tag:blogger.com,1999:blog-8334018989882702842.post2023603802718078794..comments2024-01-12T23:22:31.704-08:00Comments on relativistic observer: How Old Is Your Software?Markhttp://www.blogger.com/profile/05314130812566991108noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8334018989882702842.post-11695834313350575642013-06-17T11:31:45.386-07:002013-06-17T11:31:45.386-07:00Sorry for the lateness of my reply, but...
You kn...Sorry for the lateness of my reply, but...<br /><br />You know what? I usually get notified when people comment on my blog. With your comment, it literally ended up in my Junk mail folder. I guess I don't check my junk mail folder as often as I should (!), but when I checked it today, I found your comment in it.<br /><br />I found it unbelievably ironic!<br /><br />When security is an issue, I learned (in a computer security course I took at UC Berkeley in the late 70s!) that one way security can be defeated is by preventing a message from being received.<br /><br />Apparently spam filters are insecure in a big way.<br /><br />It seems like I should check my junk mail a bit more often to prevent more headaches!<br /><br />--Mark<br />Markhttps://www.blogger.com/profile/05314130812566991108noreply@blogger.comtag:blogger.com,1999:blog-8334018989882702842.post-4589318646813976912013-06-16T10:10:12.033-07:002013-06-16T10:10:12.033-07:00And one more bad thing is that sometimes when you ...And one more bad thing is that sometimes when you really want a company to send you an e-mail, it ends up in the spam filter… It's very annoying to check the spam when you expect something important. So, it's not just a question about blocking the spam, it's also a matter of how to make sure the good mails reach their destiny.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8334018989882702842.post-19781442657750865742012-10-14T15:13:00.050-07:002012-10-14T15:13:00.050-07:00No prob. Developing software is of course my speci...No prob. Developing software is of course my specialty. And it has changed through the years quite a bit. Lately the procedure of file fuzzing is responsible for unearthing loads of buffer overrun and edge case bugs. The best offense is a good defense also, and a static analyzer is key in developing software. GNU has such a tool and it is first rate. Not like the crap I used to use when I was developing my own apps. This stuff is state-of-the-art.<br /><br />White box testing is a procedure used by QA people that uses knowledge of the code to design cases to break it. And this is even better, because a clever human is behind the cracking process.<br /><br />Another main process for verification is, believe it or not, optimization. When optimizing, code can undergo the most amazing amount of inspection and consistency checking. This may happen during the process of removing redundancy, the construction and hoisting of ghost variables, the elimination of variables to cut down on the amount of computation, or even in the algorithmic simplification process.<br /><br />Even so, once this occurs, it is still most of the code that doesn't get optimized, by the 90-10 rule, and so the rest of it has to be examined quite closely.<br /><br />In a unix world, the careless use of strcpy, sprintf, strcat, and other standard library routines becomes something that should simply be outlawed. Those calls can be replaced by strncpy, snprintf, and strncat for instance. But things like memmove and bcopy are especially dangerous.<br /><br />In an Objective C world, these can be replaced by objects that are safe, like NSArray, NSString, NSDictionary, and the like. I prefer to use these because it makes coding easier, but I wouldn't particularly prefer them in the tight loop.<br /><br />Nevertheless, I believe that there is not enough testing in general because software is inherently dangerous and insecure. This is why I believe we should use every weapon in our arsenal to make sure of its security.<br /><br />Particularly on a mobile platform!<br /><br />--Mark<br />Markhttps://www.blogger.com/profile/05314130812566991108noreply@blogger.comtag:blogger.com,1999:blog-8334018989882702842.post-8798672819164960972012-10-14T15:00:30.078-07:002012-10-14T15:00:30.078-07:00Good topic Mark. A related topic is "Do we re...Good topic Mark. A related topic is "Do we really know how to develop software?". I contend we don't. We make lip service about all the great things we are going to do (design review, code review, unit tests and the like), and then we don't bother to do them because there is never enough time. I hope Apple isn't like this, but I know my company is, and it makes me sad. I think I have become a bit cynical... ok a lot cynical in my old age.<br /><br />It is really hard to develop good software, and few people understand that. And finally, the really sad part is that none of them are managers.<br /><br />Sorry to hijack your post, Tommy Z (you know who)TommyZhttp://tomzimmer.wordpress.comnoreply@blogger.com