[Techtalk] Theory vs. practice
Mary Gardiner
linuxchix at puzzling.org
Tue Jan 15 11:15:03 EST 2002
On Mon, Jan 14, 2002 at 10:15:07AM -0800, jhamilto at n2h2.com wrote:
> >Yes, but programmers aren't being taught how to avoid these coding
> >errors, or what errors to avoid.
>
> Are you serious? That makes so much more sense. As a sysadmin, It's so
> frustrating to see buffer overflow problems occuring over and over
> again, when it seems like 'buffer overflow' lecture would be the first
> ones taught to a programmer. I shouldn't make such assumptions, since
> I've never taken a programming course. (okay, pascal WAY back when,
> but I flunked miserably).
The trouble is, you could have
Lecture 1: The "buffer overflow" lecture
Lecture 2: The "check your input for database queries" lecture.
Lecture 3: The "watch for printf bugs" lecture.
in between the "how to write a loop" lectures, but then what happens
when you graduate and someone works out how to exploit yet another
sloppy programming technique? Avoiding these sorts of errors as a class means
having an understanding of your programs from the top down and bottom
up, an understanding of your langauge and how they relate to the
underlying concepts in computing, which wouldn't be achieved by teaching
about each little bug one by one and not tieing them to any underlying
ideas about how programs and computers work.
I think good software engineering is part of the answer, but maybe I
should wait for someone whose university actually gave them a course on
it to give their opinion...
-Mary.
--
Mary Gardiner
<mary at puzzling.org>
GPG Key ID: 77625870 (wwwkeys.eu.pgp.net)
More information about the Techtalk
mailing list