Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blame Bad Security on Sloppy Programming

Posted by simoniker on from the all-your-fault dept.

CowboyRobot writes "ACM Queue has an article that blames security flaws on poor programming, rather than any inherent problems with particular languages. From the article: 'Remember Ada? ... we tried getting everyone to switch to a 'sandboxed' environment with Java in the late 1990s... Java worked so well, Microsoft responded with ActiveX, which bypasses security entirely by making it easy to blame the user for authorizing bad code to execute.'"

17 of 592 comments (clear)

  1. "Why fix broken code... by tcopeland · · Score: 4, Funny

    > ...if you can just shoot the message?"

    So true. Thus the logo for PMD, a Java static analysis tool - "don't shoot the messenger".

    --
    The Army reading list
  2. Blame the Programmer? by stinkyfingers · · Score: 1, Funny

    I resemble that remark!

  3. personally... by Anonymous Coward · · Score: 3, Funny

    I blame bad security on the Speak'n'Spell keyboards we have to use in this office.

  4. Re:It is time by stinkyfingers · · Score: 2, Funny

    More methods to make lawyers rich? I'm torn.

  5. Bad programming, huh? by Anonymous Coward · · Score: 1, Funny

    Fatal error: Call to undefined function: message_die() in /var/www/acmqueue.com/htdocs/db/db.php on line 88

  6. Re:The human factor by Anonymous Coward · · Score: 1, Funny

    and a workload Hercules couldn't metaphorically shoulder.

    You've got the wrong job. Try flipping burgers.

  7. ACM Queue web server has mod_murphy's_law... by MadRocketScientist · · Score: 4, Funny

    Didn't even finish reading the article before:
    Fatal error: Call to undefined function: message_die() in /var/www/acmqueue.com/htdocs/db/db.php on line 88

  8. Great article by sql*kitten · · Score: 4, Funny
    Fatal error: Call to undefined function: message_die() in /var/www/acmqueue.com/htdocs/db/db.php on line 88
    Seems some folk ought to practice what they preach, eh?
  9. Not Black and White by Doesn't_Comment_Code · · Score: 4, Funny

    Depending on how skeptical you are today, you might think:

    Really bad/inexperienced users write insecure code.

    Good programmers write good,secure code.

    Excellent programmers that work for companies that make a lot of money from support and updates write insecure code that is easy to fix.

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  10. Re:Uhh.. by aardvarkjoe · · Score: 4, Funny
    Redundant it may be, but how many people were going to read the article or those like it before it got put on Slashdot.
    Are you implying that anyone's going to read it now that it's been posted on Slashdot?
    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  11. Re:about time by Silvertre · · Score: 2, Funny

    ...and while you're at it, why not solve the halting problem as well.

  12. Where in the world is my ActiveX? by hummassa · · Score: 5, Funny

    Ummm gosh, the only ActiveX applets I ever saw was right after it was released. Heh, I often say Java is dead on the web (though I know it isn't completely) but now ActiveX is entirely dead except for like the applet on Windows Update :-P

    You are a Holy Person, sir/madam.

    Go find some pr0n and you'll see a lot of activeX thingies trying to install. Lucky me I use Moz.

    --
    It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
  13. Re:The human factor by Paladine97 · · Score: 2, Funny

    I think I see your problem. You should become Atlas instead of Hercules! I hear he can bear more on his shoulders...

  14. Re:Uhh.. by __aagmrb7289 · · Score: 2, Funny

    Fact is, if it's an operating system written by anyone but Microsoft, it's more secure than Microsoft's. If you are bored, we can make up some reasons as to why this is so. (sarcasm implied, but hell, I know ya'all will miss it)

  15. Re:Blame the Specs and Time. by Cecil · · Score: 3, Funny

    Oh look! A co-worker! How's it going?

    --
    Random and weird software I've written.
  16. Re:Uhh.. by fatphil · · Score: 5, Funny

    I'm sure I'm not the only one who's learnt that:

    Fatal error: Call to undefined function: message_die() in /var/www/acmqueue.com/htdocs/db/db.php on line 88

    is indicative of bad programming. Thanks ACM Queue for an enlightening 2-line article!

    FP.

    --
    Also FatPhil on SoylentNews, id 863
  17. Re:I only read the first page... by clamatius · · Score: 4, Funny

    Ok, it's time for me to own up. I'm the one creating all the bugs you're talking about.

    Acne? Bug in face.cpp.
    Flat tires? You guessed it, tire.cpp, line 5572.
    Girls who say no? That's not a bug, it's a feature.