* College Software Texts Found To Teach Insecure Coding
@ 2008-07-22 19:39 Adam Beneschan
2008-07-22 19:46 ` mockturtle
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Adam Beneschan @ 2008-07-22 19:39 UTC (permalink / raw)
The subject line was the title of an article I got in my SANS
newsletter today. I'm not clear on whether this was a contest or who
ran it, but "Four individuals were recognized today for their
excellent descriptions of insecure code found in programming texts".
These texts thus contributed to "weak secure coding skills". The
texts mentioned:
- The Complete Reference: C 4th ed. (Osbourne)
- Programming Embedded Systems in C and C++ (O'Reilly)
- C Primer Plus, Third Edition (SAMS)
- C in a Nutshell (O'Reilly)
- Introduction to Java Programming, 7th Edition (Pearson Prentice
Hall)
- Beginning Ruby: from Novice to Professional (Apress)
- Beginning ASP Databases (Wrox)
So guess which language doesn't appear in the above list?
(Yeah, I know there's more than one language that doesn't appear, but
you get my point.)
-- Adam
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-22 19:39 College Software Texts Found To Teach Insecure Coding Adam Beneschan
@ 2008-07-22 19:46 ` mockturtle
2008-07-22 20:16 ` Adam Beneschan
2008-07-24 12:13 ` Colin Paul Gloster
2008-07-28 12:23 ` Maciej Sobczak
2 siblings, 1 reply; 9+ messages in thread
From: mockturtle @ 2008-07-22 19:46 UTC (permalink / raw)
On Jul 22, 9:39 pm, Adam Beneschan <a...@irvine.com> wrote:
> The subject line was the title of an article I got in my SANS
> newsletter today. I'm not clear on whether this was a contest or who
> ran it, but "Four individuals were recognized today for their
> excellent descriptions of insecure code found in programming texts".
> These texts thus contributed to "weak secure coding skills". The
> texts mentioned:
>
> - The Complete Reference: C 4th ed. (Osbourne)
> - Programming Embedded Systems in C and C++ (O'Reilly)
> - C Primer Plus, Third Edition (SAMS)
> - C in a Nutshell (O'Reilly)
> - Introduction to Java Programming, 7th Edition (Pearson Prentice
> Hall)
> - Beginning Ruby: from Novice to Professional (Apress)
> - Beginning ASP Databases (Wrox)
>
> So guess which language doesn't appear in the above list?
Intercal? :-)
>
> (Yeah, I know there's more than one language that doesn't appear, but
> you get my point.)
>
> -- Adam
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-22 19:46 ` mockturtle
@ 2008-07-22 20:16 ` Adam Beneschan
2008-07-22 20:41 ` mockturtle
0 siblings, 1 reply; 9+ messages in thread
From: Adam Beneschan @ 2008-07-22 20:16 UTC (permalink / raw)
On Jul 22, 12:46 pm, mockturtle <framefri...@gmail.com> wrote:
> > So guess which language doesn't appear in the above list?
>
> Intercal? :-)
Actually, I guess that would work. I've looked over every available
introductory college text on Intercal programming and I have not found
a single example of insecure code.
:)
-- Adam
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-22 20:16 ` Adam Beneschan
@ 2008-07-22 20:41 ` mockturtle
0 siblings, 0 replies; 9+ messages in thread
From: mockturtle @ 2008-07-22 20:41 UTC (permalink / raw)
On Jul 22, 10:16 pm, Adam Beneschan <a...@irvine.com> wrote:
> On Jul 22, 12:46 pm, mockturtle <framefri...@gmail.com> wrote:
>
> > > So guess which language doesn't appear in the above list?
>
> > Intercal? :-)
>
> Actually, I guess that would work. I've looked over every available
> introductory college text on Intercal programming and I have not found
> a single example of insecure code.
>
> :)
>
> -- Adam
A mathematician would say that this is "trivially true" :-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-22 19:39 College Software Texts Found To Teach Insecure Coding Adam Beneschan
2008-07-22 19:46 ` mockturtle
@ 2008-07-24 12:13 ` Colin Paul Gloster
2008-07-28 12:23 ` Maciej Sobczak
2 siblings, 0 replies; 9+ messages in thread
From: Colin Paul Gloster @ 2008-07-24 12:13 UTC (permalink / raw)
On Tue, 22 Jul 2008, Adam Beneschan posted to news:comp.lang.ada :
|---------------------------------------------------------------------|
|"The subject line was the title of an article I got in my SANS |
|newsletter today. I'm not clear on whether this was a contest or who|
|ran it, but "Four individuals were recognized today for their |
|excellent descriptions of insecure code found in programming texts". |
|These texts thus contributed to "weak secure coding skills". The |
|texts mentioned: |
| |
|- The Complete Reference: C 4th ed. (Osbourne) |
|- Programming Embedded Systems in C and C++ (O'Reilly) |
|- C Primer Plus, Third Edition (SAMS) |
|- C in a Nutshell (O'Reilly) |
|- Introduction to Java Programming, 7th Edition (Pearson Prentice |
|Hall) |
|- Beginning Ruby: from Novice to Professional (Apress) |
|- Beginning ASP Databases (Wrox) |
| |
|So guess which language doesn't appear in the above list? |
| |
|(Yeah, I know there's more than one language that doesn't appear, but|
|you get my point.) |
| |
| -- Adam" |
|---------------------------------------------------------------------|
Congratulations to those who found errors in books, highlighting once
again that the appearance of something in print should not be
considered to be a citable reference merely because it does not exist
merely as a softcopy Usenet post or email.
Another item which is also not an exemplar is "Algorithms in C++",
third edition, Parts 1-4 volume, by Robert Sedgewick and Christopher J
of Wick:
HTTP://ACCU.org/index.php/book_reviews?url=view.xqy?review=10867546023303641450
Sincerely,
Colin Paul Gloucester
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-22 19:39 College Software Texts Found To Teach Insecure Coding Adam Beneschan
2008-07-22 19:46 ` mockturtle
2008-07-24 12:13 ` Colin Paul Gloster
@ 2008-07-28 12:23 ` Maciej Sobczak
2008-07-28 14:04 ` Dmitry A. Kazakov
2 siblings, 1 reply; 9+ messages in thread
From: Maciej Sobczak @ 2008-07-28 12:23 UTC (permalink / raw)
On 22 Lip, 21:39, Adam Beneschan <a...@irvine.com> wrote:
> - The Complete Reference: C 4th ed. (Osbourne)
> - Programming Embedded Systems in C and C++ (O'Reilly)
> - C Primer Plus, Third Edition (SAMS)
> - C in a Nutshell (O'Reilly)
> - Introduction to Java Programming, 7th Edition (Pearson Prentice
> Hall)
> - Beginning Ruby: from Novice to Professional (Apress)
> - Beginning ASP Databases (Wrox)
>
> So guess which language doesn't appear in the above list?
In order to be on the above list, the language needs to satisfy two
conditions:
1. It has to be popular enough for somebody to justify *writing* a
book about it (hint: writing a book has to generate income).
2. It has to be popular enough for somebody to justify *reading* a
book, so that errors can be found.
So guess which language isn't popular enough to satisfy them both.
Yes, you are right that there exist crappy books about some popular
programming languages/technologies/whatever - but there is nothing
spectacular in this fact. It is just the nature of big statistic
samples.
--
Maciej Sobczak * www.msobczak.com * www.inspirel.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-28 12:23 ` Maciej Sobczak
@ 2008-07-28 14:04 ` Dmitry A. Kazakov
2008-07-28 21:27 ` Maciej Sobczak
0 siblings, 1 reply; 9+ messages in thread
From: Dmitry A. Kazakov @ 2008-07-28 14:04 UTC (permalink / raw)
On Mon, 28 Jul 2008 05:23:40 -0700 (PDT), Maciej Sobczak wrote:
> Yes, you are right that there exist crappy books about some popular
> programming languages/technologies/whatever - but there is nothing
> spectacular in this fact.
Spectacular is the ratio of the crap to the signal.
> It is just the nature of big statistic samples.
Nope. Bigger samples behave more close to the expectation, i.e. the nature
of is exactly reverse.
The problem is - what to expect from a sample of books on IT? The answer,
read from the statistics, is - you should expect crap. I find it
spectacular, because it shows who is the average reader...
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-28 14:04 ` Dmitry A. Kazakov
@ 2008-07-28 21:27 ` Maciej Sobczak
2008-07-29 7:46 ` Dmitry A. Kazakov
0 siblings, 1 reply; 9+ messages in thread
From: Maciej Sobczak @ 2008-07-28 21:27 UTC (permalink / raw)
On 28 Lip, 16:04, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:
> > Yes, you are right that there exist crappy books about some popular
> > programming languages/technologies/whatever - but there is nothing
> > spectacular in this fact.
>
> Spectacular is the ratio of the crap to the signal.
Which is still not spectacular at all if you take into account the
acceptance criteria for publication. Basically, books are reviewed
*after* they are published, not before (that's why there are so many
"book review" websites - they should just not exist at all!).
> The problem is - what to expect from a sample of books on IT? The answer,
> read from the statistics, is - you should expect crap. I find it
> spectacular, because it shows who is the average reader...
And again, I agree with you, but I still don't find anything
spectacular in it if you take into account that books form a regular
commercial market. Are you surprised that the majority of music is a
crap as well? It is just a result of its wide commercialization.
Which, btw, has its bright sides as well.
Oh well - we went off topic again. ;-)
--
Maciej Sobczak * www.msobczak.com * www.inspirel.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: College Software Texts Found To Teach Insecure Coding
2008-07-28 21:27 ` Maciej Sobczak
@ 2008-07-29 7:46 ` Dmitry A. Kazakov
0 siblings, 0 replies; 9+ messages in thread
From: Dmitry A. Kazakov @ 2008-07-29 7:46 UTC (permalink / raw)
On Mon, 28 Jul 2008 14:27:47 -0700 (PDT), Maciej Sobczak wrote:
> On 28 Lip, 16:04, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
>
>> The problem is - what to expect from a sample of books on IT? The answer,
>> read from the statistics, is - you should expect crap. I find it
>> spectacular, because it shows who is the average reader...
>
> And again, I agree with you, but I still don't find anything
> spectacular in it if you take into account that books form a regular
> commercial market.
Why did it become commercial? Do you see anything entertaining in
programming, I mean, at the level these books addressed to? To put it
simple, why "regular idiots" enjoy reading on IT?
> Are you surprised that the majority of music is a
> crap as well? It is just a result of its wide commercialization.
It is not that simple, especially because, practically all traditional fine
arts either died or else became crap, while commercialization always
existed.
> Which, btw, has its bright sides as well.
>
> Oh well - we went off topic again. ;-)
Nope, the song remains the same, why Ada isn't any popular... (:-))
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2008-07-29 7:46 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-07-22 19:39 College Software Texts Found To Teach Insecure Coding Adam Beneschan
2008-07-22 19:46 ` mockturtle
2008-07-22 20:16 ` Adam Beneschan
2008-07-22 20:41 ` mockturtle
2008-07-24 12:13 ` Colin Paul Gloster
2008-07-28 12:23 ` Maciej Sobczak
2008-07-28 14:04 ` Dmitry A. Kazakov
2008-07-28 21:27 ` Maciej Sobczak
2008-07-29 7:46 ` Dmitry A. Kazakov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox