Anton Aylward wrote:
Dirk Gently said the following on 05/12/2012 03:43 PM:
This has been known since the realease of the Morris Worm in 1987 (or was it 1988?), as the payload was delivered by abusing strcat() in every Sun or Vax which received tainted e-mail containing the payload.
I've been ranting on about buffer overflow for a couple of decades now, haranguing programming schools for not teaching how to avoid such egregious flaws as this and use use of inappropriate memory copy routines. Yes, you'd think by now they'd have learnt.
Real Engineering, certainly the classes I attended in the 60s and 70s, used examples of classical failures and "Don't let me catch you doing anything stupid like this" -- and that was meant as a class of action, not a specific. So why can't programming - No way can you call it 'software engineering' despite what people like Steve McConnell[1] and
I take anything said or written by someone in Microsoft with not a grain of salt, but an entire bucket.
James Moore[2] might wish - learn from past mistakes by teaching students to avoid the classical mistakes early on?
Well, there is one good thing about software engineering programs: because now these students are classified as engineers, they're getting exposure to real engineering profs as the engineering degree requirements mandate some exposure to actual engineering programs. Yes, the SWE profs are just renamed CS profs (with all the problems that entails). When I was at Purdue, I noticed a HUGE difference between the profs who taught programming in the CS department (pie in the sky; programming assignments which focussed on using a programming technique rather than whether that was the appropriate technique for solving the problem -- if you want to assign a project using linked lists, choose a problem in which linked lists is the most appropriate solution ... not one in which arrays are more are far more appropriate for reasons such as efficiency, etc.)
But no, teachers simply don't seem interested in teaching programming for the real world, just grammar and, talking with many students from local community colleges and prospective hires, I find that the teachers use examples that have nothing to do with reliability, maintainability and correctness. The ideas that are norms in other fields of engineering such as those, such as working from detailed specifications, seem an anathema.
CS profs seem to be in la-la land. But all of my EE profs did teach "real world" programming.
Many of us here were brought up in a MIL-SPEC (or similar) world where the subtext was that errors and omissions cost not just much $ but also lives, often catastrophically ("There's a bit smoking hole in the ground and lots of people are dead!") For the likes of us, the whole 'first to market and never mind the bugs' attitude is JUST PLAIN WRONG!
Anyone who has been there when things go pear shaped under fire know that Miller[3] was wrong; "Two" is a distraction never mind "five". Focus, focus, focus.
[1] "After the Gold Rush: Creating a true profession of software engineering"; Microsoft, ISBN 0-7356-0877-6 [2] "Software Engineering Standards: A user's Road map" IEEE Computer Society; ISBN0-8186-8008-3 [3] Miller, G. A. "The magical number seven, plus or minus two: Some limits on our capacity for processing information". Psychological Review 63 (1956)(2): pp81–97.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org