I'd bet against you, but while I can write regexps and even enjoy it when I do it I don't enjoy writing one without proper purpose - and thus I won't try.
However I do believe that this example is of the type that even if it's code wise smaller and clearer it's such simple thing to do without regular expressions and the solution for this made using substr calls, etc. instead of regexes would be much more memory and resource intensive - though it's unlikely that it would make any significant difference, such of that it would matter, unless some really bad programmer choosed wrong method in case where amounts of data, requirements for resource usage limits, etc. would clearly dictate that no matter what it's time to optimize this for *speed*, and while for some things, I would bet that for this one the regex solution would NOT be faster or consume less resources.
However my point is not against or pro regex (though I am pro regEx) - I don't see a fight there and I think that everyone who does is stupid and a coder that can't comprehend that there are situations where regexes and others where non-regex solutions simply rock.
One thing, btw, where it gives enormous powers is on command line, as there are numerous tools that are invoked from command line and use regexe's you enter for them to manipulate data - and given the different utilities and tasks you might want to do, without common system like regexps there would be either unrealistic amount of tools with very different weird ways for things or more likely there would not be so nice command tools available and for what you could do with couple one-liners and piping you would have to just do scripts for whatever comes to your mind...
I mean, scripting when it's meaningful is different, but would you really want to do all those *nix hackers belowed data manipulations with stuff like that code of yours (except much more complex ones) on command line? No? Well, scripts it is then...
Does it really matter? The security industry is obsessed in trying to define "the enemy" and portraying infosec as a battle ground.
It isnt!!! It's just some people trying to stop other people misusing their computers. You know, like groundskeepers keeping kids off the grass. The people "hacking" do it for all sorts of reasons. Understanding those reasons is not required to thwart them. Understanding the vulnerabilities is all that matters, the threat agents could be micky fecking mouse and donald barstard duck for all I care.
The only "threat" to our personal information, money, identity, national secrets, whatever - is a lack of due diligence. ALL successful intrusions are possible due to someone somewhere being slack, not the work of an evil genius. And contrary to popular belief, an "unhackable" network is completely possible - it's just costs more than the other type.
So while it suits large corporations and governments to paint themselves as under siege from a more capable, better resourced adversary. The truth is they are using it as a front to focus less on securing existing systems while they blow the budget on building new ones. All the tools required already exist. Only the man power to run them properly holds us back.
Unhackable network is completely possible - well, that's a claim that I have rarely heard. And most times when I have heard such claim it has been followed by explanation on how it would have to be very simple setup, minimizing the system from kernel to application level to function as reliably as ever possible. I would say that even C-64 version of Contiki OS running only it's tiny and extremely limited (and most certainly extremely carefully planned, this is a windowing multitasking OS for 8-bit processor running on 64KB RAM and is able to provide a www server to public) http server - if you count out the fact that a computer running at 1Mhz and with very small amount of memory available to handle network traffic it is bound to be very vulnerable to DoS attacks I would still not feel comfortable stating 100% certain that this system could not have some minor flaw somewhere in the code that would allow an exploit of some sort be used against it.
And if we talk about serious business or other extremely high level server implementations, or rather network implementations it is damn ballsy to say that it is possible to create a system 100% guaranteed to be unhackable. To state that intrusions are possible only because someone being slack, well that is just silly to put it nicely.
However I can agree with the last part of your message - partly! That is most certainly not all, but just as certainly some corporations indeed focus less on securing systems when focusing more on profits, savings & budjet - especially when it's not about their network and their servers but the end user products. Microsoft has a dark history on acting just that way - didn't they last year fix a hole in Windows that was known from early 2000's?
It's not just about terminology overload but more than anything about main stream media AND IT tech media totally using 'hacker' instead of cracker/blackhat/malware writer/cyber criminal as general term to describe all kinds of blackhats, crackers, etc. and always *only* about villains of some sort - and those all have more describing terms they can be talked about while hackers, the real ones, can be best described as hackers, but thanks to this bullshit the terminology has to be explained "just in case" when using term "hacker" for what it means - even if you talk about crackers or other cyber villains separately in same post, babble, artile, discussion or whatever just to be sure.
Yes it pisses me off, and it's not only an english issue either - I bet that many countries have translation for "hacker" (ie. hakkeri in finnish) and I bet that it's misused by media in most countries exactly the same as in english.
As for what comes to "whining", I could say the same on whining about people pointing out that hacker means something else than criminal - and it is mighty silly thing to whine about.
Slashdot Mirror
I'd bet against you, but while I can write regexps and even enjoy it when I do it I don't enjoy writing one without proper purpose - and thus I won't try. However I do believe that this example is of the type that even if it's code wise smaller and clearer it's such simple thing to do without regular expressions and the solution for this made using substr calls, etc. instead of regexes would be much more memory and resource intensive - though it's unlikely that it would make any significant difference, such of that it would matter, unless some really bad programmer choosed wrong method in case where amounts of data, requirements for resource usage limits, etc. would clearly dictate that no matter what it's time to optimize this for *speed*, and while for some things, I would bet that for this one the regex solution would NOT be faster or consume less resources. However my point is not against or pro regex (though I am pro regEx) - I don't see a fight there and I think that everyone who does is stupid and a coder that can't comprehend that there are situations where regexes and others where non-regex solutions simply rock. One thing, btw, where it gives enormous powers is on command line, as there are numerous tools that are invoked from command line and use regexe's you enter for them to manipulate data - and given the different utilities and tasks you might want to do, without common system like regexps there would be either unrealistic amount of tools with very different weird ways for things or more likely there would not be so nice command tools available and for what you could do with couple one-liners and piping you would have to just do scripts for whatever comes to your mind... I mean, scripting when it's meaningful is different, but would you really want to do all those *nix hackers belowed data manipulations with stuff like that code of yours (except much more complex ones) on command line? No? Well, scripts it is then...
Does it really matter? The security industry is obsessed in trying to define "the enemy" and portraying infosec as a battle ground. It isnt!!! It's just some people trying to stop other people misusing their computers. You know, like groundskeepers keeping kids off the grass. The people "hacking" do it for all sorts of reasons. Understanding those reasons is not required to thwart them. Understanding the vulnerabilities is all that matters, the threat agents could be micky fecking mouse and donald barstard duck for all I care.
The only "threat" to our personal information, money, identity, national secrets, whatever - is a lack of due diligence. ALL successful intrusions are possible due to someone somewhere being slack, not the work of an evil genius. And contrary to popular belief, an "unhackable" network is completely possible - it's just costs more than the other type.
So while it suits large corporations and governments to paint themselves as under siege from a more capable, better resourced adversary. The truth is they are using it as a front to focus less on securing existing systems while they blow the budget on building new ones. All the tools required already exist. Only the man power to run them properly holds us back.
Unhackable network is completely possible - well, that's a claim that I have rarely heard. And most times when I have heard such claim it has been followed by explanation on how it would have to be very simple setup, minimizing the system from kernel to application level to function as reliably as ever possible. I would say that even C-64 version of Contiki OS running only it's tiny and extremely limited (and most certainly extremely carefully planned, this is a windowing multitasking OS for 8-bit processor running on 64KB RAM and is able to provide a www server to public) http server - if you count out the fact that a computer running at 1Mhz and with very small amount of memory available to handle network traffic it is bound to be very vulnerable to DoS attacks I would still not feel comfortable stating 100% certain that this system could not have some minor flaw somewhere in the code that would allow an exploit of some sort be used against it.
And if we talk about serious business or other extremely high level server implementations, or rather network implementations it is damn ballsy to say that it is possible to create a system 100% guaranteed to be unhackable. To state that intrusions are possible only because someone being slack, well that is just silly to put it nicely.
However I can agree with the last part of your message - partly! That is most certainly not all, but just as certainly some corporations indeed focus less on securing systems when focusing more on profits, savings & budjet - especially when it's not about their network and their servers but the end user products. Microsoft has a dark history on acting just that way - didn't they last year fix a hole in Windows that was known from early 2000's?
Yes it pisses me off, and it's not only an english issue either - I bet that many countries have translation for "hacker" (ie. hakkeri in finnish) and I bet that it's misused by media in most countries exactly the same as in english.
As for what comes to "whining", I could say the same on whining about people pointing out that hacker means something else than criminal - and it is mighty silly thing to whine about.