[NBLUG/talk] If you love him/it so much, then defend him/it.
Mitch Patenaude
mrp at sonic.net
Tue May 27 17:25:01 PDT 2003
On Tuesday, May 27, 2003, at 09:46 US/Pacific, Roger House wrote:
> This reminds me of Flon's Axiom:
>
> "There does not now exist, nor will there ever exist, a programming
> language
> in which it is the least bit hard to write bad programs."
All programming languages are equally bad, but some are more equal than
others.
(with apologies to George Orwell.)
There are some programming languages that invite really bad habits.
There are those where the language itself is too limiting (Like BASIC),
and there are also languages like C, where the language makes is easy
to do he wrong thing (statically allocated arrays, no bounds checking,
etc), and difficult to do he right thing. Think how many of the known
security flaws out there are from buffer overrun attacks (most), and
how many more there probably are lurking out there.
Perl solves the buffer overrun attack problem, but by blurring the line
between data and code, opens up a whole new set of attacks. Sure,
taint does a little to help, but it really just puts the burden on the
programmer to think of all the ways that PERLs inherent flexibility can
be subverted. (Remember, there's more than one way to break it!) And
let's face it... this is the WRONG way to calculate prime numbers:
perl -wle '(1 x $_) !~ /^(11+)\1+$/ && print while ++ $_'
I still use both C an PERL, but I lose a lot of sleep whenever I have
to use one of them to write a program that will run in a hostile
environment.
More information about the talk
mailing list