[kwlug-disc] Security arguments

unsolicited unsolicited at swiz.ca
Wed Sep 23 16:04:52 EDT 2009



Raul Suarez wrote, On 09/23/2009 2:25 PM:
>> ----- Original Message ---- From: unsolicited
>> <unsolicited at swiz.ca>
> 
>> These comments make me think of the prevalence of Point & Shoot
>> digital cameras. Everybody goes click >happy. I wonder what the
>> percentage of truly good / desired result / well exposed images
>> happen these days. Vs. the days of film where every image cost X
>> amount as a portion of the film processing and printing costs
> 
> Funny you bring this up, Last months Wired magazine had an article
> on the success of "good enough" for 80% of the people. The mistake
> is having "professionals" using those "good enough" tools.
> 
> E.g. It is OK to click and shoot for my family pictures. It
> wouldn't be OK for a professional photographer doing a cover
> picture.

In general, but not always, that's true. The not always includes the 
old adage 'use just enough tool for the job.'

If sufficient quality for the desired end result is present, use it. 
e.g. If you're making covers for a wedding album and has a run of 6 
copies, go ahead. If it's for a print magazine, not. And, arguably, if 
it's for the web, where the idea of resolution is almost an oxymoron ...

> That was always my argument against using VB for professional
> development. It was OK for end users doing little things, and I saw
> very good professional developers using it successfully, but it was
> inherently a bad language for professional development. This is,
> they had to go out of their way to have a clean application.

But the available knowledge workers for such (non-VB) apps was so 
limited, practically this was impossible. Especially when 'everything 
went VB.' One, somewhat reasonable argument I heard was, develop in VB 
for prototyping, concept development, small deployment (< 10?), or 
business rule development, or when time to market was important, then 
when design perfected, do it in a real language.

Of course, by the time the VB app was overwhelmed, there would be no 
funding for doing it over properly, and the dead horse got perpetually 
beaten. And expanded upon.

Much goes back to educating the managers / budget holders. Much like 
the security education debate of this thread. I pretty much never saw 
a VB app redone.

The debate was particularly poignant with Filemaker Pro vs. MS Access 
vs. MS SQL. One guy I know gave up in disgust and left because of this 
insanity.

Good point, here, with VB. Many parallels to this security thread.

Particularly with, presumably, poor php use being 'good enough.'
(Dancing bear - people clap at a circus for a dancing bear, but just 
because he's dancing, not for how well he's dancing.)

> I agree with Chris, for professional development, scripting has its
> place in the admin room, but not in the front facing applications.
> You can do it, some may even do it successfully but a solid
> compiled language will save you many headaches.

But there are few such. Particularly in the Windows world, where most 
of such work is being done. (My guess / opinion.) Dot net anyone? C#?

Let alone in this day of rapid web deployment / refresh, where time to 
delivery is deemed crucial. Compiled source, particularly given the 
prevalence of 'script kiddies' (for lack of a better word, not meaning 
the usual, more, as Khalid points out, novices) implies a rather 
static design of demonstrably long term use.

This makes me think of the Rogers web site, which seems particularly 
poorly evolving / deployed.



More information about the kwlug-disc_kwlug.org mailing list