In many modern languages, encoding errors are the number one cause of security flaws in software.
This is going to be long because if you don't have a deep understanding about what is going on, you too will write encoding-based security flaws. Given the widespread state of ignorance about this situation, including a large number of people who don't even believe there is a problem, I do not believe I can make this much shorter.
But before I can discuss any sort of solution, what exactly is the problem? Let us start with a parable.
I've loosely defined the value function (link) to only compare two "things", without further specifying what "things" it can take, because some things we put in there (like CloseToFamily) are fundamentally non-numeric properties. But some people have their own specializations of this value function. One that almost nobody will admit to using, but a lot of people live by, is the Money value function. This function takes just one argument and returns a single concrete number with the unit "Dollars" (or relevant local currency).
This entry is part of the BlogBook called "Programming Wisdom".
When I was a child, I wanted to be like Spock. For those few who do not know whom I mean, Spock was the science officer on the star ship Enterprise in the famous 1960's sci-fi television show Star Trek. His claim to fame was being half-human and half-Vulcan. Vulcans were an alien race who are so naturally violent that they felt themselves forced to renounce their emotions and turn to a life of pure logic, lest they extinguish themselves in endless war. A common misconception is that Vulcans have no emotions; they do, but they rigidly suppress them.
Spock's major character arc involved a conflict between his "human side" and his "Vulcan side", between "emotions" and "logic". During the television series, he had chosen to attempt being pure Vulcan/logical, but he met with less success than he would have liked. Something never made clear was whether this was purely a personal issue or if perhaps being only half-Vulcan made it somehow biologically more difficult to live with the Vulcan philosophies and disciplines. (Most likely even the writers themselves were conflicted over their interpretation of this.)
Spock's initial choice reflects a common view of emotions, that they are intrinsically opposed to logic, unpredictable and uncontrollable, that you are forced to choose either the cold, cruel world of logic, or the squishy, utterly irrational world of emotion and feeling, but that ne'er the twain shall meet. This is view can be seen in our most ancient literature, where the fiery passions of somebody's loins are routinely contrasted with their cold, austere logical mind.
What absolute garbage!
This entry is part of the BlogBook called "Programming Wisdom".
- 4. Nothing is Free
- 2. On Values
My ol' Why Not Mozilla? page recently wandered onto programming.reddit.com, though I wouldn't go clicking through for the comments.
| Past Posts -> |
