Submitted via IRC for TheMightyBuzzard
Researchers have checked 64,000+ GitHub projects, and found 117 vulnerabilities introduced through the use of code from popular programming tutorials.
Things like this are why I would never hire a professional programmer without an online portfolio of source code to check for Blatant Stupidity.
Source: https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/
(Score: 2) by tibman on Monday April 24 2017, @02:05AM (9 children)
Oh, you have a programming language that prevents vulnerabilities? do tell
SN won't survive on lurkers alone. Write comments.
(Score: 2) by Scruffy Beard 2 on Monday April 24 2017, @02:22AM (5 children)
Ada may come close. but a skilled programmer can disable most of the anti-foot shooting stuff.
(I have not tried it myself, but it is supposed to support things like design by contract.)
(Score: 2) by kaszz on Monday April 24 2017, @02:34AM (4 children)
The funny thing is that Universities coach students into programming languages with extensive anti-foot-shooting-protections which usually also has protections against productivity.. But somehow advanced maths is alright without any shoot away your brains protection because well.. doh!?
(Score: 1) by Scruffy Beard 2 on Monday April 24 2017, @02:52AM (3 children)
Not sure I get your point.
(Score: 2) by kaszz on Monday April 24 2017, @08:25AM (2 children)
Hard typed languages with memory protection etc. Hinders the user from doing mistakes, at least some of them because the teachers won't trust students to not make mistakes. While in maths there are no protections but then magically students are trusted to make mistakes. Usually bad ones too.
My point is, if a person can handle STEM maths at a university, they can handle coding too without protection mechanism. It's all about thinking through your actions and some bookkeeping.
(Score: 2) by Scruffy Beard 2 on Monday April 24 2017, @02:00PM (1 child)
I guess I disagree then. If there is one things computer are good at, but humans aren't, it is bookkeeping.
The Computing science professors want to focus (at least in introductory classes) on the concepts they are teaching, rather than book-keeping.
Not sure of the hard distinction you are making between CS and Math either. But in general, software has more complexity than one person can comprehend.
(Score: 2) by kaszz on Monday April 24 2017, @02:23PM
Bookkeeping is to have a handler setup before you call a timer alarm or open the graphics driver before you try to draw some lines etc. Keeping plain variables in order just requires one to think first, and then code.
(Score: 3, Touché) by Nerdfest on Monday April 24 2017, @02:36AM (1 child)
No language *prevents* vulnerabilities (well, some prevent some types), but PHP seems to actively *encourage* them.
(Score: 2) by kaszz on Monday April 24 2017, @09:53AM
Some languages also seems to attract the lower end genepool like flies to shit ;)
(Score: 2) by bob_super on Tuesday April 25 2017, @06:47PM
Java is the most obsessed about types and other safe behaviors language I code.
But I'm much happier in Verilog, where they arguably should add a cheering section in the compiler, to grade the originality of dumb mistakes allowed by letting you do just about anything...