Firewall Wizards mailing list archives
Re: Why are developers choosing to...
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 20 Jan 2006 14:51:49 -0500 (EST)
On Fri, 20 Jan 2006, hermit921 wrote:
concepts. For example, the concept of a network port. I had one developer that insisted his application didn't listen on a port, it used the subnet. Some of them don't understand the concept of a directory
Niiiice. You should have told him it was masked and your security policy didn't allow applications that used the subnet mask, could he unmask it?
I am starting to blame a lot of this on GUI development products. I am trying to be nice and not completely blame the developers and the bozo managers who hire them. The IDE takes care of everything other than the actual code by using various default settings. This leaves the developers without any reason to learn what environment the application has to work in. It works in their GUI, doesn't it?
It's worse. I talked to a developer last week who used C++ to do their application. "Your app isn't doing the right thing with my client's proxy" was met with "Oh, I don't know what that class actually does, I just put it in there based on the docs, I don't have any way to test that here..." "Ok, when your application calls connect..." and "Ok, the initial SYN is..." got me "Wow! I have no idea what you're talking about, the words sound valid, but you're speaking a foreign language!" Delphi components were the start of this for me. At the time, I had a developer who was complaining that his wonderful application wouldn't work with our corporate mail server. I traced the session and said "I'm sorry, your application isn't doing valid RFC-compliant SMTP." "Well, it's an SMTP component, but I don't know what it does and can't change it!" Needless to say, rather than changing my SMTP server to accept slightly broken SMTP, he got to go find a new SMTP component (ISTR it was reversing "mail from" and "rcpt to".) This is yet another symptom of the disease that nobody *really* knows what code is in their applications in closed-source environments *even if they wrote the application*. You want a winning infowar strategy? Develop a cool framework for anything network-based and pay folks to use it. You'd win. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Why are developers choosing to... Behm, Jeffrey L. (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Joseph S D Yao (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Joseph S D Yao (Jan 20)
- Re: Why are developers choosing to... Karl Mueller (Jan 20)
- Re: Why are developers choosing to... Adrian Grigorof (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- Message not available
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Darren Reed (Jan 20)
- Re: Why are developers choosing to... mlh (Jan 23)
- Re: Why are developers choosing to... Barney Wolff (Jan 23)
- <Possible follow-ups>
- Re: Why are developers choosing to... Keith A. Glass (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)