[CSS_ACM_General_List] a question

CB Ladd c.b.ladd at gmail.com
Tue May 24 16:02:28 CDT 2011


This has been a good thread.  Thank you, gentlemen.

On Tue, May 24, 2011 at 3:58 PM, Sean Neilan <sean at seanneilan.com> wrote:

> Well, I'll read it. I'd like to read anything that tells me the vast amount
> of information I've acquired isn't completely useless after 5 years.
>
>
> On Tue, May 24, 2011 at 3:52 PM, Zoko, Anthony <azoko at cdm.depaul.edu>wrote:
>
>>  Yeah… I think most developers would share your frustration.
>>
>> Unfortunately, that’s not likely to change.
>>
>> Even with C, you have to understand its quirks and all the quirks of the
>> environment you’re hosting the application on.  Things were much easier when
>> systems weren’t as inner connected. ;-)
>>
>> Most of the frameworks implement the same types of services and utilize
>> very similar patterns so I disagree that the knowledge becomes useless over
>> time.
>>
>>
>>
>> Take a look at this book when you have a chance, the knowledge is
>> transferrable regardless of what platform you’re using:
>> http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/ref=sr_1_1?ie=UTF8&s=books&qid=1306270160&sr=8-1
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Anthony Zoko
>>
>> Software Development Manager/ Architect
>>
>> DePaul University
>>
>> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>>
>>
>>
>> *From:* sneilan1 at gmail.com [mailto:sneilan1 at gmail.com] *On Behalf Of *Sean
>> Neilan
>> *Sent:* Tuesday, May 24, 2011 3:41 PM
>> *To:* Zoko, Anthony
>> *Cc:* Kristoff, John; css_acm_general_list at mailman.depaul.edu
>>
>> *Subject:* Re: [CSS_ACM_General_List] a question
>>
>>
>>
>> I'll look into this. I'm learning scheme at the moment. Scheme is also
>> pretty cool.
>>
>>
>>
>> The problem is that modern day programming consists of learning framework
>> after framework after framework and it gets old. The ability to write robust
>> programs in C (like a webserver) will not become useless.
>>
>>
>>
>> I've done Java, Python, Ruby, Perl and all those systems and frameworks
>> tied to them. After you've learned all the languages and frameworks, they
>> are replaced by new languages and frameworks and all the knowledge becomes
>> useless.
>>
>> On Tue, May 24, 2011 at 1:56 PM, Zoko, Anthony <azoko at cdm.depaul.edu>
>> wrote:
>>
>> Here’s another option if you want something more entertaining:
>> http://www.franz.com/downloads/#acl
>>
>> ;-)
>>
>>
>>
>> Keep in mind, every platform/language/runtime has its vulnerabilities:
>> http://www.franz.com/support/patches/
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Anthony Zoko
>>
>> Software Development Manager/ Architect
>>
>> DePaul University
>>
>> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>>
>>
>>
>> *From:* Zoko, Anthony
>> *Sent:* Tuesday, May 24, 2011 1:49 PM
>> *To:* 'Sean Neilan'; Kristoff, John
>> *Cc:* css_acm_general_list at mailman.depaul.edu
>> *Subject:* RE: [CSS_ACM_General_List] a question
>>
>>
>>
>> > I'm finding that the ease of python gets old after a while.
>>
>>
>>
>> It’s important to use the right tool, for the write job…. For the right
>> reasons.
>>
>> C maybe more entertaining for you to write a web app but you’ll spend much
>> more time writing needless code and leaving your applications open to
>> attack.
>>
>> Last thing you want is someone pwning your server…
>>
>> It’s one thing if you’re just experimenting with the technology.  If
>> you’re actually building something for a client or at your work place, you
>> have to look beyond what is entertaining to what gets the job done in the
>> most reasonable manner.
>>
>>
>>
>> Anthony Zoko
>>
>> Software Development Manager/ Architect
>>
>> DePaul University
>>
>> College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu
>>
>>
>>
>> *From:* css_acm_general_list-bounces at mailman.depaul.edu [mailto:
>> css_acm_general_list-bounces at mailman.depaul.edu] *On Behalf Of *Sean
>> Neilan
>> *Sent:* Tuesday, May 24, 2011 1:40 PM
>> *To:* Kristoff, John
>> *Cc:* css_acm_general_list at mailman.depaul.edu
>> *Subject:* Re: [CSS_ACM_General_List] a question
>>
>>
>>
>> That's what I'm curious about is how python manages the mallocs and frees.
>> There's some kind of machine that does that. I understand that buffer
>> overflows can be prevented by not going over array indexes, but, what if you
>> want to store everything that goes into a server?
>>
>>
>>
>> Python appears to manage large amounts of data extraordinarily well.
>> http://docs.python.org/c-api/memory.html
>>
>>
>>
>> I would like to write web software in C but still have the memory
>> management capabilities of python so I don't run into buffer overflows.
>>
>>
>>
>> I'm finding that the ease of python gets old after a while.
>>
>>
>>
>> On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu> wrote:
>>
>> On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
>> > What happens in Python that generally doesn't happen in a server in C to
>> > prevent buffer overflows? Why should Python have an advantage over the
>> > language it was written in?
>>
>> Python and other languages like it generally make it much harder for
>> you to mess up in this way.  In C, your variables, most notoriously
>> strings, require you to allocate and properly use the memory set aside
>> for them.  For instance,
>>
>>  char foo[80];
>>
>> Sets up 80 bytes for a string named 'foo'.  What happens when you
>> try to put 81 bytes into that variable?  Well, if you code safely
>> that won't happen, but say you did something like this:
>>
>>  gets(foo);
>>
>> It is trivial to give more than 80 bytes via gets and, voila, buffer
>> overflow.
>>
>> In Python, and others, memory is managed automatically for you as
>> needed.  In Python, you don't even need to allocate memory for foo.
>> It could be a string of arbritrary size, Python will figure out and
>> handle all the memory management for you.  Even if foo changes
>> drastically throughout your running program, it's not something you
>> have to manage directly.  Memory management is all handled under the
>> covers for you.  I don't know Python well, but I imagine under the
>> covers is essentially mallocs and frees that do this for you.
>>
>> Of course, you might be able to stuff foo full of data exceeding the
>> resources of the running system, but that is a slightly separate issue.
>>
>> Note, even with Python's memory management doing all the work for
>> you, you may not entirely be rid of buffer overflows if the underlying
>> language implementation has a bug.  For example:
>>
>>  <http://www.securityfocus.com/bid/30491>
>>
>> John
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> CSS_ACM_General_List mailing list
> CSS_ACM_General_List at mailman.depaul.edu
> http://mailman.depaul.edu/mailman/listinfo/css_acm_general_list
>
>


-- 
CB Ladd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/97701fe8/attachment.html 


More information about the CSS_ACM_General_List mailing list