homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums!


  New Poll  
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums!   » The Archives   » The Big Archives   » Danger! Programmer at work!

 - UBBFriend: Email this page to someone!    
Author Topic: Danger! Programmer at work!
spungo
BlabberMouth, a Blabber Odyssey
Member # 1089

Member Rated:
4
Icon 1 posted November 10, 2003 08:35      Profile for spungo     Send New Private Message       Edit/Delete Post 
Anyone read this article?

I'm inclined to agree with the general thrust of his argument - I just can't think of way to get around the ubiquity of C, especially in free software, where gcc is one of GNU's prize assets.

--------------------
Shameless plug. (Please forgive me.)

Posts: 6530 | From: Noba Scoba | Registered: Jan 2002  |  IP: Logged
Orpheus
Highlie
Member # 2397

Member Rated:
3
Icon 1 posted November 10, 2003 10:57      Profile for Orpheus     Send New Private Message       Edit/Delete Post 
*nod nod* plus I think another factor holding Java back is that programs written in it(at least a good percentage of the ones I've used) are sooo sloooowwww.

--------------------
my cats make me crazy

Posts: 554 | From: Galveston, TX | Registered: Oct 2003  |  IP: Logged
quantumfluff
BlabberMouth, a Blabber Odyssey
Member # 450

Member Rated:
5
Icon 1 posted November 10, 2003 11:34      Profile for quantumfluff     Send New Private Message       Edit/Delete Post 
His argument about C letting the programmer get burned occasionally is correct, and I agreee that most programs should be written in safer languages. I don't really buy his implicit conclusion that this would noticably help security. Buffer overflows are indead one source of security problems, but the biggest source of problems is code which is designed wrong.

For example, there were many web shopping cart systems which could be tricked into accepting any price you wanted for an item by cleverly recrafting the cookies and/or post data to a form. This design would have been just as flawed if implemented in Java or C#. He also mentions SSH, but fails to point out that most of the problems with it are not buffer overflows, but logic errors. Again, implementation language is not at fault.

Not that I want to defend C. I use it when required at work, but I prefer Java. I have not written a lot of UI code in Java, but I have written a lot of server code, and it's plenty fast enough for almost everything.

Posts: 2902 | From: 5 to 15 meters above sea level | Registered: Jun 2000  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 10, 2003 11:50      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
Um, looks like the author needs to go back to school and study 'Thinking 101'

Leaving aside the issue of writing a chat client in HTML, his arguement basically goes like this.

C has some problems if you code sloppily (list some)

Java also has some problems which are entirely beyond the application programmers control, and could lead to catastrophic cross-platform viruses.

Therefor, we should abandon C and start using Java or something similar.


I almost expected him to advocate we all start drinking tea instead, as it's so much safer than coffee.

OK, so I'm biased, I've been making a living writing mostly in C since the early 80s, I know the language, I'm comfortable in it, and I've made all the common mistakes often enough to recognise and avoid them.

The security problems associated with buffer overflows and the like are well known, as are the techniques for avoiding them. Rather than advocating a wholesale shift to a new language, why not just advocate people read a book on secure programming methods?

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted November 10, 2003 11:50      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by Orpheus:
*nod nod* plus I think another factor holding Java back is that programs written in it(at least a good percentage of the ones I've used) are sooo sloooowwww.

Well, I know it goes contrary to a key part of Java's design, but the virtual machine part of Java seems to be what really slows it down. I know it's great to be able to run your .class files across multiple platforms, but the performance tradeoff seems pretty high. I seem to recall the gcj folks got considerably better performance when they compiled Java code natively. Also, the garbage collector seems to have gotten substancially worse, bringing my system to a grinding halt every so often.

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9345 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
csk

Member # 1941

Member Rated:
5
Icon 1 posted November 10, 2003 15:54      Profile for csk     Send New Private Message       Edit/Delete Post 
I see what you're saying, TFD, but I tend to agree more with the article writer. Consider the case of programming in assembly language. It's hardly done anymore, except when you _really_ need the speed. The rest is done in some higher level language (like C).

So once computers get fast enough to compensate for the performance overhead of Java, even more Java programming will occur. At least, that's my theory. Alternatively, maybe someone will invent the equivalent of "lint" for security vulnerability checking,and the world will live happily ever after with C [Smile]

Posts: 4455 | From: Sydney, Australia | Registered: Jan 2003  |  IP: Logged
spungo
BlabberMouth, a Blabber Odyssey
Member # 1089

Member Rated:
4
Icon 1 posted November 11, 2003 02:52      Profile for spungo     Send New Private Message       Edit/Delete Post 
I think there's a market for a 'safe C', or at least a safer C. A version that doesn't have 'gets' for a start (and maybe GOTOs while were at it? [Wink] ) Also, a compiler that spots if you're not freeing all that you malloc, etc.
Posts: 6530 | From: Noba Scoba | Registered: Jan 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 11, 2003 03:13      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by spungo:
I think there's a market for a 'safe C', or at least a safer C. A version that doesn't have 'gets' for a start (and maybe GOTOs while were at it? [Wink] ) Also, a compiler that spots if you're not freeing all that you malloc, etc.

If you don't trust gets(), don't use it.
If your team has a rules about what standard functions not to use, write a little script to grep for them, and automatically email a termination letter to the programmer responsible.

There are already several libraries that you can use in place of malloc() and family, they typically check for bounds overflows and memory leaks, and can usually be turned into the equivalent standard C function by a compile-time #define, so you don't have to pay the price for all that checking in the release version.

I like csk's suggestion, a 'lint' that checks for common security breaches.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
spungo
BlabberMouth, a Blabber Odyssey
Member # 1089

Member Rated:
4
Icon 1 posted November 11, 2003 03:22      Profile for spungo     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by The Famous Druid:
quote:
Originally posted by spungo:
I think there's a market for a 'safe C', or at least a safer C. A version that doesn't have 'gets' for a start (and maybe GOTOs while were at it? [Wink] ) Also, a compiler that spots if you're not freeing all that you malloc, etc.

If you don't trust gets(), don't use it.
If your team has a rules about what standard functions not to use, write a little script to grep for them, and automatically email a termination letter to the programmer responsible.

Yes, of course - whilst I agree that with common sense these problems can usually be overcome, your method of safety relies on the experience of individuals - the problems are still there. Look at the 007 Agent Under Fire save-game buffer overflow - I'm sure (whatver software house wrote it) had all manner of scripts in place to ensure this didn't happen - but it wasn't fool-proof.

If your developers are unable to produce these mistakes, then that's far more reliable than if they're merely unlikely to do so.

--------------------
Shameless plug. (Please forgive me.)

Posts: 6530 | From: Noba Scoba | Registered: Jan 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 11, 2003 03:36      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by spungo:
If your developers are unable to produce these mistakes, then that's far more reliable than if they're merely unlikely to do so.

Sure.
If you find a language that makes it impossible to make mistakes, let me know.

Meanwhile, any suggestions for the development teams who have found that their 'secure' Java app is wide open due to a bug in the JVM?

I don't want to sound like a rabid defender of C/C++, far from it. If anyone wants to start a "whats wrong with C/C++" thread, I have a few items I'd love to contribute. I've just seen this whole "our language stops you writing buggy code" scam a few too many times to take it seriously any more.

(sorry if this post sounds a bit sharp, it's not meant to be, but I've just driven for 12 hours and I'm having trouble summoning my usual sense of whimsy)

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
spungo
BlabberMouth, a Blabber Odyssey
Member # 1089

Member Rated:
4
Icon 1 posted November 11, 2003 03:45      Profile for spungo     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by The Famous Druid:
I've just seen this whole "our language stops you writing buggy code" scam a few too many times to take it seriously any more.

Is that what I was suggesting? No. I merely mused that a version which removed some of the inbuilt hazards of C would be nice.

I'm not trying to sell you anything.

--------------------
Shameless plug. (Please forgive me.)

Posts: 6530 | From: Noba Scoba | Registered: Jan 2002  |  IP: Logged
spungo
BlabberMouth, a Blabber Odyssey
Member # 1089

Member Rated:
4
Icon 1 posted November 11, 2003 04:15      Profile for spungo     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by csk:

So once computers get fast enough to compensate for the performance overhead of Java, even more Java programming will occur.

Yeah, but then programmes written in faster languages will be running even faster.

--------------------
Shameless plug. (Please forgive me.)

Posts: 6530 | From: Noba Scoba | Registered: Jan 2002  |  IP: Logged
quantumfluff
BlabberMouth, a Blabber Odyssey
Member # 450

Member Rated:
5
Icon 1 posted November 11, 2003 11:12      Profile for quantumfluff     Send New Private Message       Edit/Delete Post 
The myths about Java's slowness are way overblown. In user bound applications (that is, anything where we spend most of the time waiting for user input), who cares that it takes a few more milliseconds to handle a button press. It's still instantanous from the user's point of view. In compute bound applications, a good JIT or a native code Java compiler can help a lot. I've written fairly complex servers in Java, and my experience is that the limiting factor was not the speed of my app, but how many transactions I could get to the database and how fast I could pump data out our network connection.

For me, the real factor is speed of development. If I can cut 30% off a project by using Java rather than C++, I save a lot of money.

Posts: 2902 | From: 5 to 15 meters above sea level | Registered: Jun 2000  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 11, 2003 17:57      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by spungo:
quote:
Originally posted by The Famous Druid:
I've just seen this whole "our language stops you writing buggy code" scam a few too many times to take it seriously any more.

Is that what I was suggesting? No. I merely mused that a version which removed some of the inbuilt hazards of C would be nice.

I'm not trying to sell you anything.

OK, I've had a good sleep, and I'm re-caffeinated, so I think I'm coherent enough to have another stab at what I was trying to say.

I've seen a number of claims that 'language X' is better/safer because it prevents programmers from making the mistakes that are a common problem in 'language Y'. The problem is, this was usually achieved at the cost of power and flexibility.

Pascal, Modula-2, various 4GLs, have all fallen by the wayside because they tried to limit the mistakes a programmer could make by forbidding 'dangerous' activities (eg, memory allocation, direct O/S calls, etc). The result was that programmers either stopped using them, or 'extended' them to provide the missing features.

A language that only lets you do 95% of the required task is useless. I have neither the time, nor the inclination to embark on a new development, only to find out 3/4 of the way through the project that some vital feature is verboten by the language I'm using. Love it or loath it, you'll never hit the "You can't do that in C" wall the way you will with just about any other language I've tried.

That said, there are several very dodgy routines in the C standard library, gets() being an obvious example. A revised standard library that avoids these well-known problems would be a Good Thing.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted November 11, 2003 18:38      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post 
Hold on a minute here - I'm confused...doesn't everyone here use LISP? [Wink]

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9345 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 11, 2003 18:57      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by dragonman97:
Hold on a minute here - I'm confused...doesn't everyone here use LISP? [Wink]

No, I'm a Real Programmer. [Razz]

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted November 11, 2003 19:06      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by The Famous Druid:
quote:
Originally posted by dragonman97:
Hold on a minute here - I'm confused...doesn't everyone here use LISP? [Wink]

No, I'm a Real Programmer. [Razz]
/me gets out the cross and holy water - begone ye unclean spirits...working at the firm that put out RealOne is simply too horrific - it must be the work of the devil!

So, what's the matter, you don't like the Language of Irritating Single Parentheses?

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9345 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted November 12, 2003 03:26      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post 
quote:
Originally posted by spungo:
I think there's a market for a 'safe C', or at least a safer C. A version that doesn't have 'gets' for a start

I was talking to a workmate about this, and he'd seen an interesting aproach used at a previous job.

You simply write your own gets() which calls some other function that doesn't exist (eg, BAD_GEEK_DONT_DO_IT_AGAIN() ). Put it in some library that everyone uses (eg, your screen manager) so it'll get linked in before the standard C one. Et voila ! If anyone violates the coding standard by calling gets(), you'll get a linker error, can't find BAD_GEEK_DONT_DO_IT_AGAIN.

Not a solution for everything, but a neat trick.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10702 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
quantumfluff
BlabberMouth, a Blabber Odyssey
Member # 450

Member Rated:
5
Icon 1 posted November 12, 2003 05:55      Profile for quantumfluff     Send New Private Message       Edit/Delete Post 
There is a safe C. Microsoft calls it C#

GCC does something similar to what TFD suggests with dangerous functions. They warn you at link time. e.g.
/home/guest/tmp/ccIyk0cf.o(.text+0x20): the `gets' function is dangerous and should not be used.

Posts: 2902 | From: 5 to 15 meters above sea level | Registered: Jun 2000  |  IP: Logged
GameMaster
BlabberMouth, a Blabber Odyssey
Member # 1173

Member Rated:
4
Icon 1 posted November 12, 2003 20:31      Profile for GameMaster   Author's Homepage     Send New Private Message       Edit/Delete Post 
Even without gets, there are more powerful abuses:
casting, deleting dynamic memory, uninitialized pointers, and anything that can cause a segfault can be used to access stuff out side of the "sand box." While JAVA can overflow it's stack, it's not overflowing the system stack. More importantly, you can, at least in some cases, get at any memory address you wish with by simply declareing an unsigned long, setting it equal to the address, [then casting it as a]/[letting it go out of scope and declaring a] pointer. Moreover, you can easily slide in an asm tag to break all sorts of rules... Lets make the stack pointer point to null.... [Razz]

There may be exploits that will let you do evil things in java but they are not anywhere near as easy to pull off as in C++. Simple example is the forker, Java would crash, not the system, where as in C++...

Posts: 3038 | From: State of insanity | Registered: Mar 2002  |  IP: Logged
WinterSolstice

Solid Nitrozanium SuperFan
Member # 934

Member Rated:
3
Icon 2 posted November 13, 2003 17:33      Profile for WinterSolstice     Send New Private Message       Edit/Delete Post 
It's really simple:

If you can't use it to unload the OS and load yourself, it is a "Scripting Utility" (Perl, ASP, Java, etc).

If you can, but not easily, it's a "Dangerous Language" (C++, C#, etc)

If you can, and really easily, it's a "Tool" (Assembler, C)

Heheheh [Big Grin]

-WS

--------------------
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.

Posts: 1192 | From: Los Angeles | Registered: Oct 2001  |  IP: Logged


All times are Eastern Time  
  New Poll   Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

© 2018 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam