[CSS_ACM_General_List] a question

Sean Neilan sean at seanneilan.com
Tue May 24 15:40:56 CDT 2011


I'll look into this. I'm learning scheme at the moment. Scheme is also
pretty cool.

The problem is that modern day programming consists of learning framework
after framework after framework and it gets old. The ability to write robust
programs in C (like a webserver) will not become useless.

I've done Java, Python, Ruby, Perl and all those systems and frameworks tied
to them. After you've learned all the languages and frameworks, they are
replaced by new languages and frameworks and all the knowledge becomes
useless.

On Tue, May 24, 2011 at 1:56 PM, Zoko, Anthony <azoko at cdm.depaul.edu> wrote:

>  Here’s another option if you want something more entertaining:
> http://www.franz.com/downloads/#acl
>
> ;-)
>
>
>
> Keep in mind, every platform/language/runtime has its vulnerabilities:
> http://www.franz.com/support/patches/
>
>
>
>
>
>
>
>
>
> Anthony Zoko
>
> Software Development Manager/ Architect
>
> DePaul University
>
> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>
>
>
> *From:* Zoko, Anthony
> *Sent:* Tuesday, May 24, 2011 1:49 PM
> *To:* 'Sean Neilan'; Kristoff, John
> *Cc:* css_acm_general_list at mailman.depaul.edu
> *Subject:* RE: [CSS_ACM_General_List] a question
>
>
>
> > I'm finding that the ease of python gets old after a while.
>
>
>
> It’s important to use the right tool, for the write job…. For the right
> reasons.
>
> C maybe more entertaining for you to write a web app but you’ll spend much
> more time writing needless code and leaving your applications open to
> attack.
>
> Last thing you want is someone pwning your server…
>
> It’s one thing if you’re just experimenting with the technology.  If you’re
> actually building something for a client or at your work place, you have to
> look beyond what is entertaining to what gets the job done in the most
> reasonable manner.
>
>
>
> Anthony Zoko
>
> Software Development Manager/ Architect
>
> DePaul University
>
> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>
>
>
> *From:* css_acm_general_list-bounces at mailman.depaul.edu [mailto:
> css_acm_general_list-bounces at mailman.depaul.edu] *On Behalf Of *Sean
> Neilan
> *Sent:* Tuesday, May 24, 2011 1:40 PM
> *To:* Kristoff, John
> *Cc:* css_acm_general_list at mailman.depaul.edu
> *Subject:* Re: [CSS_ACM_General_List] a question
>
>
>
> That's what I'm curious about is how python manages the mallocs and frees.
> There's some kind of machine that does that. I understand that buffer
> overflows can be prevented by not going over array indexes, but, what if you
> want to store everything that goes into a server?
>
>
>
> Python appears to manage large amounts of data extraordinarily well.
> http://docs.python.org/c-api/memory.html
>
>
>
> I would like to write web software in C but still have the memory
> management capabilities of python so I don't run into buffer overflows.
>
>
>
> I'm finding that the ease of python gets old after a while.
>
>
>
> On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu> wrote:
>
> On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> > What happens in Python that generally doesn't happen in a server in C to
> > prevent buffer overflows? Why should Python have an advantage over the
> > language it was written in?
>
> Python and other languages like it generally make it much harder for
> you to mess up in this way.  In C, your variables, most notoriously
> strings, require you to allocate and properly use the memory set aside
> for them.  For instance,
>
>  char foo[80];
>
> Sets up 80 bytes for a string named 'foo'.  What happens when you
> try to put 81 bytes into that variable?  Well, if you code safely
> that won't happen, but say you did something like this:
>
>  gets(foo);
>
> It is trivial to give more than 80 bytes via gets and, voila, buffer
> overflow.
>
> In Python, and others, memory is managed automatically for you as
> needed.  In Python, you don't even need to allocate memory for foo.
> It could be a string of arbritrary size, Python will figure out and
> handle all the memory management for you.  Even if foo changes
> drastically throughout your running program, it's not something you
> have to manage directly.  Memory management is all handled under the
> covers for you.  I don't know Python well, but I imagine under the
> covers is essentially mallocs and frees that do this for you.
>
> Of course, you might be able to stuff foo full of data exceeding the
> resources of the running system, but that is a slightly separate issue.
>
> Note, even with Python's memory management doing all the work for
> you, you may not entirely be rid of buffer overflows if the underlying
> language implementation has a bug.  For example:
>
>  <http://www.securityfocus.com/bid/30491>
>
> John
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/1d472ef1/attachment-0001.html 


More information about the CSS_ACM_General_List mailing list