Xref: utzoo comp.bugs.4bsd:1678 comp.std.c:4196 comp.lang.c:35536 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!tut.cis.ohio-state.edu!iguana.cis.ohio-state.edu!manson From: manson@iguana.cis.ohio-state.edu (Bob Manson) Newsgroups: comp.bugs.4bsd,comp.std.c,comp.lang.c Subject: Re: Safe coding practices (was Re: Bug in users command) Message-ID: <87681@tut.cis.ohio-state.edu> Date: 26 Jan 91 21:49:09 GMT References: <1991Jan25.021929.10512@tkou02.enet.dec.com> <22878@well.sf.ca.us> <60@garth.UUCP> Sender: news@tut.cis.ohio-state.edu Reply-To: Bob Manson Followup-To: comp.bugs.4bsd Organization: Ohio State University Computer and Information Science Lines: 41 In article <60@garth.UUCP> smryan@garth.UUCP (Steven Ryan) writes: >Recompile what? Is the source always available? Is the build process >properly documented and all build files available? Is the routine >coded so that Joe Average can fix, recompile, and continue in five >minutes? Do you what Joe Average is going to think of you afterwards? I know what I thought of the "person" that hard-coded a limit on the # of /etc/magic entries in AT&Ts file program...and it wasn't kind. No, I didn't have source. No, I couldn't recompile. The solution was to write a replacement that didn't have any such stupid limit coded in it. >Why is it difficult for so-called programmers to avoid arbitrary limits? Because they don't care. I've met several people who call themselves "programmers" that think writing portable, reasonably limit-free code is a joke. They've just got a job to get done, a hacky piece of code to be written, and they don't care what it looks like or if it'll work a year from now. I tend to write any program as if I were going to show it to someone else, someone who could appreciate it and say "That's a really sharp implementation" as opposed to "Who wrote this piece of shit?" I tend to do this simply because I've had to port a wide range of software to various machines, and I can't say that I was pleased to have worked on most of it. I really don't want someone calling me some of the names I've been calling others. You think 1000 users is a large number in a users program? Suppose I decide to start recording all users over a large network in my utmp file? (Wouldn't that be nice...how I hate rwho.) I'll bet that in a few years, 1000 will be far too small....and I won't be able to recompile your program, because let's face it, 99.9% of all Unix distributors don't give source. So get a grip, take the time to create data structures that don't involve fixed-sized arrays, and a lot of people will be much happier with you. I know it's hard to think that not everyone has two machines & 10 users, but it's true. >...!uunet!ingr!apd!smryan Steven Ryan Bob manson@cis.ohio-state.edu