WANTED: ISPs with DDoS defense solutions

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vadim Antonov wrote:
> On Thu, 31 Jul 2003, Petri Helenius wrote:
> 
> 
>>>What we need is a new programming paradigm, capable of actually producing
>>>secure (and, yes, reliable) software.  C and its progeny (and "program
>>>now, test never" lifestyle) must go.  I'm afraid it'll take laws which
>>>would actually make software makers to pay for bugs and security
>>>vulnerabilities in shipped code to make such paradigm shift a reality.
>>>
>>
>>Blaming the tools for the mistakes programmers make is like saying "guns kill people"
>>when the truth is that people kill people with guns.
> 
> 
> Yep, it is people who choose tools and methods which produce code which is
> guaranteed to be unreliable and insecure - simply because those tools
> allow one to be lazy and cobble things together fast without much design
> or planning.
>  

There is nothing in C which guarantees that code will be unreliable or 
insecure. C has the advantage of power and flexibility. It does no hand 
holding, so any idiot coder claiming to be a programmer can slap 
together code poorly. This is the fault of the programmer, and not the 
language. The syntax for C is just fine, and since any language is 
nothing more than syntax, C is a workable language. There are libraries 
out there for handling arrays with sanity checks. The fact that people 
don't use them is their own fault. For that matter, one can easily write 
their own. I don't know how many times I have gotten a vacant expression 
when mentioning the word flowchart; which is nothing more than the 
visual form of what any programmer should have going through their head 
(and on paper if they really want to limit mistakes). What I'd give to 
see a detailed flowchart for sendmail. I'd hang it on my walls (as I'm 
sure it'd take more than one).

<snip>
> A real programmer can write FORTRAN program in any language.  The problem
> is that the even the best programmers make mistakes.  Many of those
> mistakes (particularly, security-related - such as not checking for buffer
> overflows) can be virtually eliminated by the right tools.

Write a small program in C and then write it in Perl. Have the program 
open a 1.4G syslog file and run a tight loop reading in one line at a 
time, scanning for sendmail log entries, parsing the line, and writing 
out to a file the datetime, envelope_from, nrcpts, msgid.

Your program is half way to actually being useful for something. But 
that should be far enough. Time both programs. For what it's worth, 
sorry Perl took so long.

If a programmer can write a process in any language, then naturally the 
programmer should choose the language which provides the most 
flexibility, performance, and diversity; or the right tool.


-Jack

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]