Discussion on:
View:
Show:
Do you regularly use functional programming techniques in your software development projects? Do you do so for security reasons?
Whereas I am not a coder of any sort, I do seem to be lacking the confusion of some of the previous posts. I didn't see a claim that the functional paradigm implied automatically more secure code.
I just liked the article for teaching me a little something about programming in general.
I just liked the article for teaching me a little something about programming in general.
While I found the discussion of the different classes of programming languages interesting, I have to say that I was not persuaded that using a functional paradigm or language will make your code any more secure than when using an imperative one. Perhaps the discussion was just too short to be meaningful, but the simple fact that you might eliminate to a degree one of the causes of security flaws by using a different paradigm does not in and of itself mean your code will be more secure. The fact that you are using a different programming paradigm will bring in the possibility of other types of errors and flaws that are inherent to that paradigm. At the least, without further examples and data, I would expect that you probably actually come out more or less even at the end of the day. I would venture to say that you would be much more likely to reduce security flaws through proper analysis, design and testing than by following any particular programming paradigm.
Secure code is not inherent no matter what model you use, or paradigm.
Secure code comes from due dilligence in looking for possible security issues before, during and after developing the program.
[ It's never perfect, you have to keep looking for security issues until it's no longer in use ]
Secure code comes from due dilligence in looking for possible security issues before, during and after developing the program.
[ It's never perfect, you have to keep looking for security issues until it's no longer in use ]
Where did either of you get the idea that the article states a functional programming style means your code is necessarily secure?
Here's a refresher:
"While functional programming does not guarantee the security of the software you build, it can eliminate a whole class of potential problems securing the software that may arise while writing code: state management errors."
That's pretty much the money shot of the article. I added some emphasis to a phrase that bears directly on the manner in which the two of you have acted as though the article suggests functional programming techniques always result in completely secure programs.
Furthermore, the article also cautions:
"Depending on the language you use and how much you must contort your efforts to suit the goal of pure functional programming, you may also end up with code that is more difficult to understand, which in turn may create other security problems, especially during later code maintenance."
Where's the problem, guys?
Here's a refresher:
"While functional programming does not guarantee the security of the software you build, it can eliminate a whole class of potential problems securing the software that may arise while writing code: state management errors."
That's pretty much the money shot of the article. I added some emphasis to a phrase that bears directly on the manner in which the two of you have acted as though the article suggests functional programming techniques always result in completely secure programs.
Furthermore, the article also cautions:
"Depending on the language you use and how much you must contort your efforts to suit the goal of pure functional programming, you may also end up with code that is more difficult to understand, which in turn may create other security problems, especially during later code maintenance."
Where's the problem, guys?
from the balance of the entry's stress on how functional doesn't alter state.
My comment about it was more in support of paying attention to the security of the software, no matter what development model was used, by actively working than anything else though. I know you well enough to know you wouldn't claim security by default with anything.
My comment about it was more in support of paying attention to the security of the software, no matter what development model was used, by actively working than anything else though. I know you well enough to know you wouldn't claim security by default with anything.
apotheon,
The title of your article is "Functional programming techniques can improve software security". I didn't mean to get you all worked up about it, but I simply didn't feel that the article effectively argued that point.
The title of your article is "Functional programming techniques can improve software security". I didn't mean to get you all worked up about it, but I simply didn't feel that the article effectively argued that point.
Functional programming techniques can improve software security
Are you sure you actually read the title at all?
Are you sure you actually read the title at all?
Yes, you didn't say "will", but saying "can" is still a relatively strong affirmation. When I read the article, I felt that its tone was one of recommendation (with disclaimers) rather than one of discussing a possibility. Perhaps I misread your intentions.
My recommendation is that you learn about a style of programming that you may find valuable for reducing the opportunity and incidence for writing exploitable vulnerabilities into your code. If you'd rather just dismiss everything you don't already know as a trade-off, and thus worthless -- well, have fun with that.
OK. Last post - I've wasted enough time "talking" with you. At the end of your article you say:
On the other hand, all else being equal and within reasonable limits, the more you employ a functional approach to programming, the less opportunity there is to introduce security issues into your code by way of state management errors. As such, it is probably in your best interest to learn how to employ a functional style, if you want to write secure code.
The first statement could be true, but, I'm sorry, you're just full of it on that last statement, and it sure sounds to me like you're contradicting yourself. Make up your mind.
Didn't want to be rude, but I figure it's time to start responding in kind...
On the other hand, all else being equal and within reasonable limits, the more you employ a functional approach to programming, the less opportunity there is to introduce security issues into your code by way of state management errors. As such, it is probably in your best interest to learn how to employ a functional style, if you want to write secure code.
The first statement could be true, but, I'm sorry, you're just full of it on that last statement, and it sure sounds to me like you're contradicting yourself. Make up your mind.
Didn't want to be rude, but I figure it's time to start responding in kind...
Did you happen to notice the bit about how it's in your best interest to learn how to employ a functional style?
Do you, somehow, think that not learning how to employ a functional style in programming will ensure you writer more secure code? Is that what you're trying to suggest is true?
. . . or do you in fact agree with me that learning more about programming -- particularly about programming styles that can help you avoid state management errors that contribute to a significant percentage of exploitable vulnerabilities -- might help you write more secure code?
"it sure sounds to me like you're contradicting yourself"
That's probably because you're only "listening" through a filter of confirmation bias. You appear to have an expectation that I've said something unconscionably "wrong", and refuse to notice any evidence to the contrary.
Well . . . good luck with that.
Do you, somehow, think that not learning how to employ a functional style in programming will ensure you writer more secure code? Is that what you're trying to suggest is true?
. . . or do you in fact agree with me that learning more about programming -- particularly about programming styles that can help you avoid state management errors that contribute to a significant percentage of exploitable vulnerabilities -- might help you write more secure code?
"it sure sounds to me like you're contradicting yourself"
That's probably because you're only "listening" through a filter of confirmation bias. You appear to have an expectation that I've said something unconscionably "wrong", and refuse to notice any evidence to the contrary.
Well . . . good luck with that.
Did you happen to notice the bit about how it's in your best interest to learn how to employ a functional style?
Yes, I noticed that, but unfortunately I wasn't convinced that that is necessarily true by the article as it currently stands. It might be in my best interest, but I would need more information in order to determine that.
Do you, somehow, think that not learning how to employ a functional style in programming will ensure you writer more secure code? Is that what you're trying to suggest is true?
Absolutely not.
. . . or do you in fact agree with me that learning more about programming -- particularly about programming styles that can help you avoid state management errors that contribute to a significant percentage of exploitable vulnerabilities -- might help you write more secure code?
I am all for learning more about programming, and I agree that learning more about FP might help me write more secure code. The problem is that we all have a finite amount of time, and so we need to weigh various factors along with the information presented to us to make effective decisions about how we will use our time, and where we will focus our efforts. That means that if we want to look at a new way of doing things, we need to have enough information to help make an effective decision.
I just felt that if I had to make a decision based on the information presented in the article as it is about where I could best spend my time to improve code security, I feel that I would probably be better served by focusing on better analysis, design and testing than on changing programming paradigms.
I'm not saying you don't have a valid point. I just don't think the article discussed it fully enough to sway me. Is it in my best interest to learn about it? It might be. Then again, it might not be; I might be better served by learning about something else. I don't yet have enough information to tell.
"it sure sounds to me like you're contradicting yourself"
That's probably because you're only "listening" through a filter of confirmation bias. You appear to have an expectation that I've said something unconscionably "wrong", and refuse to notice any evidence to the contrary.
Well . . . good luck with that.
No, I'm not saying you said anything wrong. I'm saying that your thesis isn't fully born out by your discussion on the topic. I'm open to being convinced otherwise with more information.
You, on the other hand, have done little more than rebuff and insult and insist that I simply haven't read your article correctly or completely, all of which does nothing to support your position. However, you must be right. If I've misunderstood, then it must be that I'm not as smart as you and simply can't read. I'm sure the problem isn't that the article could be strengthened by including more discussion and information such as examples, personal experience, statistics, etc.
Yes, I noticed that, but unfortunately I wasn't convinced that that is necessarily true by the article as it currently stands. It might be in my best interest, but I would need more information in order to determine that.
Do you, somehow, think that not learning how to employ a functional style in programming will ensure you writer more secure code? Is that what you're trying to suggest is true?
Absolutely not.
. . . or do you in fact agree with me that learning more about programming -- particularly about programming styles that can help you avoid state management errors that contribute to a significant percentage of exploitable vulnerabilities -- might help you write more secure code?
I am all for learning more about programming, and I agree that learning more about FP might help me write more secure code. The problem is that we all have a finite amount of time, and so we need to weigh various factors along with the information presented to us to make effective decisions about how we will use our time, and where we will focus our efforts. That means that if we want to look at a new way of doing things, we need to have enough information to help make an effective decision.
I just felt that if I had to make a decision based on the information presented in the article as it is about where I could best spend my time to improve code security, I feel that I would probably be better served by focusing on better analysis, design and testing than on changing programming paradigms.
I'm not saying you don't have a valid point. I just don't think the article discussed it fully enough to sway me. Is it in my best interest to learn about it? It might be. Then again, it might not be; I might be better served by learning about something else. I don't yet have enough information to tell.
"it sure sounds to me like you're contradicting yourself"
That's probably because you're only "listening" through a filter of confirmation bias. You appear to have an expectation that I've said something unconscionably "wrong", and refuse to notice any evidence to the contrary.
Well . . . good luck with that.
No, I'm not saying you said anything wrong. I'm saying that your thesis isn't fully born out by your discussion on the topic. I'm open to being convinced otherwise with more information.
You, on the other hand, have done little more than rebuff and insult and insist that I simply haven't read your article correctly or completely, all of which does nothing to support your position. However, you must be right. If I've misunderstood, then it must be that I'm not as smart as you and simply can't read. I'm sure the problem isn't that the article could be strengthened by including more discussion and information such as examples, personal experience, statistics, etc.
"It might be in my best interest, but I would need more information in order to determine that."
Translation: "I'm sorry, I just don't believe learning is useful -- at least when recommended by Chad Perrin."
"I am all for learning more about programming, and I agree that learning more about FP might help me write more secure code. The problem"
. . . is that you just contradicted yourself. Wow, that was cool.
"we all have a finite amount of time, and so we need to weigh various factors along with the information presented to us to make effective decisions about how we will use our time, and where we will focus our efforts."
Perhaps you could quote wherever I said "You should drop whatever you're learning right now, and learn this instead, without thinking about how much secure coding I actually need to do or where it should fit into my priorities," 'cause I don't remember saying that. Why does everything I say have to be an absolute "NOWNOWNOW" or "NEVERNEVERNEVER" for you?
"That means that if we want to look at a new way of doing things, we need to have enough information to help make an effective decision."
Sorry, I'm afraid I'd have a difficult time teaching you everything you need to know about functional programming without actually teaching you functional programming -- and that wouldn't fit in a TechRepublic article. I'm sure there are a lot of excellent books on the subject at your local bookstore, though.
If you just wanted to tell me that you're going to have to look into the idea a little more before you set aside time to start learning to employ functional programming techniques in a multiparadigm language, you'd have said so rather than attacking what I said as if the article's title was "You're stupid if you don't do all your programming in Haskell". If you just had specific questions, you would have just asked specific questions rather than assailing me with complaints about how I must be crazy to expect you to drop everything and learn Lisp right now.
"I just felt that if I had to make a decision based on the information presented in the article as it is about where I could best spend my time to improve code security, I feel that I would probably be better served by focusing on better analysis, design and testing than on changing programming paradigms."
So -- if you have to make a decision about where to focus your efforts on improving your skills in a particular area, and you feel you don't have enough information yet to make a decision, your approach is to ignore anything new and stick to the old, and to set out to launch attacks against whoever suggested something new via straw man fallacies.
If I had to make a decision about where to focus my efforts on improving my skills in a particular area, and I felt I didn't have enough information yet to make a decision, my approach would be to investigate a little further, learn a little more, and maybe ask specific questions.
I guess that's a point of divergent approaches to learning things between us.
"I'm not saying you don't have a valid point. I just don't think the article discussed it fully enough to sway me."
Translation: "I'm not saying you don't have a valid point. I'm just saying that I'll ignore what you said, except for the parts where I misrepresent what you said and try to make you out to be incompetent through carefully applied strawman fallacies, because you didn't meet some magical minimal standard for convincing me that would require more than a single article to meet anyway."
"No, I'm not saying you said anything wrong."
Maybe not in this sentence. . . .
"I'm saying that your thesis isn't fully born out by your discussion on the topic."
That's because the article is meant to be an introduction to an idea, not an exhaustive book-length treatise on the subject.
"If I've misunderstood, then it must be that I'm not as smart as you and simply can't read."
Actually, I think the problem is that you misread something early on because you didn't pay as much attention to what I said as you thought you did, then when I corrected the erroneous impression, you got defensive -- and proceeded to search for reasons to disagree with me because of a subconscious imperative to be "right", thus necessitating proving me "wrong".
"the article could be strengthened by including more discussion and information such as examples, personal experience, statistics, etc."
Sure it could -- but then it wouldn't be an article any longer. It would, at minimum, be a lengthy white paper, and more likely a book.
Translation: "I'm sorry, I just don't believe learning is useful -- at least when recommended by Chad Perrin."
"I am all for learning more about programming, and I agree that learning more about FP might help me write more secure code. The problem"
. . . is that you just contradicted yourself. Wow, that was cool.
"we all have a finite amount of time, and so we need to weigh various factors along with the information presented to us to make effective decisions about how we will use our time, and where we will focus our efforts."
Perhaps you could quote wherever I said "You should drop whatever you're learning right now, and learn this instead, without thinking about how much secure coding I actually need to do or where it should fit into my priorities," 'cause I don't remember saying that. Why does everything I say have to be an absolute "NOWNOWNOW" or "NEVERNEVERNEVER" for you?
"That means that if we want to look at a new way of doing things, we need to have enough information to help make an effective decision."
Sorry, I'm afraid I'd have a difficult time teaching you everything you need to know about functional programming without actually teaching you functional programming -- and that wouldn't fit in a TechRepublic article. I'm sure there are a lot of excellent books on the subject at your local bookstore, though.
If you just wanted to tell me that you're going to have to look into the idea a little more before you set aside time to start learning to employ functional programming techniques in a multiparadigm language, you'd have said so rather than attacking what I said as if the article's title was "You're stupid if you don't do all your programming in Haskell". If you just had specific questions, you would have just asked specific questions rather than assailing me with complaints about how I must be crazy to expect you to drop everything and learn Lisp right now.
"I just felt that if I had to make a decision based on the information presented in the article as it is about where I could best spend my time to improve code security, I feel that I would probably be better served by focusing on better analysis, design and testing than on changing programming paradigms."
So -- if you have to make a decision about where to focus your efforts on improving your skills in a particular area, and you feel you don't have enough information yet to make a decision, your approach is to ignore anything new and stick to the old, and to set out to launch attacks against whoever suggested something new via straw man fallacies.
If I had to make a decision about where to focus my efforts on improving my skills in a particular area, and I felt I didn't have enough information yet to make a decision, my approach would be to investigate a little further, learn a little more, and maybe ask specific questions.
I guess that's a point of divergent approaches to learning things between us.
"I'm not saying you don't have a valid point. I just don't think the article discussed it fully enough to sway me."
Translation: "I'm not saying you don't have a valid point. I'm just saying that I'll ignore what you said, except for the parts where I misrepresent what you said and try to make you out to be incompetent through carefully applied strawman fallacies, because you didn't meet some magical minimal standard for convincing me that would require more than a single article to meet anyway."
"No, I'm not saying you said anything wrong."
Maybe not in this sentence. . . .
"I'm saying that your thesis isn't fully born out by your discussion on the topic."
That's because the article is meant to be an introduction to an idea, not an exhaustive book-length treatise on the subject.
"If I've misunderstood, then it must be that I'm not as smart as you and simply can't read."
Actually, I think the problem is that you misread something early on because you didn't pay as much attention to what I said as you thought you did, then when I corrected the erroneous impression, you got defensive -- and proceeded to search for reasons to disagree with me because of a subconscious imperative to be "right", thus necessitating proving me "wrong".
"the article could be strengthened by including more discussion and information such as examples, personal experience, statistics, etc."
Sure it could -- but then it wouldn't be an article any longer. It would, at minimum, be a lengthy white paper, and more likely a book.
More rebuffing. Not surprising at this point, I suppose. Now we're also adding severe misinterpretation and hyperbole. I'll admit that I may have misinterpreted your article as well - perhaps I read it too quickly initially as you stated - but I maintain that I don't think the tone of the article is what you think it is. That's fine. Doesn't matter. We don't have to see eye to eye on that.
To say that I'm "misrepresent[ing] what you said and try[ing] to make you out to be incompetent through carefully applied strawman fallacies" is simply ludicrous. On the other hand, you do seem to be set out to make me look like a fool. Rather than giving cool, reasoned responses you simply attack and insult. You lose credibility when you do that.
Actually, I think the problem is that you misread something early on because you didn't pay as much attention to what I said as you thought you did, then when I corrected the erroneous impression, you got defensive -- and proceeded to search for reasons to disagree with me because of a subconscious imperative to be "right", thus necessitating proving me "wrong" .
Interesting. That last part is actually exactly the impression I have gotten of you through all this. All I've done is try to explain my position. I actually went back twice trying to see why I got the impression I did and got nothing but insults in return when I pointed out why.
Perhaps my initial post was poorly worded, but I stand by everything else I've posted. In any case, you're not doing any better, buddy.
To say that I'm "misrepresent[ing] what you said and try[ing] to make you out to be incompetent through carefully applied strawman fallacies" is simply ludicrous. On the other hand, you do seem to be set out to make me look like a fool. Rather than giving cool, reasoned responses you simply attack and insult. You lose credibility when you do that.
Actually, I think the problem is that you misread something early on because you didn't pay as much attention to what I said as you thought you did, then when I corrected the erroneous impression, you got defensive -- and proceeded to search for reasons to disagree with me because of a subconscious imperative to be "right", thus necessitating proving me "wrong" .
Interesting. That last part is actually exactly the impression I have gotten of you through all this. All I've done is try to explain my position. I actually went back twice trying to see why I got the impression I did and got nothing but insults in return when I pointed out why.
Perhaps my initial post was poorly worded, but I stand by everything else I've posted. In any case, you're not doing any better, buddy.
based on the information presented in the article
I sure hope that isn't standard practice, folks making decisions based on what they read in one article.
I also hadn't realized that this article was attempting to convince anyone to use the functional programming paradigm, I was under the impression that is was an offering of information. Personally, I was impressed with the idea that one could remove a lot of state (hence: vulnerability) by programming in this paradigm. I don't know what kind of statistics could possibly back up that idea. What statistics are needed to show that avoiding the storage of flammable materials in some area will reduce the risk of fire in that area?
If you are looking to be convinced, that is entirely up to you.
I sure hope that isn't standard practice, folks making decisions based on what they read in one article.
I also hadn't realized that this article was attempting to convince anyone to use the functional programming paradigm, I was under the impression that is was an offering of information. Personally, I was impressed with the idea that one could remove a lot of state (hence: vulnerability) by programming in this paradigm. I don't know what kind of statistics could possibly back up that idea. What statistics are needed to show that avoiding the storage of flammable materials in some area will reduce the risk of fire in that area?
If you are looking to be convinced, that is entirely up to you.
It's interesting to see where you've taken this, LyleTaylor. Your latest post is a combination of sarcastic use of "buddy" to show how much you hold me in contempt with a lengthy, thinly veiled "I know you are, but what am I?" response.
Perhaps you could read what seanferd just said and try reading the article with that in mind, rather than just assuming that there must be some kind of ulterior motive in the article to push FP as the One True Way ('cause, y'know, FP isn't the OTW, and I never implied it was).
Perhaps you could read what seanferd just said and try reading the article with that in mind, rather than just assuming that there must be some kind of ulterior motive in the article to push FP as the One True Way ('cause, y'know, FP isn't the OTW, and I never implied it was).
Well, there we agree on something. At this point, I do hold you in contempt, but not for your article or your ideas. Rather because of how you have treated posters that disagreed with you or criticized you in some way. I think Neon Samurai summarized it pretty well:
The disapointment with how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments.
I think this may have been the first time I read or paid attention to posts to your articles, so I'll have to take his word on whether or not your arguments are generally well supported. However, so long as you insist on responding by insult, it doesn't really much matter in my book.
The disapointment with how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments.
I think this may have been the first time I read or paid attention to posts to your articles, so I'll have to take his word on whether or not your arguments are generally well supported. However, so long as you insist on responding by insult, it doesn't really much matter in my book.
"At this point, I do hold you in contempt, but not for your article or your ideas."
Until you said that, I only held your so-called "arguments" in contempt. That, however, has convinced me to add you to the list of things I hold in contempt, along with your "arguments".
. . . not that you care. I just find it amusing that so many people in the world seem incapable of distinguishing the person from the argument.
"Rather because of how you have treated posters that disagreed with you or criticized you in some way."
Many, many people have disagreed with me or criticized my arguments in the past and received better treatments than your arguments have. If you bothered to pay closer attention to what I said here, you might have noticed that, though I take a hard line in discussion (because I expect people to back up what they say with substantive arguments when they challenge something I say), I didn't start out by attacking you.
Criticizing me, rather than my arguments, is a big part of the problem here. Maybe you should rethink your approach in the future.
"I think Neon Samurai summarized it pretty well:"
I think you've overlooked the possibility that at least part of the blame for what Neon Samurai describes is likely your fault. News flash: you aren't infallible.
"However, so long as you insist on responding by insult, it doesn't really much matter in my book."
I don't care to read through the entire discussion right now, but I don't recall responding with actual insults. Maybe I did, but I can guarantee I didn't actually insult you before you insulted me.
On the other hand, I did respond perhaps more harshly (to your arguments) early on than I needed to. I noticed, in skimming through some of our early exchanges, that I responded to your "for example" as though you were the person who had posted the "More complete information" comment as well. It's obvious you identified with that earlier comment, but you did not actually make the earlier comment -- so perhaps you weren't completely on board with techr@ in his/her personal attack on me. I don't know, and I should have allowed for the possibility that you disagreed with him/her on that particular part of techr@'s statements.
So . . . if I have share fault with you for what Neon Samurai described as "how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments," that's where it happened. For that, I apologize.
I don't apologize for my responses to the rest of your comments. You, m'friend, are not nearly so blameless as you seem inclined to believe.
I don't know at this point whether to even care that you find me so contemptible. You haven't said anything to indicate to me that you'll ever have anything of value to contribute to discussion here, and a lot of what you said was either strawman fallacy or argumentum ad hominem fallacy. I don't really value such approaches to discussion.
Until you said that, I only held your so-called "arguments" in contempt. That, however, has convinced me to add you to the list of things I hold in contempt, along with your "arguments".
. . . not that you care. I just find it amusing that so many people in the world seem incapable of distinguishing the person from the argument.
"Rather because of how you have treated posters that disagreed with you or criticized you in some way."
Many, many people have disagreed with me or criticized my arguments in the past and received better treatments than your arguments have. If you bothered to pay closer attention to what I said here, you might have noticed that, though I take a hard line in discussion (because I expect people to back up what they say with substantive arguments when they challenge something I say), I didn't start out by attacking you.
Criticizing me, rather than my arguments, is a big part of the problem here. Maybe you should rethink your approach in the future.
"I think Neon Samurai summarized it pretty well:"
I think you've overlooked the possibility that at least part of the blame for what Neon Samurai describes is likely your fault. News flash: you aren't infallible.
"However, so long as you insist on responding by insult, it doesn't really much matter in my book."
I don't care to read through the entire discussion right now, but I don't recall responding with actual insults. Maybe I did, but I can guarantee I didn't actually insult you before you insulted me.
On the other hand, I did respond perhaps more harshly (to your arguments) early on than I needed to. I noticed, in skimming through some of our early exchanges, that I responded to your "for example" as though you were the person who had posted the "More complete information" comment as well. It's obvious you identified with that earlier comment, but you did not actually make the earlier comment -- so perhaps you weren't completely on board with techr@ in his/her personal attack on me. I don't know, and I should have allowed for the possibility that you disagreed with him/her on that particular part of techr@'s statements.
So . . . if I have share fault with you for what Neon Samurai described as "how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments," that's where it happened. For that, I apologize.
I don't apologize for my responses to the rest of your comments. You, m'friend, are not nearly so blameless as you seem inclined to believe.
I don't know at this point whether to even care that you find me so contemptible. You haven't said anything to indicate to me that you'll ever have anything of value to contribute to discussion here, and a lot of what you said was either strawman fallacy or argumentum ad hominem fallacy. I don't really value such approaches to discussion.
I just find it amusing that so many people in the world seem incapable of distinguishing the person from the argument.
That's a mischaracterization, but I can understand why you feel I fit in that mold. I think these posts were full of miscommunication.
I think you've overlooked the possibility that at least part of the blame for what Neon Samurai describes is likely your fault. News flash: you aren't infallible.
No, I took that understanding from his comment as well.
On the other hand, I did respond perhaps more harshly (to your arguments) early on than I needed to. I noticed, in skimming through some of our early exchanges, that I responded to your "for example" as though you were the person who had posted the "More complete information" comment as well. It's obvious you identified with that earlier comment, but you did not actually make the earlier comment -- so perhaps you weren't completely on board with techr@ in his/her personal attack on me. I don't know, and I should have allowed for the possibility that you disagreed with him/her on that particular part of techr@'s statements.
Yes, I think that's one of the things that set me off. Also, while you may not feel that you actually insulted me before I did you, I suppose that's where we differ. I took your apparent disdain for my reference to the title of the article as an insult. That in conjunction with the reply you reference above was enough for me to start criticizing you personally.
So . . . if I have share fault with you for what Neon Samurai described as "how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments," that's where it happened. For that, I apologize.
Apology accepted. Likewise.
I don't apologize for my responses to the rest of your comments. You, m'friend, are not nearly so blameless as you seem inclined to believe.
Yes, I understand. I think you've misunderstood many of my comments, but I don't like where this has taken me any more than you do.
I don't know at this point whether to even care that you find me so contemptible. You haven't said anything to indicate to me that you'll ever have anything of value to contribute to discussion here
I stopped trying to contribute anything to the discussion beyond defending my initial point when I saw how you were responding. Especially to the two posts referenced above. Apparently, it was a mutual misunderstanding. However, at this point, I've lost interest. We'll see if things go better another time.
and a lot of what you said was either strawman fallacy or argumentum ad hominem fallacy.
No, I can see how you might think that, but that was a misunderstanding. While I did criticize you personally, I tried to keep my "arguments" separate from the criticism. I had no desire to deflect or undermine your position by the criticism. They were all strictly in response to what I thought were insults and undue severity in your responses. I apologize that that wasn't clear.
I don't really value such approaches to discussion.
I completely agree.
That's a mischaracterization, but I can understand why you feel I fit in that mold. I think these posts were full of miscommunication.
I think you've overlooked the possibility that at least part of the blame for what Neon Samurai describes is likely your fault. News flash: you aren't infallible.
No, I took that understanding from his comment as well.
On the other hand, I did respond perhaps more harshly (to your arguments) early on than I needed to. I noticed, in skimming through some of our early exchanges, that I responded to your "for example" as though you were the person who had posted the "More complete information" comment as well. It's obvious you identified with that earlier comment, but you did not actually make the earlier comment -- so perhaps you weren't completely on board with techr@ in his/her personal attack on me. I don't know, and I should have allowed for the possibility that you disagreed with him/her on that particular part of techr@'s statements.
Yes, I think that's one of the things that set me off. Also, while you may not feel that you actually insulted me before I did you, I suppose that's where we differ. I took your apparent disdain for my reference to the title of the article as an insult. That in conjunction with the reply you reference above was enough for me to start criticizing you personally.
So . . . if I have share fault with you for what Neon Samurai described as "how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments," that's where it happened. For that, I apologize.
Apology accepted. Likewise.
I don't apologize for my responses to the rest of your comments. You, m'friend, are not nearly so blameless as you seem inclined to believe.
Yes, I understand. I think you've misunderstood many of my comments, but I don't like where this has taken me any more than you do.
I don't know at this point whether to even care that you find me so contemptible. You haven't said anything to indicate to me that you'll ever have anything of value to contribute to discussion here
I stopped trying to contribute anything to the discussion beyond defending my initial point when I saw how you were responding. Especially to the two posts referenced above. Apparently, it was a mutual misunderstanding. However, at this point, I've lost interest. We'll see if things go better another time.
and a lot of what you said was either strawman fallacy or argumentum ad hominem fallacy.
No, I can see how you might think that, but that was a misunderstanding. While I did criticize you personally, I tried to keep my "arguments" separate from the criticism. I had no desire to deflect or undermine your position by the criticism. They were all strictly in response to what I thought were insults and undue severity in your responses. I apologize that that wasn't clear.
I don't really value such approaches to discussion.
I completely agree.
I'd much rather stay right here on my bar stool and watch you to exchange punches rather than get dragged down into the mosh pit.
I know Apotheon's history and even having been on the recieving end of it, I value his input based on observations in more technical discussions and having been a part of most of those discussions.
If I may before I turn back to my pint; I'd recommend reading over his other articles on the topic of security. I'd also love to see an emotionless list of reasons why you felt so objectionable to the article and programing aproach in general.
As a courtisy, I checked your profile and other posts before my first comment in this forum but could see no indication of your technical knowledge level to which I could apropriatly taylor my tone. If you've a long history of software development, a technological exchange between the two of you would be very much worth turning back around to watch.
I know Apotheon's history and even having been on the recieving end of it, I value his input based on observations in more technical discussions and having been a part of most of those discussions.
If I may before I turn back to my pint; I'd recommend reading over his other articles on the topic of security. I'd also love to see an emotionless list of reasons why you felt so objectionable to the article and programing aproach in general.
As a courtisy, I checked your profile and other posts before my first comment in this forum but could see no indication of your technical knowledge level to which I could apropriatly taylor my tone. If you've a long history of software development, a technological exchange between the two of you would be very much worth turning back around to watch.
Yes, I understood that when I read it, and I fully accept that. I didn't want to drag you into the pit; I just felt that you hit the nail on the head.
I'd recommend reading over his other articles on the topic of security.
Yes, I may do that.
I'd also love to see an emotionless list of reasons why you felt so objectionable to the article and programing aproach in general.
Well, I tried to make that clear in my posts, but I guess I've done a very poor job of it. I don't have any problems with the programming approach in general, or with the assertion that it may help improve code security.
My problem was with what I thought was the tone of the article. When I read it, I understood, "this is something that can improve code security, you should do it." I simply don't feel the article sufficiently supports that view. However, Chad has since corrected me, and I understand that was not his intent.
As a courtisy, I checked your profile and other posts before my first comment in this forum but could see no indication of your technical knowledge level to which I could apropriatly taylor my tone. If you've a long history of software development, a technological exchange between the two of you would be very much worth turning back around to watch.
Thanks, I appreciate that. I have been programming for approximately 25 years, professionally for about 13. I have used a variety of languages and paradigms through the years (including a little functional programming - although, that was a long time ago) and have developed on multiple platforms. Through all that, I feel that I have developed a good understanding of how to develop solid applications and understand many of the ins and outs of various ways of doing things. Unfortunately, none of that was born out here.
If I understood Chad correctly, that he was simply recommending that this would be a good think to look into, then I'm OK. Perhaps we'll have the opportunity to have a meaningful exchange on another topic.
I'd recommend reading over his other articles on the topic of security.
Yes, I may do that.
I'd also love to see an emotionless list of reasons why you felt so objectionable to the article and programing aproach in general.
Well, I tried to make that clear in my posts, but I guess I've done a very poor job of it. I don't have any problems with the programming approach in general, or with the assertion that it may help improve code security.
My problem was with what I thought was the tone of the article. When I read it, I understood, "this is something that can improve code security, you should do it." I simply don't feel the article sufficiently supports that view. However, Chad has since corrected me, and I understand that was not his intent.
As a courtisy, I checked your profile and other posts before my first comment in this forum but could see no indication of your technical knowledge level to which I could apropriatly taylor my tone. If you've a long history of software development, a technological exchange between the two of you would be very much worth turning back around to watch.
Thanks, I appreciate that. I have been programming for approximately 25 years, professionally for about 13. I have used a variety of languages and paradigms through the years (including a little functional programming - although, that was a long time ago) and have developed on multiple platforms. Through all that, I feel that I have developed a good understanding of how to develop solid applications and understand many of the ins and outs of various ways of doing things. Unfortunately, none of that was born out here.
If I understood Chad correctly, that he was simply recommending that this would be a good think to look into, then I'm OK. Perhaps we'll have the opportunity to have a meaningful exchange on another topic.
"I took your apparent disdain for my reference to the title of the article as an insult."
Not to be confrontational, or anything -- but if you take personal insult to my dismissal of an argument, that sounds like a personal problem. Your willingness to take insult where none was indicated is not my problem.
"I stopped trying to contribute anything to the discussion beyond defending my initial point when I saw how you were responding."
Maybe you should have examined your initial "point" to see whether it was even worth defending. I'm still pretty sure that, somewhere in there, you just got yourself caught up in defending something to the point that you never considered what I had to say in opposition beyond recognizing its opposition and looking for ways to counterattack. Meanwhile, I kept searching in vain for some statement you might make that could call any statement of mine into question.
The closest you got was ignoring some of the nuances of my statements, reading into what I said rather than simply reading it.
"While I did criticize you personally, I tried to keep my 'arguments' separate from the criticism."
You didn't really have relevant arguments -- so if the criticisms weren't meant to stand in for arguments, I don't have any clue what you were doing.
I'm willing to take your word for it for now. You're better qualified to explain your intent than I am, and I don't have any specific evidence to the contrary. It just seems odd to me that your statements basically all consisted of straw men and personal criticism, without any particular dividing line between them, but the criticism didn't qualify as an argumentum ad hominem fallacy.
As such, I guess I'm just confused about what you meant to accomplish.
"We'll see if things go better another time."
I guess so.
Not to be confrontational, or anything -- but if you take personal insult to my dismissal of an argument, that sounds like a personal problem. Your willingness to take insult where none was indicated is not my problem.
"I stopped trying to contribute anything to the discussion beyond defending my initial point when I saw how you were responding."
Maybe you should have examined your initial "point" to see whether it was even worth defending. I'm still pretty sure that, somewhere in there, you just got yourself caught up in defending something to the point that you never considered what I had to say in opposition beyond recognizing its opposition and looking for ways to counterattack. Meanwhile, I kept searching in vain for some statement you might make that could call any statement of mine into question.
The closest you got was ignoring some of the nuances of my statements, reading into what I said rather than simply reading it.
"While I did criticize you personally, I tried to keep my 'arguments' separate from the criticism."
You didn't really have relevant arguments -- so if the criticisms weren't meant to stand in for arguments, I don't have any clue what you were doing.
I'm willing to take your word for it for now. You're better qualified to explain your intent than I am, and I don't have any specific evidence to the contrary. It just seems odd to me that your statements basically all consisted of straw men and personal criticism, without any particular dividing line between them, but the criticism didn't qualify as an argumentum ad hominem fallacy.
As such, I guess I'm just confused about what you meant to accomplish.
"We'll see if things go better another time."
I guess so.
Your willingness to take insult where none was indicated is not my problem.
I would say that none was intended. I would not necessarily say that none was indicated - there's room for interpretation there. But that's OK, it's not important any more.
Maybe you should have examined your initial "point" to see whether it was even worth defending.
I stopped defending my initial point when you indicated that I misread your intentions. The rest, unfortunately, was essentially off topic responses to responses.
I'm still pretty sure that, somewhere in there, you just got yourself caught up in defending something to the point that you never considered what I had to say in opposition beyond recognizing its opposition and looking for ways to counterattack.
Again, not my intention, but that's OK. Or, to put it differently, the fact that you keep saying things I disagree with doesn't mean that I'm out to get you.
Meanwhile, I kept searching in vain for some statement you might make that could call any statement of mine into question.
The closest you got was ignoring some of the nuances of my statements, reading into what I said rather than simply reading it.
Strictly speaking, there is no such thing as simply reading without reading into . All communication is inherently personal and involves (hopefully) common context that contributes to or is part of the meaning of what is being said. In addition, different people have a different understanding of what words mean or imply. I think that's where we fall.
To me, simply reading, you didn't say what you indicated to me that you meant. I understand what you said differently than you do. That's fine - you corrected my understanding. Some will read it the way you intended; others will read it the way I did. In the latter case, if they can wade through the mess that is these posts, they'll find your explanation and understand correctly.
You didn't really have relevant arguments
We'll agree to disagree on that statement as well, but we can't expect to be reconciled on everything.
As such, I guess I'm just confused about what you meant to accomplish.
Well, that's too bad and a bit disappointing. Hopefully I'll do better next time.
In any case, I look forward to reading future articles and hope that we have a chance to have a meaningful discussion sometime. Best of luck to you.
I would say that none was intended. I would not necessarily say that none was indicated - there's room for interpretation there. But that's OK, it's not important any more.
Maybe you should have examined your initial "point" to see whether it was even worth defending.
I stopped defending my initial point when you indicated that I misread your intentions. The rest, unfortunately, was essentially off topic responses to responses.
I'm still pretty sure that, somewhere in there, you just got yourself caught up in defending something to the point that you never considered what I had to say in opposition beyond recognizing its opposition and looking for ways to counterattack.
Again, not my intention, but that's OK. Or, to put it differently, the fact that you keep saying things I disagree with doesn't mean that I'm out to get you.
Meanwhile, I kept searching in vain for some statement you might make that could call any statement of mine into question.
The closest you got was ignoring some of the nuances of my statements, reading into what I said rather than simply reading it.
Strictly speaking, there is no such thing as simply reading without reading into . All communication is inherently personal and involves (hopefully) common context that contributes to or is part of the meaning of what is being said. In addition, different people have a different understanding of what words mean or imply. I think that's where we fall.
To me, simply reading, you didn't say what you indicated to me that you meant. I understand what you said differently than you do. That's fine - you corrected my understanding. Some will read it the way you intended; others will read it the way I did. In the latter case, if they can wade through the mess that is these posts, they'll find your explanation and understand correctly.
You didn't really have relevant arguments
We'll agree to disagree on that statement as well, but we can't expect to be reconciled on everything.
As such, I guess I'm just confused about what you meant to accomplish.
Well, that's too bad and a bit disappointing. Hopefully I'll do better next time.
In any case, I look forward to reading future articles and hope that we have a chance to have a meaningful discussion sometime. Best of luck to you.
I've been a programmer for some 25 years, in a variety of languages and I don't know what you're talking about.
You mention 'functional programming' but for the benefit of those of us that haven't programmed in Haskell, Erlang, Lisp, or Scheme, you give no code (or pseudocode) examples, nor do you really explain what it is or how it works. You tell us how it doesn't work - it doesn't use variables. A comparative demo, or even a link to such a comparision, would have been nice.
You say that using that style of programming can make programs more 'secure'. Are you talking about code security or integrity? It may be that functional code tends not to break as often (I'll have to take your word on that). But I kind of agree with some of the other respondents, that that, in and of itself, doesn't make your code more immune to exploits.
Also, this is a small thing I guess, but you keep referring to ECMAScript. Every time I saw that term I had to scratch my head. What the heck is that? Oh, I think he's referring to JavaScript. That's what the programmers who actually use it call it. Puts me in mind of the tourist who tells the NYC cabby to "take me to Avenue of the Americas". Oh, you mean 6th Avenue?
Dave
You mention 'functional programming' but for the benefit of those of us that haven't programmed in Haskell, Erlang, Lisp, or Scheme, you give no code (or pseudocode) examples, nor do you really explain what it is or how it works. You tell us how it doesn't work - it doesn't use variables. A comparative demo, or even a link to such a comparision, would have been nice.
You say that using that style of programming can make programs more 'secure'. Are you talking about code security or integrity? It may be that functional code tends not to break as often (I'll have to take your word on that). But I kind of agree with some of the other respondents, that that, in and of itself, doesn't make your code more immune to exploits.
Also, this is a small thing I guess, but you keep referring to ECMAScript. Every time I saw that term I had to scratch my head. What the heck is that? Oh, I think he's referring to JavaScript. That's what the programmers who actually use it call it. Puts me in mind of the tourist who tells the NYC cabby to "take me to Avenue of the Americas". Oh, you mean 6th Avenue?
Dave
Steve Yegge refers to ECMAScript by name when it's appropriate to mention ECMAScript instead of the more narrow term JavaScript. You know -- Steve Yegge, the guy who ported Rails to JavaScript/Rhino at Google.
Brendan Eich refers to ECMAScript by name when it's appropriate to mention ECMAScript instead of the more narrow Term JavaScript. You know -- Brendan Eich, the guy who invented JavaScript at Netscape. (If you actually listen to the podcast at that location, you may notice Eich mentions some other ECMAScript dialects, too.)
I guess maybe these guys aren't the sort of people who actually use JavaScript, though, by your definitions.
(edit: fixed the podcast link)
Brendan Eich refers to ECMAScript by name when it's appropriate to mention ECMAScript instead of the more narrow Term JavaScript. You know -- Brendan Eich, the guy who invented JavaScript at Netscape. (If you actually listen to the podcast at that location, you may notice Eich mentions some other ECMAScript dialects, too.)
I guess maybe these guys aren't the sort of people who actually use JavaScript, though, by your definitions.
(edit: fixed the podcast link)
I'm with you, too much presumption of FP knowledge and not enough information. A great primer to FP IMHO http://en.wikipedia.org/wiki/Functional_programming
As for the ECMAScript, I think this is more of a "serial port" versus RS-232, RS-485 thing. Javascript is a ECMAScript rather than being ECMAScript. http://en.wikipedia.org/wiki/Ecmascript The history has a quote from Brendan Eich about the name.
As for security, it seems like me saying I take the train to avoid being in a automobile accidient; I may mitigate that part of security risks, but exchange it for a different security risk. I think that the non-strict execution plan is more of a security benefit than state management; it's more like a moving target.
As for the ECMAScript, I think this is more of a "serial port" versus RS-232, RS-485 thing. Javascript is a ECMAScript rather than being ECMAScript. http://en.wikipedia.org/wiki/Ecmascript The history has a quote from Brendan Eich about the name.
As for security, it seems like me saying I take the train to avoid being in a automobile accidient; I may mitigate that part of security risks, but exchange it for a different security risk. I think that the non-strict execution plan is more of a security benefit than state management; it's more like a moving target.
"I may mitigate that part of security risks, but exchange it for a different security risk."
Really? Please offer an example of a security risk trade-off.
Really? Please offer an example of a security risk trade-off.
While I may not get in a car accident, my chances of getting hit by a car may go up. My chances of getting mugged go up. Now there's the possibility of a train accident which wasn't there before.
Which way is inherently better? Don't know. There's not enough information here to say. It's the same for FP. Each paradigm, language or way of doing things has its own inherent problems, so there's always a trade off. Maybe FP can help, maybe not - there's not enough information here to effectively support either direction.
Which way is inherently better? Don't know. There's not enough information here to say. It's the same for FP. Each paradigm, language or way of doing things has its own inherent problems, so there's always a trade off. Maybe FP can help, maybe not - there's not enough information here to effectively support either direction.
I asked for examples, not analogies. I know how trade-offs work in general. I just wonder whether you're claiming there are trade-offs in this case because you actually know something about the subject, or you're just making crap up in a vacuum because you're looking for excuses to disagree with me.
No, not trying to disagree with you, but I can see there's no point in trying to discuss it nicely anymore. Have a nice day.
I'd be happy to simply see you try to discuss it at all -- rather than just go on at great length about how I said things I never said.
Apoth tends to provide an unbudging possition but he does also support his possition.
Where I become more curious about the theater production is in understanding Lyle's credentials. After reading his posts, I don't see any indication of his education or experience. I'd love to see some supporting points on why he feels the content presented is not valid; something beyond criticizing the article. Maybe focusing on informed reasons why the programming approach is not applicable to improving code quality.
I'm no developer but I know enough coding to learn from intelligent developers chatting. Sadly, this wasn't that.
Where I become more curious about the theater production is in understanding Lyle's credentials. After reading his posts, I don't see any indication of his education or experience. I'd love to see some supporting points on why he feels the content presented is not valid; something beyond criticizing the article. Maybe focusing on informed reasons why the programming approach is not applicable to improving code quality.
I'm no developer but I know enough coding to learn from intelligent developers chatting. Sadly, this wasn't that.
"Apoth tends to provide an unbudging possition but he does also support his possition."
I'm far more likely to "budge" when someone offers logical arguments rather than weirdly inapplicable criticisms of arguments I haven't made.
I may look "unbudging" to you, but it's difficult to justify changing my mind when people simply don't address my points -- let alone provide actually compelling counterarguments.
I'm far more likely to "budge" when someone offers logical arguments rather than weirdly inapplicable criticisms of arguments I haven't made.
I may look "unbudging" to you, but it's difficult to justify changing my mind when people simply don't address my points -- let alone provide actually compelling counterarguments.
I've seen you run a discussion/debate through to the bloody end more than once and always with well supported points. I've learned a great deal and been confronted with the need to rethink my own ideas in some cases along with seeing cases where you yourself have discovered things worth putting more consideration into. You tend to do a very thorough analysis of your ideas before you present them or question others.
I mean unbudging in terms of not fickle about your ideas and confrontation as a good thing not unbudging in terms of cynically aposed to ever reconsidering a topic's points. I think that's a good thing.
The disapointment with how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments.
I mean unbudging in terms of not fickle about your ideas and confrontation as a good thing not unbudging in terms of cynically aposed to ever reconsidering a topic's points. I think that's a good thing.
The disapointment with how this forum sprawled off your article was that it didn't discuss Lyle's objection to the article in anything more than superficial school-yard arguments.
I didn't take offense to anything you said, Neon. I interpreted the bit about "unbudging" as a neutral observation, and just felt like addressing it with a bit of explanation about how I approach discussions in a way that might be viewed as "stubborn" by others.
It's nice to know someone has noticed that I do occasionally find something worth considering here, and do consider it, anyway. Mostly, when someone comments on the fact I didn't do a 180 and accept everything that person said, the person assumes it's because I'm some kind of mean ol' ogre -- and it never seems to occur to such people that perhaps they haven't said anything convincing, or (in many cases) even logically supported.
It's nice to know someone has noticed that I do occasionally find something worth considering here, and do consider it, anyway. Mostly, when someone comments on the fact I didn't do a 180 and accept everything that person said, the person assumes it's because I'm some kind of mean ol' ogre -- and it never seems to occur to such people that perhaps they haven't said anything convincing, or (in many cases) even logically supported.
Not mine.
My instant reaction, probably like yours, is to grab it and shake to see what comes out. Specially so if integral to your point. You know, or I hope you do: structural concomitance, and all.
But I only grab and release, casually, not causally, the way I think you employed it. At least, largely so.
My instant reaction, probably like yours, is to grab it and shake to see what comes out. Specially so if integral to your point. You know, or I hope you do: structural concomitance, and all.
But I only grab and release, casually, not causally, the way I think you employed it. At least, largely so.
I just wanted to be overly clear as text is such an easy medium to misinterpret. Now, I'm going to hunker over to that empty bar stool beside Seanferd and go back into lurker mode.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
