[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Book questions

On 12/04/2015, Petter Adsen <petter@synth.no> wrote:


> Now that you mention security, that leads me to another question - are
> there any good books on writing secure programs? I would guess that
> would be a good thing to think about from the start, as to learn good
> practices?

I believe that this is where it gets into the realm of "How long is a
piece of string?".

>From my understanding, security is always relative, and, never
absolute - whether something can be breached, whether it is a building
or a software program, depends on the skill and persistence of the
person trying to do the breaching, and, importantly, luck.

It is like the principle "Just when you think that you have produced
an idiot-proof program, they design a more effective idiot".

I believe that, similarly, the best way to learn good programming
practices, is to take courses at different educational institutions,
and, pick the good parts of each. One institution at which I studied,
a technical college, taught (overall) better programming practices,
and that included error tracking and handling- another institution
taught students to use (in c++) the assert statement, so as to,
instead, cause programs to crash, when an error occurred, and,
another, taught (in a Pascal course) the use of pointers, to test data
that was being input through the keyboard, by using the input buffer,
for data validation. Similarly, in teaching SQL programming, in
database programming, some institutions that I encountered, taught
students to reduce the prospect of (I think it is named) code
insertion, wherein, where a user is required to manually type in data,
the user instead types in SQL code, which a database program could
(where it is not protedted against code insertion) accept and execute
unauthorised SQL code, violating the database.

It is a matter of luck, as to being taught "the right stuff" at formal
educational institutions, and, even as to the attitudes of the
teaching staff (at one educational institution, where I asked about
the applicability of hyperbolic trig functions, when we were being
taught hyperbolic trig functions, the lecturer told me that that was
not his job, to explain stuff like that - his job was only to present
the material, and not provide any explanations (he later became the
head of the maths department, at that university), whereas, at the
technical college, the lecturer there, took the time to explain the
applicability of the hyperbolic trig functions), but I believe that
formal education at a vocational institution, is most likely to
provide the means of learning good programming practices, including
software development methodologies, to achieve the best possible
result in software development. Oh, and, at one of the educational
institutions, the head of the (teaching) computer science department,
did not believe in the benefits of systems analysis and design, for
software development - he practised, and, believed in, hack

And, at another educational institution, I met (via a local Linux User
Group mailing list), a PhD student who was studying computer security,
and, he took the time to show me some of the benefits of Debian (when
it was 3.0 or 3.1), and, converted me to Debian (I was, at that time,
learning Red Hat and Slackware, for use at that university, thence for
personal use). He was a local Linux guru, and, his area is/was
computer security.

> Another thing - I have been thinking about also learning Python, for
> instance for interacting with GTK, and for writing things that might be
> hard to do in C. Would that be a good choice, or should I look at any
> other languages before I start?

I am definitely no expert in this, and, others could advise regarding
this, much better than me, but, my understanding is that, for what you
seek, Perl appears to be the answer, as it apparently includes "the
good parts" of various programming languages, including "C", and, is
cross-platform portable, and is supposed to be very versatile.

Bret Busby
West Australia

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992


Reply to: