Security Basics mailing list archives
RE: Programming
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 10 Feb 2005 14:52:31 -0800
I was a software developer for 18 years, before I was thrust into networking and security. I have written code professionally in (in no particular order) APL, BASIC, FORTRAN, Assembler, PL/1, C, C++, Pascal, Modula-2, Perl, and 3 or 4 proprietary languages that nobody has ever heard of outside the companies that created them. I've toyed with a half-dozen other languages that nobody ever got around to paying me to use. My first programming class in university was in COBOL. The class quickly split into two groups: (a) Those who had no prior exposure to programming, and were lost. (b) Those who had prior exposure to another language, and were disgusted. I'll readily grant that the language has evolved since then, and that there are many adequate systems which were originally written in COBOL and still are, and remain in daily use. But I fear that learning COBOL will teach dayz more about whether he has a passionate love for coding than it will about security -- which he did say was his objective.
One more benefit, COBOL was an early attempt to develop human readable code. And today it still can be written today in sentence and paragraph form.
The "language in which non-programmers can write and understand non-programs" has been reinvented several major times since. (dBASE is the best example that springs to my mind at the moment.) Invariably, it turns out that programmers write better non-programs in these languages than non-programmers ever do, but they tend to migrate away to languages that allow them to focus more on code functionality and less on typing speed. In other words, experience (and history) leads me to grave doubts about the value of this language "feature". COBOL is appropriate to learn for some purposes. I respectfully submit that (a) these have more to do with accidents of history than with innate linguistic properties, and (b) these purposes are not those that dayz has expressed an interest in accomplishing. David Gillett
-----Original Message----- From: David J ONEILL [mailto:David.J.Oneill () state or us] Sent: Thursday, February 10, 2005 7:55 AM To: dayz () planet nl; security-basics () securityfocus com Subject: RE: Programming Having been a programmer/developer/systems analyst for the last 11 years, I feel that a lot of respondents are missing the boat. They have forgotten on of the most structured languages still in existence COBOL. This language is available for PC platforms. I have programmed professionally in PC and Mainframe Assembler, BASIC, Visual Basic, C, COBOL (with CICS, DB2, and IMS), REXX, and I current develop applications using Java. I would recommend starting with COBOL because it enforces structured programming techniques. All data elements are strongly typed and must be defined prior to being used (this forces the programmer to think about what data they will be working with, instead of winging it as they go along.) And COBOL encourages modularity and functional cohesiveness in programming (each function of the program is place in its own procedure.) Object oriented techniques can even be used with COBOL (Classes are translated to Nested Programs in COBOL.) One more benefit, COBOL was an early attempt to develop human readable code. And today it still can be written today in sentence and paragraph form. My 3.5 cents worth :-) David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us"David Gillett" <gillettdavid () fhda edu> 02/09/05 03:17PM >>>Since ontology frequently recapitulates philology, you might be well advised to start with the assembly language for a common and reasonably powerful architecture. Pay particular attention to stack management and memory access controls. (An architecture that lacks them -- such as "real" mode on the x86 family, is not sufficiently powerful, you need to include at least one "protected" mode.) The next stop is C, with attention not merely to applications, but to what kind of source code features get compiled to what kind of executable code. Pay particular attention to automatic variables and to the "n versus non-n" string routines, and to dynamic memory management. Most other common languages fall into three major categories: 1. Languages whose compilers implement features in the translation to executable form which parallel C in concept if not in detail. e.g. Pascal, FORTRAN. 2. Languages whose compilers implement features in the translation to executable form which parallel C in concept and in detail. e.g. C++, C#. 3. Languages which are processed to an intermediate form which serves as input to a run-time environment implemented in a language from one of the first two categories. e.g. VBASIC, Java. Many issues such as buffer overflows and some DoS vulnerabilities can be traced to assumptions made by writers in something C-like that get discarded in the translation to the binary executable. Familiarity with both sides of this translation will be a major asset. David Gillett-----Original Message----- From: dayz () planet nl [mailto:dayz () planet nl] Sent: Wednesday, February 09, 2005 12:17 AM To: security-basics () securityfocus com Subject: Programming Hi, I want to begin with learning programming to increase my knowledge about security, but I don't know where to begin. Can someone tell me which programming language is good to start with, and pherhaps what book and/or online guides I should take a look at? It would be nice that if I learn a programming language that it shouldn't be much work to understand another one. I am on Linux and Windows. Thanks for the help. Regards, Ben
Current thread:
- Re: Programming, (continued)
- Re: Programming secans (Feb 10)
- Re: Programming Kevin Carlson (Feb 11)
- Re: Programming Gilles Demarty (Feb 11)
- Re: Programming Brian Knobbs (Feb 11)
- Re: Programming David Heise (Feb 14)
- RE: Programming Rocky Heckman (Feb 14)
- Re: Programming Brian Gehrke (Feb 17)
- RE: Programming Smith, Ryan (Feb 09)
- Re: Programming miguel . dilaj (Feb 10)
- RE: Programming David J ONEILL (Feb 10)
- RE: Programming David Gillett (Feb 11)
- RE: Programming Ernest Nelson (Feb 11)
- Re: Programming linux user (Feb 11)
- Re: Programming zl4t3 (Feb 11)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming Schott, Erik J Mr ANOSC/FCBS (Feb 11)
- Re: Programming Valentin Höbel (Feb 11)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Andrew Aris (Feb 17)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Lepore, Brian (Feb 11)
- Re: Programming David J ONEILL (Feb 14)
(Thread continues...)