[CSS_ACM_General_List] a question

Sean Neilan sean at seanneilan.com
Tue May 24 15:58:24 CDT 2011


Well, I'll read it. I'd like to read anything that tells me the vast amount
of information I've acquired isn't completely useless after 5 years.

On Tue, May 24, 2011 at 3:52 PM, Zoko, Anthony <azoko at cdm.depaul.edu> wrote:

>  Yeah… I think most developers would share your frustration.
>
> Unfortunately, that’s not likely to change.
>
> Even with C, you have to understand its quirks and all the quirks of the
> environment you’re hosting the application on.  Things were much easier when
> systems weren’t as inner connected. ;-)
>
> Most of the frameworks implement the same types of services and utilize
> very similar patterns so I disagree that the knowledge becomes useless over
> time.
>
>
>
> Take a look at this book when you have a chance, the knowledge is
> transferrable regardless of what platform you’re using:
> http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/ref=sr_1_1?ie=UTF8&s=books&qid=1306270160&sr=8-1
>
>
>
>
>
>
>
>
>
> Anthony Zoko
>
> Software Development Manager/ Architect
>
> DePaul University
>
> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>
>
>
> *From:* sneilan1 at gmail.com [mailto:sneilan1 at gmail.com] *On Behalf Of *Sean
> Neilan
> *Sent:* Tuesday, May 24, 2011 3:41 PM
> *To:* Zoko, Anthony
> *Cc:* Kristoff, John; css_acm_general_list at mailman.depaul.edu
>
> *Subject:* Re: [CSS_ACM_General_List] a question
>
>
>
> I'll look into this. I'm learning scheme at the moment. Scheme is also
> pretty cool.
>
>
>
> The problem is that modern day programming consists of learning framework
> after framework after framework and it gets old. The ability to write robust
> programs in C (like a webserver) will not become useless.
>
>
>
> I've done Java, Python, Ruby, Perl and all those systems and frameworks
> tied to them. After you've learned all the languages and frameworks, they
> are replaced by new languages and frameworks and all the knowledge becomes
> useless.
>
> On Tue, May 24, 2011 at 1:56 PM, Zoko, Anthony <azoko at cdm.depaul.edu>
> wrote:
>
> Here’s another option if you want something more entertaining:
> http://www.franz.com/downloads/#acl
>
> ;-)
>
>
>
> Keep in mind, every platform/language/runtime has its vulnerabilities:
> http://www.franz.com/support/patches/
>
>
>
>
>
>
>
>
>
> Anthony Zoko
>
> Software Development Manager/ Architect
>
> DePaul University
>
> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>
>
>
> *From:* Zoko, Anthony
> *Sent:* Tuesday, May 24, 2011 1:49 PM
> *To:* 'Sean Neilan'; Kristoff, John
> *Cc:* css_acm_general_list at mailman.depaul.edu
> *Subject:* RE: [CSS_ACM_General_List] a question
>
>
>
> > I'm finding that the ease of python gets old after a while.
>
>
>
> It’s important to use the right tool, for the write job…. For the right
> reasons.
>
> C maybe more entertaining for you to write a web app but you’ll spend much
> more time writing needless code and leaving your applications open to
> attack.
>
> Last thing you want is someone pwning your server…
>
> It’s one thing if you’re just experimenting with the technology.  If you’re
> actually building something for a client or at your work place, you have to
> look beyond what is entertaining to what gets the job done in the most
> reasonable manner.
>
>
>
> Anthony Zoko
>
> Software Development Manager/ Architect
>
> DePaul University
>
> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>
>
>
> *From:* css_acm_general_list-bounces at mailman.depaul.edu [mailto:
> css_acm_general_list-bounces at mailman.depaul.edu] *On Behalf Of *Sean
> Neilan
> *Sent:* Tuesday, May 24, 2011 1:40 PM
> *To:* Kristoff, John
> *Cc:* css_acm_general_list at mailman.depaul.edu
> *Subject:* Re: [CSS_ACM_General_List] a question
>
>
>
> That's what I'm curious about is how python manages the mallocs and frees.
> There's some kind of machine that does that. I understand that buffer
> overflows can be prevented by not going over array indexes, but, what if you
> want to store everything that goes into a server?
>
>
>
> Python appears to manage large amounts of data extraordinarily well.
> http://docs.python.org/c-api/memory.html
>
>
>
> I would like to write web software in C but still have the memory
> management capabilities of python so I don't run into buffer overflows.
>
>
>
> I'm finding that the ease of python gets old after a while.
>
>
>
> On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu> wrote:
>
> On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> > What happens in Python that generally doesn't happen in a server in C to
> > prevent buffer overflows? Why should Python have an advantage over the
> > language it was written in?
>
> Python and other languages like it generally make it much harder for
> you to mess up in this way.  In C, your variables, most notoriously
> strings, require you to allocate and properly use the memory set aside
> for them.  For instance,
>
>  char foo[80];
>
> Sets up 80 bytes for a string named 'foo'.  What happens when you
> try to put 81 bytes into that variable?  Well, if you code safely
> that won't happen, but say you did something like this:
>
>  gets(foo);
>
> It is trivial to give more than 80 bytes via gets and, voila, buffer
> overflow.
>
> In Python, and others, memory is managed automatically for you as
> needed.  In Python, you don't even need to allocate memory for foo.
> It could be a string of arbritrary size, Python will figure out and
> handle all the memory management for you.  Even if foo changes
> drastically throughout your running program, it's not something you
> have to manage directly.  Memory management is all handled under the
> covers for you.  I don't know Python well, but I imagine under the
> covers is essentially mallocs and frees that do this for you.
>
> Of course, you might be able to stuff foo full of data exceeding the
> resources of the running system, but that is a slightly separate issue.
>
> Note, even with Python's memory management doing all the work for
> you, you may not entirely be rid of buffer overflows if the underlying
> language implementation has a bug.  For example:
>
>  <http://www.securityfocus.com/bid/30491>
>
> John
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/0d144d66/attachment-0001.html 


More information about the CSS_ACM_General_List mailing list