:: Re: [DNG] Systemd Shims
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Dave Turner
日付:  
To: dng
題目: Re: [DNG] Systemd Shims
Edward,

This grumpy old man who is so old he started coding when BASIC had line
numbers and 8bit Motorola 6800 assembler was state of the art says:-
Don't let others harden the code.
Do it properly from the start.
After many years or using C and C++ my working life is now spent writing
Perl.
Sometimes it irritates me, but when one line of Perl does what a sheet
of A4 full of C can do, well, that cheers me up!
And don't forget, you can inline Perl into C to handle those awkward
bits, and you can inline C into Perl to make that bit go faster.

DaveT

On 19/08/15 18:14, Edward Bartolo wrote:
> I am not assuming anything and understand the risks of buffer
> overflows. The first step I am taking is to make the code function.
> The second step is further debug it until it behaves properly and the
> third step is to correct any potential security issues. As anyone can
> understand, projects, whatever they are, are not completed in one
> step. Furthermore, debugging is a lengthy process and part of it is
> removing potential security holes.
>
> As to studying other languages, here, you are NOT talking to a youth
> in his twenties or his teens, but to a 48 year old. Learning a new
> language is a lengthy process and the ones I know are far more than
> enough for what I do.
>
> Devuan's team of developers is not in any way obliged to accept my
> code. Any developer who may feel the need to harden the code is free
> to do so.
>
> Thanks
>
> On 19/08/2015, Hendrik Boom <hendrik@???> wrote:
>> On Wed, Aug 19, 2015 at 06:46:36PM +0200, Laurent Bercot wrote:
>>> On 19/08/2015 15:29, Edward Bartolo wrote:
>>>> This is the completed C backend with all functions tested to work. Any
>>>> suggestions as to modifications are welcome.
>>> OK, someone has to be the bad guy. Let it be me.
>>>
>>> First, please note that what I'm saying is not meant to discourage you.
>>> I appreciate your enthusiasm and willingness to contribute open source
>>> software. What I'm saying is meant to make you realize that writing
>>> secure software is difficult, especially in C/Unix, which is full of
>>> pitfalls. As long as you're unfamiliar with the C/Unix API and all its
>>> standard traps, I would advise you to refrain from writing code that
>>> is going to be run as root; if you want to be operational right away
>>> and contribute system software right now, it's probably easier to stick
>>> to higher-level languages, such as Perl, Python, or whatever the FotM
>>> interpreted language is at this time. It won't be as satisfying, and the
>>> programs won't be as efficient, but it will be safer.
>> Or try some of the less known, but compiled, efficient, strongly and
>> securely type-checked languages such as Modula 3 or OCaml.
>>
>> -- hendrik
>>
>> _______________________________________________
>> Dng mailing list
>> Dng@???
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng