[NBLUG/talk] If you love him/it so much, then defend him/it.

Mitch Patenaude mrp at sonic.net
Tue May 27 17:25:01 PDT 2003


On Tuesday, May 27, 2003, at 09:46 US/Pacific, Roger House wrote:
> This reminds me of Flon's Axiom:
>
> "There does not now exist, nor will there ever exist, a programming 
> language
> in which it is the least bit hard to write bad programs."

All programming languages are equally bad, but some are more equal than 
others.

(with apologies to George Orwell.)

There are some programming languages that invite really bad habits.  
There are those where the language itself is too limiting (Like BASIC), 
and there are also languages like C, where the language makes is easy 
to do he wrong thing (statically allocated arrays, no bounds checking, 
etc), and difficult to do he right thing.   Think how many of the known 
security flaws out there are from buffer overrun attacks (most), and 
how many more there probably are lurking out there.

Perl solves the buffer overrun attack problem, but by blurring the line 
between data and code, opens up a whole new set of attacks.  Sure, 
taint does a little to help, but it really just puts the burden on the 
programmer to think of all the ways that PERLs inherent flexibility can 
be subverted.  (Remember, there's more than one way to break it!)   And 
let's face it... this is the WRONG way to calculate prime numbers:
      perl -wle '(1 x $_) !~ /^(11+)\1+$/ && print while ++ $_'

I still use both C an PERL, but I lose a lot of sleep whenever I have 
to use one of them to write a program that will run in a hostile 
environment.




More information about the talk mailing list