LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Art of Unix Programming

The Art of Unix Programming

Posted Feb 13, 2003 13:31 UTC (Thu) by anr (subscriber, #234)
Parent article: The Art of Unix Programming

Quoting the article:

[N]o less than six case studies feature fetchmail (which he wrote), and the examples demonstrating the fortune file format are all about the evils of gun control.

Some questions:

  • fetchmail has had a very bad security history (full of buffer overflows). Is it a good example of UNIX programming?
  • what's pro-gun propaganda doing in a book about programming? Spare us the ideology, please. (disclaimer: I am an anti-gun person).

(Log in to post comments)

The Art of Unix Programming

Posted Feb 13, 2003 15:10 UTC (Thu) by erat (guest, #21) [Link]

1) Lots of software that's well written has a security goof every now and then. Sometimes it isn't the software itself, but a library that it's linked against that's causing the problem. The Linux kernel gets security issues too, but I don't see anyone questioning whether or not it's a quality piece of sofware (it's gotten a bit too "kitchen sink"-ish for my taste, but it's still a high quality piece of work).

2) I have no problem with guns, but even I don't like pro-gun propaganda in the books I read (unless I'm reading a pro-gun book, of course, which is something I've never done).

At the risk of causing ESR to gripe again about how "...[his] own people turn[ed] on [him]...", I'll state that (IMHO) the best thing ESR can do is divorce his writing from his ego and politics and let his technical prowess be the main focus. He's a great guy (I met him once at a local LUG meeting), he's technically brilliant, and he's a fantastic writer, but his ego is the size of Mt. Everest and quite often it seems to get in the way. Case in point: we're discussing his political views on the FSF and gun control instead of the technical merits of the book. How many times does this need to happen before he realizes he'd be doing the community a much more valuable service by just sharing his technical wisdom?

The Art of Unix Programming

Posted Feb 13, 2003 19:27 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

Come on, guys. The book doesn't contain a chapter promoting gun freedom; it just uses pro-gun statements in example text. The example text had to exist one way or another; can't readers just ignore the content?

From a practical point of view, though, I can agree with the point that ESR would be better off using neutral example text. A writer has to take a reader as he finds him, and if the reader is delicate, the writer has to treat him delicately or risk losing the reader.

--
Bryan Henderson
San Jose, California

The Art of Unix Programming

Posted Feb 13, 2003 19:29 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

The kernel is a vastly bigger program than fetchmail, and it is a highly parallel program, while fetchmail is a sequential program. The kernel must protect one process from interfering with another and enforce privilege; for fetchmail the issues are far simpler. Given this, one would expect to see vastly more security issues in the kernel. For its size, fetchmail has had an unexpectedly large number of security holes. It's not unreasonable to ask why this is so.

The Art of Unix Programming

Posted Feb 23, 2003 6:42 UTC (Sun) by linuxtech (guest, #459) [Link]

At the risk of causing ESR to gripe again about how "...[his] own people turn[ed] on [him]..."...

I missed that, care to explain or show us where it is posted?

The Art of Unix Programming

Posted Feb 13, 2003 20:28 UTC (Thu) by edgewood (subscriber, #1123) [Link]

If you don't like Eric's choice of example text, you're free not to buy the book, or write your own.

The Art of Unix Programming

Posted Feb 14, 2003 13:20 UTC (Fri) by mwilck (guest, #1966) [Link]

Sure I can. That's not the point. His egomania draws the attention away from the good parts of the text. Probably it's not even the fact that some people don't share ESR's opinion on gun control. It's the fact that he is bringing up the issue _repeatedly_ in a technical context. He just can't help himself, and that disqualifies him - at least partly - as a technical writer.

The Art of Unix Programming

Posted Feb 13, 2003 22:22 UTC (Thu) by jschrod (subscriber, #1646) [Link]

You've read the answer: Security belongs in the realm of sysadmins, is not important enough for a book about programming.

This opinion alone disqualifies the book, IMNSHO. Only when programmers grasp that it is inherently their task to produce secure software, we will come out of this mess we're in currently. Just have a look at the latest SQL-slammer worm problem - that was not a sysadmin problem, it is a programming problem. (In relation, few systems were taken over and the worm was not dangerous, but the consequences were already large.) And this issue comes up again and again and again.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds