[CSS_ACM_General_List] a question

Zoko, Anthony azoko at cdm.depaul.edu
Tue May 24 15:22:54 CDT 2011


Quick reply.
If performance is an issue there are a number of other techniques to explore.
For example:

1.       Keep your code as stateless as possible and distribute requests to multiple nodes.

2.       Submit computationally intensive operations to backend handlers (web frontend submits job to a message queue and an app (written in C!) processes the job, you can query the web server via ajax calls to see when the job completes ).
Etc...
Programming language is rarely the best answer to get around performance issues.
I can try to find some references for you if performance is the main reason you're asking these questions.

Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: css_acm_general_list-bounces at mailman.depaul.edu [mailto:css_acm_general_list-bounces at mailman.depaul.edu] On Behalf Of Isaias Sifuentes
Sent: Tuesday, May 24, 2011 2:57 PM
To: css_acm_general_list at mailman.depaul.edu
Subject: Re: [CSS_ACM_General_List] a question

Not to thread ninja away from the topic of buffer overflow, but speed can be a critical factor as well. From my understanding and what I hear coming through the grapevine, a place like, say, the Chicago Mercantile Exchange, is probably going to want "fast" code, considering that their profits (trading stocks) revolve around the speed with which transactions can take place.

I had a friend once tell me that they will try pretty hard to shave milliseconds off of a trade, I believe it. If I'm not mistaken, all of that bounds checking and whatnot is overhead which you trade for speed, granted there are bottlenecks outside of the software as well.

I would think in certain kinds of critical operations like that, higher level languages become unacceptable because of their overhead.

I agree with Anthony in that C/C++ might be a bit overkill for a web application, and to consider a clients needs, if you need to push something out fast versus if you need something that runs fast, for example.

Isaias
On Tue, May 24, 2011 at 1:48 PM, Zoko, Anthony <azoko at cdm.depaul.edu<mailto:azoko at cdm.depaul.edu>> wrote:
> I'm finding that the ease of python gets old after a while.

It's important to use the right tool, for the write job.... For the right reasons.
C maybe more entertaining for you to write a web app but you'll spend much more time writing needless code and leaving your applications open to attack.
Last thing you want is someone pwning your server...
It's one thing if you're just experimenting with the technology.  If you're actually building something for a client or at your work place, you have to look beyond what is entertaining to what gets the job done in the most reasonable manner.

Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: css_acm_general_list-bounces at mailman.depaul.edu<mailto:css_acm_general_list-bounces at mailman.depaul.edu> [mailto:css_acm_general_list-bounces at mailman.depaul.edu<mailto:css_acm_general_list-bounces at mailman.depaul.edu>] On Behalf Of Sean Neilan
Sent: Tuesday, May 24, 2011 1:40 PM
To: Kristoff, John
Cc: css_acm_general_list at mailman.depaul.edu<mailto:css_acm_general_list at mailman.depaul.edu>
Subject: Re: [CSS_ACM_General_List] a question

That's what I'm curious about is how python manages the mallocs and frees. There's some kind of machine that does that. I understand that buffer overflows can be prevented by not going over array indexes, but, what if you want to store everything that goes into a server?

Python appears to manage large amounts of data extraordinarily well. http://docs.python.org/c-api/memory.html

I would like to write web software in C but still have the memory management capabilities of python so I don't run into buffer overflows.

I'm finding that the ease of python gets old after a while.

On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu<mailto:jtk at depaul.edu>> wrote:
On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> What happens in Python that generally doesn't happen in a server in C to
> prevent buffer overflows? Why should Python have an advantage over the
> language it was written in?
Python and other languages like it generally make it much harder for
you to mess up in this way.  In C, your variables, most notoriously
strings, require you to allocate and properly use the memory set aside
for them.  For instance,

 char foo[80];

Sets up 80 bytes for a string named 'foo'.  What happens when you
try to put 81 bytes into that variable?  Well, if you code safely
that won't happen, but say you did something like this:

 gets(foo);

It is trivial to give more than 80 bytes via gets and, voila, buffer
overflow.

In Python, and others, memory is managed automatically for you as
needed.  In Python, you don't even need to allocate memory for foo.
It could be a string of arbritrary size, Python will figure out and
handle all the memory management for you.  Even if foo changes
drastically throughout your running program, it's not something you
have to manage directly.  Memory management is all handled under the
covers for you.  I don't know Python well, but I imagine under the
covers is essentially mallocs and frees that do this for you.

Of course, you might be able to stuff foo full of data exceeding the
resources of the running system, but that is a slightly separate issue.

Note, even with Python's memory management doing all the work for
you, you may not entirely be rid of buffer overflows if the underlying
language implementation has a bug.  For example:

 <http://www.securityfocus.com/bid/30491>

John


_______________________________________________
CSS_ACM_General_List mailing list
CSS_ACM_General_List at mailman.depaul.edu<mailto:CSS_ACM_General_List at mailman.depaul.edu>
http://mailman.depaul.edu/mailman/listinfo/css_acm_general_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/cdaabae0/attachment.html 


More information about the CSS_ACM_General_List mailing list