college, otherwise known as the ones who are in training today to become competent, will be shut out of the industry and become nice competent burger-flippers instead. When the so-called "competent" programmers reach retirement age, you'll be left with scrap.
The solution is easy, and well-know: code-review, and mentoring. This can and does work in a closed source environment, but it happens naturally in an open-source world.
Most programmers graduate from state universities with no real-world experience in security, hacking, and so forth and no connections to anything that's going on -- it's simply a pass from the university of a student molded from the dirt-poor standards of a mainstream college system to a corporate programming world of laziness and no liabilities.
However, these people who are no more qualified to write code than a third worlder with no previous formal schooling trained to be an H1B in a cert mill -- yet are paid much more, for no good reason.
If anything, regular programmers who would ever, for example, use PHP's fopen() for a proxy like the article described should be paid like H1Bs and school teachers -- about $35,000 a year, at the most.
However, the ones who really know their shit -- like Mr. Bacarella -- should be the ones making $100,000 a year or more.
Now how many Ocaml coders are there out there? Five thousand? Actually that number is probably generous. Just fess up that no one cares about this language regardless of its benefits. Its added to the list of Lisp, Haskell, and all of the other languages that could save the world if we just adopted them.
Even then, Ocaml does nothing to secure the monstrous existing C/C++ code base.
When coders run out of answers, they often resort to blanket claims of utopia delivered by a mysterious and obscure language.
Why do you think Java and, to a lesser extent, C# are so popular right now? ESPECIALLY for teaching? Because with Java and C#, it's very, very hard to write code that can break the system it's running on.
It's also very hard with C/C++. The most you break on any system without very broken protection-handling is the faulty program itself.
The reason Java is taught as an introductory language is that it was stylish about 5 years ago. The reason C# is taught as an introductory language is that Microsoft threw a lot of money at universities to teach it, and at marketing to attempt to make it stylish.
It boggles my mind that people in second-year programming courses at my university don't know what a pointer is, because it wasn't covered in their first-year programming course (which used Java).
Languages with built-in safeguards are great, if that's your primary concern, but programming courses in university are supposed to teach you about all aspects of programming that you might reasonably encounter. If someone graduates without knowing how to debug memory errors and then has to maintain a C++ program, God help us all. This is also why we're forced to learn Lisp/Scheme and exposed to Fortran at some point - exposure to the concepts is what's important.
As far as what's used in industry is concerned, first likelihood is whatever the shop has used for the past several years (anything from VC++/VB down to Cobol, depending on where you're working), and second likelihood is whatever the industry fad was when upper management was setting up specifications.
High level languages are great for high level problems. Low level langauges are great for low level problems. Use the right tool.
Just skimming over and noticed this one line:
"The Windows system is also far too massive, complex, and user unfriendly for human beings to have any hope in securing it."
Apparently there are a number of increasingly incompetent people writing articles.
Windows "user unfriendly?" WTF?
I guess that's why it's the #1 OS in the world.
I gave myself to Jesus, but now he never calls
The author argues (entertainingly) for the creation of a Software Engineer Profession by analogy with the Civil Engineer Profession, with the Accreditation, Certification, Code of Ethics etc. that goes with it.
Recommended!
What is the difference between a real song and a simulated song?
When all these half-trained Java-based "CS major"s have to deal with real systems of all types, including those that require memory management by hand?
This is precisely why Java and C# SHOULDN'T be the primary teaching language at any serious institution. It doesn't just encourage bad habits in memory management, it breeds ignorance of the CONCEPT of memory management. I'm extremely glad I had a good background in C/C++ (and even some Pascal before those) before I ever learned Java or Python, or I wouldn't have a clue about half the concepts that a good C background forces you to learn.
Added to which, using outdated hardware is never an option in industry. You must write to you user's platform.
Guess what, every choice every entity makes regarding anything is a compromise. Security is no exception and so long as it costs money and takes time, it will never be THE ONLY FACTOR as this guy thinks it should be.
What does he expect? One security expert per I.T. staff to watch over their shoulder and make sure they never do anything insecure? Maybe we should train everyone on the planet as a security expert, and dedicate 100% of every available resource we have to securing software.
I understand what he's saying, but give it a rest. We take chances all the time and adjust according to the outcome.
-... ---
High level languages are usually more secure than C/C++ and chances are you'll write less lines of utter dog shit that other people have to deal with.
/., but it ranks up there, certainly.
C/C++ are high-level languages. This is CS 101.
I think the extensive use of profanity in this peice is indicative of the author's maladroitness with another "high-level" language, namely English.
This isn't the worst thing I have seen posted on
Yet, his comment appears in a /. article, the very "home" of the people he offends. To quote Michael:
No it is definitely not.
www.cgisecurity.com/lib
Take it easy junior. The guy is right.
Horsehockey.
Bull fucking shit.
It should be a crime to *start* students on a protected environment like Java. Programmers who start on Java begin with less understanding of what's going on, because it sweeps too much complexity under the carpet.
I realize this argument was made for assembler when C was introduced. BUT! There was a massive shift between assembler and C, which is why that argument is not valid.
C and Java both have pointers/references. They both have functions, etc. But Java's references are hidden from the user, and most students don't have a clue about a reference.
Asm. vs. C was a big difference, but Java and C++ share so much, but Java sweeps all that complexity under the carpet. If a programmer who's only used Java gets into a C++ project, he'll fsck it up so fast it'll make your head spin.
It should be a crime to teach Java as a beginners language. It's not a bad language, but under no circumstances could it conceivably be considered a beginner's tool.
The person who wrote this guide? or the person who follows it?
~~~
Click here, you know you wanna!
Yet another article about how all software is crap and how most developers suck, written by kid in his early twenties who probably hasn't worked on a large project in his life. Woohoo.
I have a feeling that there are a whole lot more articles on the internet written by more experienced developers who might offer more insight than this kid.
hacked into. http://news.com.com/2100-1017-965921.html
Many have already commented on the claim of supposed security of not using C/C++. So following his "logic" - you shouldn't increase the length the length of code by 4-8 times by using C++ (my paraphrase) -- but you should write all of your own code?
Sorry, but if I agree that one person can not make Oracle (by this I assume he means the database) secure - then wouldn't multiple people on the project at least help? Maybe they can see the things that I cannot see? AFAIK, the more that can find flaws in software the quicker it gets more secure (as in nothing will sever be completely secure)
If you blog it...
But you have to have a verified design. Actually MS does offer solutions like this, inderictly, with Windows Datacentre. With a Datacentre server you can get things like gaurenteed uptime and so on. What happens is you contact an SI that is authorised to sell it, and you work with them to design the hardware and software you are going to use. They build and test the whole thing, and then sell you a gaurentee with the system and service contract. You then can't mess with the system. You can't go and install whatever software you want, because the software might break the system.
Real verified reliable design are, by necessity, very unflexable. You have to verify all the components and make sure they work together to insure that one won't cause problems. You then can't change the components, with out reverfing.
This just doesn't work for a desktop, where the user expects to be able to operate the system as they desire. that means that peopel can, and will, find combinations of software adn hardware that will fail. Hence, a software company can't gaurentee reliability in that situation.
You don't need secure clients, you only need secure servers.
Tell me, what is the compelling business reason for using windows that prevents me from using anything else in a corporate environment?
There is only one answer (or is it three?):
"Fear, Uncertainty and Doubt"
And that's one feature we can all do without!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Earlier in this article, we see the inflammatory statement: It should be a crime to teach people C/C++. But later in the very same article: Whenever possible, use industry standards. For example: POSIX, ANSI C, OpenGL, SQL, etc. Beg pardon? If we use C or C++ (industry standards, I believe), should we then be imprisoned or lauded? Or is it just possible that the author is getting a little carried away with himself? "Programming languages without mandated security don't break systems. Bad code written in programming languages without mandated security breaks systems." Kelcey
Your only hope of salvation is an open source system.
I get so sick of this drivel. Linus did not die on the cross for me.
In an old /. comment, somebody made the suggestion that GNU standardize on safe libc functions. If you want to use the latest GNU libc, and want to use strcpy() instead of strncpy(), you have to include .
At least it will be obvious which programs need updating. Granted problems like buffer overflows occur in more places than libc, but it's a start.
I wonder if the image links on the page, eg:
file:///usr/share/latex2html/icons/nx_grp_g.png
are intentionally broken to show how easy it is to screw up.
I dunno.
At first I said "this is a troll" his tone is completely condecending and it's pretty clear that his experience is limited to small to medium size projects. As often as programmers are hazed for being ignorant about OS issues and ignoring security, in my mind this guy is a sysadmin with a small amout of coding knowledge. If you've never written code that maxed out the CPU for hours, you've obviously never written any number crunching software (finance? data analysis?). If the OS sits around waiting all day for data to process why all the push for clustering and grid computing? Ok, fine, he has an opinion and wants to express it. Then again, the issue he raises is completely valid, and security is a real problem. The .com boom (and the rise in computing of all kinds) created a huge imbalance in the supply/demand of programmers which allowed a huge number of incompetent people into important positions. As a technology consultant I met an incredible number of "tech lead" "senior architects" who couldn't code their way out of a paper bag, yet they were responsible for designing multi-million $$$ systems. It is hugely important that the issues of security are impressed on these people. If this is what it takes to make a few people think the next time they release some new code without testing it for security holes, great. The world is a little bit better.
Then again, he's certainly no expert and there is nothing revolutionary in his article.
May no camel spit in your yogurt soup.
HTH. HAND.
Please, the real doom of humanity is plaid.
/. realise that they are just tools and could probably survive without them. Though the normal person might not be able to watch as much TV, but is that really so bad?
Computer scientists need to get their heads out of their asses before doom preaching so much. Believe it or not, if the system were to 'collapse' due to computer error, people would be smart enough to not kill each other in a violent bloodbath. People might not respect computer people anymore, but at least we wouldn't all kill each other and destroy society.
Computers are important, but the rest of the world that doesn't work with then 24x7 like many of the people here on
The cinicism of saying that windows guarantees security risk is hardly insightful. One can be hacked on any operating system by someone more clever than themselves.
Can I get modded up higher for gratuitously bashing MS?
Guess what system allows you to be more vigilant? You sure can't hack away at things in a close source environment.
Gee.. could that mean that Open Source systems are better suited to immediate maintenance? *GASP*
What options are there (if any) for building a GUI for an O'caml program?
... what the heck's the difference between O'caml and Caml?
And while I'm here
Whoever designed level 61 in Frozen Bubble is a sadistic bastard.
I've been wondering if there's much difference between C and C++ in security. C seems to be most used language for system and server programming nowadays, especially in Open Source projects.
C++ has many features that forgive your mistakes. With proper string, buffer, and other basic data type classes your bounds are always checked so there can't be buffer overflows which seem to be most common source of problems. In addition, automatic destruction of objects eases memory leaks.
You can, of course, do all the same things in C, but it's always syntactically more complex than in C++. You need to learn dozens of different coding rules just to avoid trivial problems. Often you forget to apply them; each time you create a risk.
For example, just today I noticed a dangerous situation when I initialized a callback function table with:While this works quite nicely, it's secure only if the struct always contains the two items. If a new item is added to the struct, all uses of the structure would have to be updated, but the compiler might not warn about this situation. In this case, the result would probably be a program crash. A more secure way would be:This is much safer. However, in C++, this problem simply wouldn't exist because structs are typically never used and classes have constructors that always initialize them properly and user doesn't have to care so much about possible changes in the classes.
This is just one example. There are plenty more.
On the other hand, stuff is more often allocated from heap in C++ rather than stack. Memory might therefore fragment more easily in C++ than in C.
Simply because you are unable to secure a box does not mean the underlying operating system you are using is any more/less insecure than any other OS. First get your head out of your ass. The default install on most operating systems is not the highly secure one - it is the one that balances security with features. Some OS's tend more toward security, others more towards features.
Secondly, the open source operating systems give you far more flexibility in securing the OS because 1) they actually document what the various services do and 2) they provide clear mechanisms for disabling daemons and services.
Microsoft does an incredibly poor job with the first one. I can't tell you how many friggin services are running on my win2k work computer that I cannot find any information about. What the hell do they do and can I kill them without destablizing my system? Microsoft's method of security through obscurity simply means that I have to leave all of these back orifices open for hackers to probe until they stumble upon a good hack and them I'm owned.
I don't consider myself all that knowledgeable about security, but I've never had any of my Linux boxes owned. These are ones that have run my websites 24/7. Gosh, you must just suck at security.
I ignored the rest of your poor comparison of open source versus proprietary systems. Good day.
When I got to the part where he speaks highly of the Gnu/HURD source code. Heh... While it might be true that it's some fine code written in a very legible manner, anyone who compares that code with a code from functional production OS's is a nut.
Of course you get the idea that he's a zealot nutjob right out of the gate but the Gnu part just seals the deal, so to speak.
I'll bet he's a gun freak too...
Your's.
There is no system that is invincible, but with some simple adjustments you can come very far in achieving a high degree of security, which has other positive side effects to boot!
If the "adjustments" are so "simple," why didn't the author bother to explain a few of them? Porting a large project from C++ to Java is usually not an option. Replacing Windows with some other platform is usually not an option. And using a lot of foul language doesn't do a thing to explain the matter or increase the security of anything.
My guess is that this guy is working on a project or projects with lots of security holes, and he has written this "article" so that he can point to it later and say "See! I told you so!"
that's the thing you see, trusting the client is plain wrong and assumptions made with that model will get you in trouble.
plan9 offers a model that doesn't require trusting the client. It runs a dedicated authentication server and a dedicated CPU server and a dedicated file server. The three talk to each other behind the client's back.
http://plan9.bell-labs.com/sys/doc/auth.html
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
6) Profit!
This is missing the point. Security is not a destination to be reached, but a room tempature set to the preferences of the occupants. Do you ever lock your car doors when driving through the bad part of town? Do you think that we secure our homes the way we want our airports secured? Can you not acknowledge that we all tolerate specific levels of risk in many areas of our lives? Some one had a great point when they pointed out that Nuclear power plants, the space shuttle, ICBM warz are all very secure and mature systems. Do you really think that when Joe Bloggs starts designing an autopart inventory control system, that he is thinking about preventing unauthorized access to the extent of a powerplant? Or that the building engineer for a 12x12 parking lot PhotoMart cares about making his hut as difficult to enter as a bank?
If you dont need the speed, and/or value security more, any language which relies as heavily on pointer arithmetic as C/C++ should be out of the question. If you must use a C type dialect you could consider something like Cyclone C
... the exploits depend on simple bugs and on your algorithms, with C/assembly you will simply have more code so more bugs and you will be farther removed from the high level workings of the program. A loose loose situation.
. The crux of his arguement depends on the absence of pointers, if you cannot see why that is good for security then you are naive.
If you program in C or assembly you might know what the hardware is doing, but as soon as you leave pointers and the low level attacks they make possible behind that stops being an issue anyway
He lost me right here,
"If something like Windows plays any part at all in your system design, you should probably give up now."
Just another piece of FUD from an OS elitist, who apparently has amnesia about the numerous past exploits in Apache, BIND, Sendmail, OpenSSH, etc. Nevermind the fact that every single Fortune 500 company uses Windows in some form. I guess they all need to give up now, their systems will never be fully secure.
Furthermore, the article says it's for developers but it seems to be filled with information for IT people - don't trust your firewall, watch out for Oracle, watch out for Apache, don't use Windows. I thought I was going to be reading an article on software best practices, instead I'm just reading a guy ranting about why IT pros should use open source. Bleh.
Right?
He thinks it's a crime to teach C++. He says Ruby is much better. His arrogance is equaled only by his ignorance.
C++ has its faults. But at least it means something to say that a program is written in C++. The language and its library are reasonably well-defined. Not perfectly, but well enough that in almost all practical situations, it's possible to say with certainty what a well-written piece of C++ code should do, by reading the said piece of code and the specification of the C++ language and its library.
This is certainly not the case for Ruby. The only way to find out what many Ruby programs are supposed to do is to run them. You then know what they do under one specific release of the interpreter, on your particular machine. Ruby isn't a programming language, it's a learning experience for its author and a toy for its users.
Any "programmer" who used it for anything that mattered deserves to be fired on the spot.
> One can be hacked on any operating system by someone more clever than themselves.
Well, like the parent post said, a non-windows system is not a guarantee of invulnerability. Granted, I wouldn't call MS=security risk insightful either- it's just common knowledge.
I've got a mind like a steel trap - it's got an animal's foot stuck in it.
My understanding is that the article put equal emphasis on education and entertainment. He makes such amusing remarks as "call yourself a computer professional? Congratulations. You are responsible for the imminent collapse of civilization." However, he also gives some information that was certainly not to be taken lightly. Therefore, it should be taken somewhat seriously, and quite a few people who read the article just might do that. And this could be a problem. Why? Because at the end of the article he says "Now that you know better, there is no excuse whatsoever. You cannot claim ignorance. Don't destroy humanity." And the article's title is "The Peon's Guide To Secure System Development." And that article could not have covered every ascpect of developing secure systems.
As I previously mentioned, I don't consider myself an expert in this area, but there are some things that I know that were not mentioned in the article. For example, when building secure systems, security must be kept in mind throughout the entire life cycle of the system. Perhaps his intent was to focus solely on programmers, but if he truly wants to see secure systems, he would focus all all aspects of system development. Those involved in software testing should be able to find pointer-related bugs, and many other memory-related problems that break software. In fact, in a recent issue of 2600, an program with less than 10 lines of code is given that crashes Windows. I'm not saying testers should find all bugs, I'm saying both they and developers have responsibility to be aware of potential security problems.
I also didn't like the remark about C++ being inherently insecure, and the statement supporting use of languages that don't use pointers, such as Java, C#, and Python. I would just like to say that programming languages don't break systems. People break them. Therefore, I would say that people should be made more aware of what security problems they can cause. Also, C/C++ won't go away anytime soon. So much software uses it, so it stands to reason that there will be legacy C/C++ applications for years to come. Therefore, teaching C/C++ shouldn't be a crime. Teaching C/C++ poorly should be a crime.
Well, I must say that I was somewhat disappointed in the way in which the article did not seem to go very far beyond the basics. I'll continue to recieve security information from other sources, namely Counterpane CERT and other websites like those ones.
Oh, right... Because all the crap programmers would be able to write better, more secure, and simpler systems than what already exist.
In some cases, I would agree with this quote, but its also the reason why there's millions of different versions of collections, print methods, string manipulation routines, parsers, etc -- all with their own quirks, holes, and other issues.
I am personally aware that one of the largest internet traffic servers there is (top 10 or so) was written in C++ by a programmer with no training who might rate as an intermediate coder.
That system, despite being a big name, has never been compromised. Ever. [I wont name them so as to not encourage hackers to prove me wrong]
The reason for this is security through obscurity. The code is proprietary, and the code is completely custom. Hackers totally fail because they have no information about how the system works.
The system is immune to worms too, again because it is totally non-standard. Any system built with any turnkey system is going to be vulnerable.
Thus I know of a case that roundly contradicts the author's idea that C++ in the hands of beginners is dangerous.
There has been research for translating ocaml type languages into malloc free C code, so it could be used for embedded systems in that respect ... and as you indicate, you can alway seperate things into a kernel/user-land system. Every little bit of code written in a safer language helps, the remote administration software in routers also tends to be a source of exploits and most of the code for such systems is well above the basic I/O routines.
From the article: "Considering that most good programmers are pretty bad at security,"
I don't necessarily accept this assumption. Most good programmers are good at coding up the design and requirements they've been given. The customer/architect/business analyst/technical lead needs to identify security requirements before they can be coded. It's very expensive to leave identifying security requirements to programmers. Not every project has the same needs. Sure, the programmer could guess. But each programmer on the project would end up spending a different amount of time and money on the security aspect if it's not clearly prioritized.
Likewise, if security requirements are not specified well enough, a security test-plan cannot be written or executed. If you need security, ensure it's somebody's explicit JOB on the project to ensure security gets into the design & QA.
Security costs money before a single line of code is written. Decide how much you need, where it's to be applied, and ensure it becomes a critical requirement through coding and testing. You can't expect security to just "happen" simply by hiring some "good programmers" as the author says.
Run time bounds checking is unarguably a Good Thing (TM) as far as safe code is concerned.
You are so full of yourself, I don't know where to start.
Try this: leave your firewall disabled for the weekend. Can you sleep easily at night? If not, then you have problems.
So if I leave my doors unlocked in a mall parking lot at night, I should be able to sleep at night?
Identify a given component that's currently running. Any process at all. Do you understand exactly what it does? All of its inputs and outputs? How does it react to unexpected inputs or other circumstances?
This explains it.. you have so little of a life, that you perform QA for every program on your system. How ludicrous.
If something like Windows plays any part at all in your system design, you should probably give up now...holes are discovered constantly.
Why not take your own advice and subscribe to Bugtraq? Maybe you'll learn that other OSes are have "holes that are discovered constantly".
It should be a crime to teach people C/C++.
Is this why all but one of your projects are written in C?
High level languages are usually more secure than C/C++
WTF? C/C++ is a high-level language. Have you never programmed Assembly? Java is not that much higher on the evolutionary chain than C++.
[The speed of C/C++] isn't even worth arguing and the fact that you said something like that calls your skills into question.
Really? So whenever a good point is brought up, you just use ad ignorum? Just reading your entire paper brings your skills into question.
Okay, okay.. I'll give you one thing..
The only logical conclusion here is that I'm a perfectionist crackpot doom-sayer idiot
I completely agree.
"Truth is not decided by majority vote" consensus gentium -- Norman Geisler
It seems that Security aware coding is moving towards a situation akin to the bean counters that decide whether to recall a certain model of a car ...
People didnt set out to write insecure code. But usually thay have a set of requirements to meet in order to get paid. Apart from a few industries where large sums of money or human life were directly involved , meet the requirements ASAP and get paid...
Even "closed source" development projects have Quality Assurace processes where some dude checks your code (whether they know what they are looking for is another issue)...
But particularly with bespoke code, people write according to a set of requirements. "I want it to do this, I want it to do that..". If it doesnt I can sue/refund/get free upgrades, if it gets hacked by some snotty nosed kid , tough, that kid wasn't in your requiremnets. Security is not easily specified as a requirement and is hard to insure against (financially) .. so pretty soon you will see the emergence of "security support contracts".
This is the direction Micro$oft are going in ..
(sustainable revenue is good for any business)
Yes, there is a wide range of programmers with varying abilities. but (apart from open source products), certain companies have realiazed they can/will charge big bucks for more security oriented support contracts, so what do they care.
For non-opensource companies lack of security/defensive programming has changed from being a liability to a profit generator.
Either they'll make a lot of money or open source will prevail.
Also expect a lot of specialist code review/certification/QA companies to pop up
"This product is independantly DeadBolt certified"
and hence costs $30 more + $30 a year for the latest security upgrades...."
(multiply those figures as appropiate!)
ACM's position on software engineering is that software engineers should not be licensed as professional engineers. Follow the link for lots of reasons.
My own opinion is that liability can exist without licensing. Companies working on safety-critical projects should be careful about people they pick to work for them. They should have adequate quality control procedures in place and should be held liable for negligent behavior. On top of that you could have regulation addressing specific safety concerns as you do for car and medical equipment manufacturers.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Yet you chop of the url and there is no index.html so you can see all the files in the directory.
Way to preach what you teach.
If you want to learn how to write secure programs for Linux or Unix systems, read my freely-available book, Secure Programming for Linux and Unix HOWTO. You can get it from http://www.dwheeler.com/secure-programs.
- David A. Wheeler (see my Secure Programming HOWTO)
The only logical conclusion here is that I'm a perfectionist crackpot doom-sayer idiot and that you should stop reading this and catch up on some minesweeper.
So here are the minesweeper clones: xbomb,
KMines, and more (all on Freshmeat.net).
I guess I'm not the only one who will be following his suggestion.
urinate.
Wow, you come across as someone whose opinion I should value.
You'll note that I said "When I first go into Linux". If that wasn't synonomous (sorry to use big words, I hope I don't confuse you) with "didn't know everything", I'm not sure how you're going to ever understand my argument.
You actually make my point for me when you say " Simply because you are unable to secure a box does not mean the underlying operating system you are using is any more/less insecure than any other OS". That was exactly my point! I even conceded that open source was easier to maintain, but that was not the point. Also, that seemed to fly over your the head of your zealoted biases.
Securing a windows box is just as simple as securing a linux box. You don't know what those services are on your win2k box? Firewall them. Don't complain to me, I've already been there done that. I'll tell you what, I'll give you a technology you don't know and see if you get it right on the first try. When you don't, I'll tell you that you suck. Look at me, I'm a productive member of Slashdot.
I moderate "-1, Fool"
Thanks for all the sexxxy pictures of your daughter Rosalie: http://www.finchhaven.com/pages/bee/mykid.html. You know you shouldn't put this stuff on the internet unless you enjoy strangers masturbating to her photos..
cba to even refute it
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Also, it isn't cynicism, it's experience that says that Windows guarantees a security risk. It's an intrinsically unstable, risky platform.
So the bashing was hardly gratuitous.
Since someone already mentioned the blatantly obvious Java.
A true professional will tell the truth, no matter how much it hurts the suits to hear it. Read your Software Engineering Code of Ethics sec. 5 to see what I mean.
If all of you are so interested in finding out who this guy is, read here. There was an article written about him.
heh
You are checking your backups, aren't you?
sorry about the clueless
On reflection I'll retract that
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Okay, rocket surgeon. Let's see.
He's lucky the assembly code isn't coducive to a hack, and this is the same mistake that usually does lead to security holes. It took me 10 minutes to find it.
Start the ident2 daemon, send it exactly (no more, no less) 128 characters. It will overflow the buffer and set the character after the 'buf' buffer to '\0'. Function is _getl. Send it 127 - daemon keeps client connection open. Send it 129, daemon keeps client connection open. 128 and it closes the client connection.
Just dumb luck that it isn't (to my knowledge) exploitable.
Some say giving a mathematical correctness proof is the right way to build secure and working software. This is a yet missing point in the discussion... Our CS teacher tried to proof insertion sort - insertion sort, really. And he stated multiple times: Proofing your program's correctness is the most important thing to do. But... the proof for INSERTION SORT had two bugs in it. And not the professor discovered them, no, a student from the rather big (>150 ppl) audience... PS. There is one thing which is good in proofing programs - you take a much closer look at them :)
1) 1) Users are pure evil.
We don't know if there could be sources of evil outside of Users.
2) Civilization is made up of users.
We don't know that Civilization is made up solely of users.
3) Computer professionals are responsible for the collapse of civilization.
That we are responsible for the collapse of civilization does not mean that we destroyed all users.
4) Computer professionals will therefore destroy all evil
The assumption is made that Evil is a non transferable entity. For example, a user could corrupt a system administrator via constant abuse. The sa then gets the evil idea of deleting all home directories. Even if Users contained all Evil in #1, the switch to future tense in #4 invalidates #1 as a given. Users are pure evil means that NOW users are evil. It doesn't say anything about whether or not they will be pure evil in the future.
He kind of sounds like a bit of an a$$hole, to be utterly honest. He repeatedly slams just about every computer professional on the planet (except himself, of course) for everything from writing bad code to not knowing ALL the details of EVERY service running on EVERY machine they have responsibility for. I can, off the top of my head, mention a hundred organizations who are so small they cannot possibly afford a person of this depth of knowledge.
He also ignores the facts of the world, choosing instead to think that everyone else needs to bend. Programming languages are being written insecurely by everyone alive? Don't whine about it, try to come up with a better way that won't make it so hard to write secure code with the available workforce out there. Let's face it; the infrastructure that exists needs supporting, and we can't wait until all the monkeys out there learn the One True Way(tm) of making everything secure. Telling everyone that they need to know everything is a stupid way to tackle the problem.
For your security, this post has been encrypted with ROT-13, twice.
Hmmmm. Sounds like this guy might have "secured" some info. from MSDN: http://msdn.microsoft.com/msdnmag/issues/02/09/Sec urityTips/default.aspx
If something like Windows plays any part at all in your system design, you should probably give up now. Despite being closed source, holes are discovered constantly. The Windows system is also far too massive, complex, and user unfriendly for human beings to have any hope in securing it.
It should be a crime to teach people C/C++.
This isn't an attack on the language itself (although there are plenty). The problem is that people use it to write high level applications....High level languages like Ruby, Python, or even Java are strongly recommended for all new projects.
Actually, I think you are a troll. You read the article, know about the boycot on Amazon, and wrote the most infuriating and leat informative thing you could. Thanks.
For those of you just tuning in, I like C, but the author's got point about using it to write high level stuff.
Friends don't help friends install M$ junk.
It's like this. A hypothetical business has 200 windows workstations. They need an application for their staff; they want you to write it.
Telling them to "switch to linux" means they have to change a ton of OTHER applications, and that's a big disruption to workflow; they already PAID for windows. So either you develop the app for them on windows, or they go somewhere else.
but I doubt most businesses would pay what it would cost for truly hardcore audited applications to be written for them.
If a company is going to be liable, think about maybe 10x the development time, and 10x the cost. Will you pay $3000 for a single licence of XP Pro that won't crash, as long as you only run applications that microsoft guarantees are bug free? (Audited Office will run you another $3000-$5000, many apps will be out of the question or you will void your policy, etcetera).
That's why.
All those statements the open source world would love to have won't change the fact that systems will still be broken into and software will still have flaws.
IMHO the vast majority of todays problems stemm from the fact that we have an increasing need for computer programmers, so we build systems that an idiot can run. So, we DO have idiots running and maintaining computers.
.Net Studio and start thier "Wizards..." (OK, so I had to deal with a MBA guy who decided he wanted to program in Java...for about 3 years and I couldn't take it anymore...the guys was thicker than a BRICK WALL when it came to Software Design.)
.Net (Beta 3) for COM, DCOM, Active X and .Net C# code is just plain BAD.
.Net Studio software, in 3 different languages, with thier nice little wizards and three years from now exclaim: "Hey, we reused our Cobol, C, and Visual Basic code we invested in....Oh whats that? Yeah, we have 3 different guys here maintaining the same software our competitors use only 1 person to do the same Job because they ditched all those environments and used Java instead."
Case and point, Microsoft Products.
Microsoft Windows and its philosophy of design to try and make systems easy to use by making it a snap to put servers up and running in a jiffy with a minimal background of how any of the services actually works, is a HUGE problem.
No DNS admin of a Windows box I personally have run into actually understands how DNS works. They use Wizards to setup the DNS server and well, presto, usually a wrong DNS server with malformed records or BAD zone lists.
The problem with this approach, is that computing is not that simple.
It never will be that simple of a system, computing in general that is.
Microsoft's seeming objective is to code every possible wizard configuration for a Word processor, server or whatever so that it "just works". This enables people to turn services on without understanding Jack or Jill.
Why even Aunt Emma can be a XP server administrator.
The point is, that when you have computer code making decisions increasingly, you run into systems that are hugely monolithic, and dangerous form a security perspective. People make mistakes as IS, but making security policy from service Wizards that are designed by people is a recipe for DISASTER.
Case and point, even small changes or patches to such systems can have unintended consequences. Microsoft products are HUGELY monolithic, and the enourmous amount of computer code built into them making decisions automagically for the system operator through Wizard based services setup can get one into big trouble.
Linux is TOTALLY OPPOSITE. Linux is NOT monolithic. In fact, you can strip Linux down very easily because services are in affect partitions, seperate software packages that have NOTHING TO DO with kernel or OS services.
Linux is inherently, no, not inherently, IT IS more secure because you can strip it down to the bare essentials and have a smaller running server with fewer lines of code. Fewer lines of code, means fewer execution pathways and unintended bugs that could compromise security. Plus a human is at the helm and 100% in control. Not a wizard making all sorts of setup decisions automagically.
Out of the box, inherent in its design, Linux is more secure because you can run it with fewer lines of code to do many of the same things. In fact, you can run Linux without a video card, and many people do if you are building a router. (You use your wireless Zaurus to ssh into the box for example.) You can run Linux as a DNS server and not have a login keyboard of any kind, no Applications running or EVEN LOADED for that matter.
Fewer lines of code means the server is also simpler to maintain and recover. Hugely monolithic installs like Microsoft Windows XP means longer backup times and longer still restore times.
Whats more lots of software running in the background means you have to have very complex backup daemons running, using backup obscura kinda methods to unlock secret systems files by the THOUSANDS and all sorts of party dancing to get a server backed up. No WONDER it is a very complex and very expensive endeavor to backup and restore a Windows machine so that it actually WORKS if you lose the hard disk...
Linux is just the opposite. Since the system can be stripped and customized by the admin, Linux backups become a simple file system backup. The kernel doesn't interfere with your decisions to load or unload applications. In fact it couldn't care less.
In the end, I find Linux prevents many MBA's for example from waking up in the morning and saying "Oh, I am bored with my job. I think I will be a programmer..." Presto, they load up a Visual
The final point I would like to make is that automated software construction makes for REALLY BAD software. Case N Point, more Wizards.
I certainly don't mind SOME help, but some of the drag and drop code I have seen in for examples, Microsoft's Visual Studio
But it is OK because it allows you to put together an application in 2 hours? More and more I hear Microsoft Balmer explaining: "We have the finest tools that bring value to the development process, that our competitors can't match. TCO (Total Cost of Ownership) is far lower because you can build systems much faster with Windows than Linux."
Man, don't get me started!
Anyone who knows anything about software engineering studies will tell you, the cost of owning software isn't in the design or construction portion, its the debug and MAINTANCE cycles of the softwares life span which is most expensive.
The code that these wizards pump out is not something I would like to try and maintain...
GOD HELP YOU if you should ever LOOSE the Visual Studio software because debugging the crap would drive any sane person to the old folks home for crazy and insane, burned out programmers!
(Note: Alot of the Java wizard tools for Swing are just as bad...maybe even worse than Visual Studio's code output...)
Most of the code output by Wizards is not very intelligible. Maintaining it is an invitation to a nightmare and cost that only a fool who would buy into that sort of argument.
Not too difficult anyway if you are already paying for Microsoft products, so fools are in good company long after they build
Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
This man is an idiot. Here is why:
C++ is still at the forefront of language technology. C++ is responsible for introducing yet another important nascent programming paradigm to the mainstream: generic programming. It was a landmark decsion to adopt the STL, and its adoption has propogated more innovaitons in the form of generative programming, expression templates, and aspect-oriented programming. Java does not even have templates!
If he is so worried about pointers, then he should use a smart pointer class. There are plenty of fine smart pointer classes out there.
Go away and stop wasting our time.
Cheap, fast, Good.
Pick any two.
A non-Windows system is not a guarantee of invulnerability, but keeping a Windows system is guaranteed to put you at risk.
/. posted that article by someone who wanted Oracle to rewrite their server in Perl.
Let's parse this sentence for actual meaning:
"If you don't use Windows you are at risk, if you do use Windows you are at risk".
The entire article can be summarized in one sentence: "C is too difficult for me, and I've heard it's cool to bash Windows". Looking at his pages, he no commercial experience, and not even a CS degree. There are people writing on software quality, like Yourdon and McConnell, who have more experience than this kid's been alive. The fact that this article got posted at all speaks volumes for the editor's own software engineering expertise. Baracella is full of contradictions, like don't use C, but use C to verify the underlying platform. What? Or his ideas on reinventing the wheel, how are you supposed to do that if you on;y have high-level scripting languages? I haven't read so much rubbish since