Distribution quote of the week

[Posted February 26, 2014 by ris]

It is theoretically possible to give a loaded gun to a baby; things will probably work out fine. Searching for news about such mishaps, they are quite rare. Still, they do occur, and I suspect the industry has ``warning labels'' regarding leaving guns lying around.

strcpy-related security holes still occur these days, but I think they have been reduced. There has been a slight improvement; software is being written with a little bit more care. Fewer developers are handing strcpy "guns" to their users.

I believe the OpenBSD ``warnings labels'' do play a small part in improving the situation. You don't need to reach all the grumpy programmers who believe they have godlike powers to avoid making overflow mistakes; if you reach some people, you get progress.

-- Theo de Raadt

IMHO, nothing kills corner cases like polymorphism. Remove the conditions and you remove the dark corners where bugs like to hide.

-- John Florian

touting polymorphism

Posted Feb 27, 2014 12:20 UTC (Thu) by HelloWorld (guest, #56129) [Link]

Whether polymorphism is useful depends on what one wants to do. Often people would be better served with sum types (aka algebraic data types), pattern matching and exhaustiveness checks. Unfortunately, sum types haven't caught on nearly as much as product types (aka tuples/structs).
An interesting perspective is cast on the advantages and disadvantages of sum types and polymorphism respectively by the expression problem:
http://en.wikipedia.org/wiki/Expression_problem