Keith Perry on 6 Oct 2018 11:26:35 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The Big Hack: How China used a tiny chip to generate ridiculous replies 

On Friday, October 5, 2018 5:55:56 PM EDT Rich Freeman wrote:
> On Fri, Oct 5, 2018 at 4:58 PM Keith C. Perry
> 
> <kperry@daotechnologies.com> wrote:
> > Even on the software front, too many "programmers" just grab libraries
> > and code from the net.  How many do that **before** flow charting and
> > constructing their solutions with pseudo code or prototypes to see if
> > they want to or should use an existing library?  How many of these
> > programmers fit their solutions around the code they find in the wild
> > versus finding the bits that will fit **their** solution?
> 
> If anything I find the reverse is true.  I am dealing with groups
> exchanging xml and it seems like everybody involved is writing their
> own parsers.  This includes a company that basically specializes in
> EDI interfacing.  It causes various headaches, and if there is a
> problem and I ask somebody if the xml validates they look at me like I
> have two heads.
> 
> If you're about to contemplate writing your own xml parser, DO NOT do
> any flow charting.  DO NOT use pseudo code.  DO NOT think about the
> problem at hand.  JUST USE THE LIBRARY!!!!
> 
> Yes, there are probably situations where that blanket advice.  If you
> work in anything resembling a normal job they don't apply to you...

I would submit that XML and EDI are speciality things but of course there is 
always going to be case where you'll blindly use a library.  Doesn't mean its 
not a [security] risk.  Libraries are still building blocks.  You should have 
some knowledge about what your expected I/O is so you know when the library 
does something "wrong".

Trust but verify.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com





___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug