Mailinglist Archive: opensuse (1125 mails)

[Dirk Gently <dirk.gently00@xxxxxxxxx>]

Anton Aylward wrote:
> Dirk Gently said the following on 05/12/2012 03:43 PM:
> > This has been known since the realease of the Morris Worm in 1987 (or
> > was it 1988?), as the payload was delivered by abusing strcat() in
> > every Sun or Vax which received tainted e-mail containing the payload.
>
> I've been ranting on about buffer overflow for a couple of decades now,
> haranguing programming schools for not teaching how to avoid such
> egregious flaws as this and use use of inappropriate memory copy
> routines.  Yes, you'd think by now they'd have learnt.
>
> Real Engineering, certainly the classes I attended in the 60s and 70s,
> used examples of classical failures and "Don't let me catch you doing
> anything stupid like this" -- and that was meant as a class of action,
> not a specific.  So why can't programming - No way can you call it
> 'software engineering' despite what people like Steve McConnell[1] and

I take anything said or written by someone in Microsoft with not a
grain of salt, but an entire bucket.


> James Moore[2] might wish - learn from past mistakes by teaching
> students to avoid the classical mistakes early on?

Well, there is one good thing about software engineering programs:
because now these students are classified as engineers, they're
getting exposure to real engineering profs as the engineering degree
requirements mandate some exposure to actual engineering programs.
Yes, the SWE profs are just renamed CS profs (with all the problems
that entails).

When I was at Purdue, I noticed a HUGE difference between the profs
who taught programming in the CS department (pie in the sky;
programming assignments which focussed on using a programming
technique rather than whether that was the appropriate technique
for solving the problem -- if you want to assign a project using
linked lists, choose a problem in which linked lists is the
most appropriate solution ... not one in which arrays are more
are far more appropriate for reasons such as efficiency, etc.)

> But no, teachers simply don't seem interested in teaching programming
> for the real world, just grammar and, talking with many students from
> local community colleges and prospective hires, I find that the teachers
> use examples that have nothing to do with reliability, maintainability
> and correctness.  The ideas that are norms in other fields of
> engineering such as those, such as working from detailed specifications,
> seem an anathema.

CS profs seem to be in la-la land.  But all of my EE profs
did teach "real world" programming.


> Many of us here were brought up in a MIL-SPEC (or similar) world where
> the subtext was that errors and omissions cost not just much $ but also
> lives, often catastrophically ("There's a bit smoking hole in the ground
> and lots of people are dead!")  For the likes of us, the whole 'first to
> market and never mind the bugs' attitude is JUST PLAIN WRONG!
>
> Anyone who has been there when things go pear shaped under fire know
> that Miller[3] was wrong; "Two" is a distraction never mind "five".
> Focus, focus, focus.
>
>
> [1] "After the Gold Rush: Creating a true profession of software
> engineering"; Microsoft, ISBN 0-7356-0877-6
> [2] "Software Engineering Standards: A user's Road map"  IEEE Computer
> Society; ISBN0-8186-8008-3
> [3] Miller, G. A. "The magical number seven, plus or minus two: Some
> limits on our capacity for processing information". Psychological Review
> 63 (1956)(2): pp81–97.

-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx