[CSS_ACM_General_List] a question

Zoko, Anthony azoko at cdm.depaul.edu
Tue May 24 15:52:28 CDT 2011


Yeah... I think most developers would share your frustration.
Unfortunately, that's not likely to change.
Even with C, you have to understand its quirks and all the quirks of the environment you're hosting the application on.  Things were much easier when systems weren't as inner connected. ;-)
Most of the frameworks implement the same types of services and utilize very similar patterns so I disagree that the knowledge becomes useless over time.

Take a look at this book when you have a chance, the knowledge is transferrable regardless of what platform you're using: http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/ref=sr_1_1?ie=UTF8&s=books&qid=1306270160&sr=8-1




Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: sneilan1 at gmail.com [mailto:sneilan1 at gmail.com] On Behalf Of Sean Neilan
Sent: Tuesday, May 24, 2011 3:41 PM
To: Zoko, Anthony
Cc: Kristoff, John; css_acm_general_list at mailman.depaul.edu
Subject: Re: [CSS_ACM_General_List] a question

I'll look into this. I'm learning scheme at the moment. Scheme is also pretty cool.

The problem is that modern day programming consists of learning framework after framework after framework and it gets old. The ability to write robust programs in C (like a webserver) will not become useless.

I've done Java, Python, Ruby, Perl and all those systems and frameworks tied to them. After you've learned all the languages and frameworks, they are replaced by new languages and frameworks and all the knowledge becomes useless.
On Tue, May 24, 2011 at 1:56 PM, Zoko, Anthony <azoko at cdm.depaul.edu<mailto:azoko at cdm.depaul.edu>> wrote:
Here's another option if you want something more entertaining: http://www.franz.com/downloads/#acl
;-)

Keep in mind, every platform/language/runtime has its vulnerabilities: http://www.franz.com/support/patches/




Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: Zoko, Anthony
Sent: Tuesday, May 24, 2011 1:49 PM
To: 'Sean Neilan'; Kristoff, John
Cc: css_acm_general_list at mailman.depaul.edu<mailto:css_acm_general_list at mailman.depaul.edu>
Subject: RE: [CSS_ACM_General_List] a question

> I'm finding that the ease of python gets old after a while.

It's important to use the right tool, for the write job.... For the right reasons.
C maybe more entertaining for you to write a web app but you'll spend much more time writing needless code and leaving your applications open to attack.
Last thing you want is someone pwning your server...
It's one thing if you're just experimenting with the technology.  If you're actually building something for a client or at your work place, you have to look beyond what is entertaining to what gets the job done in the most reasonable manner.

Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: css_acm_general_list-bounces at mailman.depaul.edu<mailto:css_acm_general_list-bounces at mailman.depaul.edu> [mailto:css_acm_general_list-bounces at mailman.depaul.edu<mailto:css_acm_general_list-bounces at mailman.depaul.edu>] On Behalf Of Sean Neilan
Sent: Tuesday, May 24, 2011 1:40 PM
To: Kristoff, John
Cc: css_acm_general_list at mailman.depaul.edu<mailto:css_acm_general_list at mailman.depaul.edu>
Subject: Re: [CSS_ACM_General_List] a question

That's what I'm curious about is how python manages the mallocs and frees. There's some kind of machine that does that. I understand that buffer overflows can be prevented by not going over array indexes, but, what if you want to store everything that goes into a server?

Python appears to manage large amounts of data extraordinarily well. http://docs.python.org/c-api/memory.html

I would like to write web software in C but still have the memory management capabilities of python so I don't run into buffer overflows.

I'm finding that the ease of python gets old after a while.

On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu<mailto:jtk at depaul.edu>> wrote:
On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> What happens in Python that generally doesn't happen in a server in C to
> prevent buffer overflows? Why should Python have an advantage over the
> language it was written in?
Python and other languages like it generally make it much harder for
you to mess up in this way.  In C, your variables, most notoriously
strings, require you to allocate and properly use the memory set aside
for them.  For instance,

 char foo[80];

Sets up 80 bytes for a string named 'foo'.  What happens when you
try to put 81 bytes into that variable?  Well, if you code safely
that won't happen, but say you did something like this:

 gets(foo);

It is trivial to give more than 80 bytes via gets and, voila, buffer
overflow.

In Python, and others, memory is managed automatically for you as
needed.  In Python, you don't even need to allocate memory for foo.
It could be a string of arbritrary size, Python will figure out and
handle all the memory management for you.  Even if foo changes
drastically throughout your running program, it's not something you
have to manage directly.  Memory management is all handled under the
covers for you.  I don't know Python well, but I imagine under the
covers is essentially mallocs and frees that do this for you.

Of course, you might be able to stuff foo full of data exceeding the
resources of the running system, but that is a slightly separate issue.

Note, even with Python's memory management doing all the work for
you, you may not entirely be rid of buffer overflows if the underlying
language implementation has a bug.  For example:

 <http://www.securityfocus.com/bid/30491>

John


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/9a6f078d/attachment.html 


More information about the CSS_ACM_General_List mailing list