Firewall Wizards mailing list archives

Re: Extreme Hacking

From: "Craig H. Rowland" <crowland () psionic com>
Date: Mon, 12 Jul 1999 11:58:23 -0500 (CDT)

OK, this time publicly:


Apologies, I received your message but was out of town at DefCon and
couldn't reply.


What programming languages do YOU believe are the "silver bullet"
against poorly written code?


Modern languages should offer more protection internally for the
programmer. There is no reason that, in 1999, we should still be using
general programming languages that allow programmers to so easily shoot
themselves in the foot with issues that should be handled by the language
itself. Buffer overflows, memory management, inconsistent library
functions and return codes. These are all things that foster and promote
problems in code even if you are a careful programmer. As a developer I
can't help but sit back in amazement as programs get slammed with these
common issues and say "Why haven't we moved on?" It's as if the software
industry is happy living in 1999 with 1979 problems. 

Languages like C and C++ need to be relegated to projects that
specifically need the speed or low-level control. The argument can be made
that these languages have served us well and that any modern language will
be built using C and/or C++. To this I agree. At the same time I realize
that, like assembly language, there comes a time where you need to move on
to create an environment where development can happen at a faster and
safer pace (the same reasons that brought about C).

As far as my silver bullet, I suppose the project determines the language
choice by far. The majority of what I have written has in fact been in C,
but this is not by choice and I in fact hate using C because fully 50% of
my time is consumed with petty issues as explained above and then some.
So to answer your question, my personal favorite language is, in fact,
Python. This is personal choice I arrived at after reviewing many
languages available and is *opinion* only. Of course this argument is
fruitless because it only results in religious wars and bad code can be
written in any language.

--
Joe Yao                               jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                   EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.


-- Craig

Current thread:

Re: Extreme Hacking, (continued)
- - - Re: Extreme Hacking Ge' Weijers (Jul 12)
    - Re: Extreme Hacking Darren Reed (Jul 12)
    - Re: Extreme Hacking Crispin Cowan (Jul 13)
  - Re: Extreme Hacking deab (Jul 06)
  - Re: Extreme Hacking Paul Woodie (Jul 06)
  - Re: Extreme Hacking Craig H. Rowland (Jul 06)
    - Re: Extreme Hacking Crispin Cowan (Jul 08)
    - Re: Extreme Hacking Craig H. Rowland (Jul 09)
    - Vulnerability Escrow (was: Extreme Hacking) Crispin Cowan (Jul 09)
    - Re: Extreme Hacking Joseph S D Yao (Jul 12)
    - Re: Extreme Hacking Craig H. Rowland (Jul 12)
  - Re: Extreme Hacking Stephen P. Berry (Jul 08)
  - Message not available
    - Re: Extreme Hacking Vanja Hrustic (Jul 09)
  - Re: Extreme Hacking Bennett Todd (Jul 12)
    - Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Vanja Hrustic (Jul 06)
- Re: Extreme Hacking Dick Brooks (Jul 06)
  - Re: Extreme Hacking Jody C. Patilla (Jul 07)
- Re: Extreme Hacking ark (Jul 06)
- Re: Extreme Hacking Ryan Russell (Jul 06)
  - Re: Extreme Hacking Rafi Sadowsky (Jul 09)

(Thread continues...)