Dailydave mailing list archives

Fwd: Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did

From: Rodney Thayer <rodney () canola-jones com>
Date: Thu, 05 Feb 2004 07:08:46 -0800

Halvar wrote...


MH> effort into. Another giveaway are people who "can't" work without pointers
MH> and/or loose typing.

I am not all too sure about this. Loose typing certainly has little
use, but pointers are so essential to algorithmic and memory
efficiency that branding them as evil is like declaring that cars
which go faster than 20mph are too risky.


ooh a theological coding debate with Matt and Halvar.
Sounds like... slightly more dangerous that nuclear weapons disassembly.

But I'll give it a humble shot.

I've done a lot of consulting gigs where I go in and get to repair
busted code from long-gone programmers.  I've seen several bad pointer
situations.  Don't get me wrong, like many things, use of pointers
is something that can be perfectly reasonable, neat, readable, reliable,
etc.  But it's something that is unfortunately a tool for people
to be slovenly dumb fucks too.  

The classic thing is someone has "a dynamic number of <things>" and
therefore they dynamically allocate pointers to things.  This looks
good in Comp Sci class and probably got you an 'A' but in the real
world it bites because you can't chase down data easily.  Also, the
"dynamic" aspect tends to be bullshit.  Imagine a system that's supposed
to have 1000 max SSL connections.  It therefore has some swoopy cool
dynamic mechanism to allocate up to 1000 SSL context objects.   Trouble
is, if it fails, you have a core dump with SSL contexts spread all the
way from here to Mars and chasing them down to examine them is 
wicked painful.  If, instead, you do the dumb stupid trick of allocating
a fixed array of 1000 SSL contexts, and use those, then they're all
in one nice easy to find fixed location and you can examine all of
them with little effort.  If someone goes "ewww ick you allocated
all that memory statically" my answer is "hey, in the specificed scenario
you had to have all that memory anyway, so how can the consumption of
the memory be illegtimate?"

Oops, I'm thinking like a developer who expects to be responsible for
building robust, testable, maintainable code before it's delivered
to Q-A or the customer, or subjected to some pornographic test cooked up
by CTO (Chief Torture Officer) Aitel using Canvas.  

Sorry.  I'll crawl back in my cave now.

(And, no, I have no delusions that my code is always right or always
secure, I'm just commenting on maintainability.  I think maintainability
and reliability and security of code are closely related subjects.)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Fwd: Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 05)
- Re: Fwd: Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Halvar Flake (Feb 05)
  - Re: Fwd: Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 05)