[kwlug-disc] Security arguments
unsolicited at swiz.ca
Wed Sep 23 16:04:52 EDT 2009
Raul Suarez wrote, On 09/23/2009 2:25 PM:
>> ----- Original Message ---- From: unsolicited
>> <unsolicited at swiz.ca>
>> These comments make me think of the prevalence of Point & Shoot
>> digital cameras. Everybody goes click >happy. I wonder what the
>> percentage of truly good / desired result / well exposed images
>> happen these days. Vs. the days of film where every image cost X
>> amount as a portion of the film processing and printing costs
> Funny you bring this up, Last months Wired magazine had an article
> on the success of "good enough" for 80% of the people. The mistake
> is having "professionals" using those "good enough" tools.
> E.g. It is OK to click and shoot for my family pictures. It
> wouldn't be OK for a professional photographer doing a cover
In general, but not always, that's true. The not always includes the
old adage 'use just enough tool for the job.'
If sufficient quality for the desired end result is present, use it.
e.g. If you're making covers for a wedding album and has a run of 6
copies, go ahead. If it's for a print magazine, not. And, arguably, if
it's for the web, where the idea of resolution is almost an oxymoron ...
> That was always my argument against using VB for professional
> development. It was OK for end users doing little things, and I saw
> very good professional developers using it successfully, but it was
> inherently a bad language for professional development. This is,
> they had to go out of their way to have a clean application.
But the available knowledge workers for such (non-VB) apps was so
limited, practically this was impossible. Especially when 'everything
went VB.' One, somewhat reasonable argument I heard was, develop in VB
for prototyping, concept development, small deployment (< 10?), or
business rule development, or when time to market was important, then
when design perfected, do it in a real language.
Of course, by the time the VB app was overwhelmed, there would be no
funding for doing it over properly, and the dead horse got perpetually
beaten. And expanded upon.
Much goes back to educating the managers / budget holders. Much like
the security education debate of this thread. I pretty much never saw
a VB app redone.
The debate was particularly poignant with Filemaker Pro vs. MS Access
vs. MS SQL. One guy I know gave up in disgust and left because of this
Good point, here, with VB. Many parallels to this security thread.
Particularly with, presumably, poor php use being 'good enough.'
(Dancing bear - people clap at a circus for a dancing bear, but just
because he's dancing, not for how well he's dancing.)
> I agree with Chris, for professional development, scripting has its
> place in the admin room, but not in the front facing applications.
> You can do it, some may even do it successfully but a solid
> compiled language will save you many headaches.
But there are few such. Particularly in the Windows world, where most
of such work is being done. (My guess / opinion.) Dot net anyone? C#?
Let alone in this day of rapid web deployment / refresh, where time to
delivery is deemed crucial. Compiled source, particularly given the
prevalence of 'script kiddies' (for lack of a better word, not meaning
the usual, more, as Khalid points out, novices) implies a rather
static design of demonstrably long term use.
This makes me think of the Rogers web site, which seems particularly
poorly evolving / deployed.
More information about the kwlug-disc