Monthly Archives: June 2009

Beardy weighs in on Old School programming methods

Leave a reply

by guestblogger “Beardy”

Ok, I’m “old school” and proud of it, and yes the author of the article linked at the bottom of the page makes some excellent points.

  • Yes, I do NOT miss having to write convoluted, upside-down and inside-out self-modifying code just to save a few miserable bytes* ! (*and yes, I know there are still a few bare-metal scenarios where that is still the order of the day…)
  • Yes, I do NOT miss having to do all my coding of OO GUI systems using hand-built text objects in CLI text editors!
  • Yes, I most certainly am grateful that “GOTO” has been relegated to the dustbin of history in all but hardcore bare-metal work.
  • And OH how I do NOT miss writing multithreaded applications with languages and OSes that did not support it inherently.

However…

As onerous is it was to get a handle on initially and hideous to be a support programmer for when the original developer adopted a variation on the more commonly accepted (ie: M$ Win32 API…), Hungarian notation certainly does have advantages, especially when the code has to be viewed in multiple scenarios with various tools, most of which have no concept of the language or types.

(…rant warning…)
More importantly, I take major issue with the blanket statements about memory management. Yes, it has improved a LOT and yes, modern languages, compilers and OSes have far more of it available and *can* use it very efficiently, BUT, many programmers seem to view memory as an inexhaustible resource and rather than just not focussing on being memory misers, they ignore good design templates to reinvent the wheel or worse reinvent a square wheel!!! So rather than take a minute to consider the implications of collecting a massive dataset into a local list or collection “just because it is easier for them” when they could write a more efficient algorithm in the first place and only collect a fraction of the data for the same outcome and let the memory manager worry about dealing with the load. Talk about backward progress…

“Old-school programming techniques you probably don’t miss”
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132061

A new twist on “security through obscurity” ?

Leave a reply

By Beardy.

Photo by Henning

Photo by Henning

Ok, anyone who knows anything about security in IT systems knows that “security through obscurity” is akin to “the road to Hell is paved with good intentions”. It just does not really provide the desired outcome in the long term.

So, let’s examine the history of this approach. M$ products, getting better, tend to still depend on M$-specific proprietary APIs and protocols, that inevitably lead to “critical” security patch after “critical” security patch ad infinitum, sound familiar?

On the hardware and network design side, many people (some of whom should know better!) think that just because they have what is termed a “NAT firewall”, that their precious LAN is secured from the kiddiots and other nasty denizens of the world-wide-whackfest. WRONG!

First of all, while NAT does provide at least some level of protection (certainly better than the twits who connect their USB ADSL MODEMs directly to the ‘net without even enabling Winblows firewall, nuff sed on that one.), it only really obfuscates things, it is not true protection. Consider the annual C and Perl code obfuscation contests, the result is code that is nearly impossible to read without getting a headache, but it is decipherable in the end. This will eventually become largely academic as IPV6 becomes more pervasive. Remember that NAT was originally created to provide an artificial extension of the internet’s IPV4 address space (well, that combined with non-routable IP address ranges).

All the gurus of internet hacking agree on one thing about NAT as a “firewall” technology; it is limited but fine provided the machines on the inside NEVER open a connection OUT and no ports are forwarded IN. All a potential attacker needs is the details of who and where you came from and they can (in theory at least) use that against you, kinda like identity theft.

So where am I going with this?

Continue reading