Anno domini 2022 Tue, 1 Feb 11:44:37 -0500
Steve Litt scripsit:
> tito via Dng said on Tue, 1 Feb 2022 13:49:30 +0100
>
> >On Tue, 1 Feb 2022 09:50:31 +0100
> >Didier Kryn <kryn@???> wrote:
> >
> >> Le 31/01/2022 à 19:16, Steve Litt a écrit :
> >> >> Writing a self-daemonizing daemon in C was a routine when I
> >> >> was still active, though I understand it could be more difficult
> >> >> in shell.
> >> > But more difficult in Python. I try to stay away from C if Python
> >> > does the job. I think Python3 plus its standard libraries are more
> >> > secure than C code written by the error prone Steve Litt.
> >>
> >> Let me generalize: "I think Python3 plus its standard libraries
> >> are more secure than C code written by an error prone human being."
> >> (~:
> >
> >You made my day ;-) ... and Python is written in which programming
> >language?
>
> This is my point exactly. The C in Python was written by much more
> careful and security aware programmers than I, checked by thousands.
> This is why you almost never hear of security flaws or bugs in Python3.
>
> Although made from C, Python3 has no pointers and has infinitly
> expandable arrays and dictionaries, so no pointer exploits, no errant
> pointers, no ininitialized pointers, and no buffer overflows. They pull
> off RAM from the stack and the heap in the right way, and have garbage
> collection, so memory leaks and the like are unlikely to occur by
> accident. I can screw up a Python program in many ways, but assuming I
> cleanse my inputs, few of those ways are a security risk.
>
> In the hands of anything but a very careful and security-knowledgeable
> programmer, writing Python3 is more secure than writing C. You could
> think of Python3 as C with seatbelts and airbags, and a heck of an
> inefficient transmission.
When it comes to this, I still prefer Scheme/Lisp seatbelts and airbags. But that's most likely because I have a grey beard and the first "high level" languages where indentation kicked my butt were fortran and cobol. Seeing that resurrected in python is like return of the living dead ...
Nik
>
> SteveT
>
> Steve Litt
> Spring 2021 featured book: Troubleshooting Techniques of the Successful
> Technologist http://www.troubleshooters.com/techniques
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
--
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...