Re: Words from Theo de Raadt

I must say that I found this interview a bit annoying.

I respect OpenBSD's commitment to security and code audit, but in the meantime I have to produce code and I have deadlines for that, most of us have.

I guess Perl itself can be described as "good enough", it is full of bugs, just watch p5p (or take a look at the archive), so what? Should we not use it?

And before writing a script in Perl that uses CGI, DBI and XML::Parser, something not unheard of, I should know all about all their interfaces? Plus of course the DBD(s) I am using and probably have a look at the code of Expat, not to mention Illya's regexp engine? I am sorry, but that's not the way it works. I read the docs, figure out what I'm interested in in, look around for examples (yes, examples!), and advice on using the modules, design the software and... start coding. While coding I will make mistakes and learn more about the modules. And at some point, long before the code is perfect, I will have to deliver it. And the next time I have to write a similar program I'll do a better job. That's called learning on the job and frankly I can't see any ways around it

I would _love_ to have enough time to produce perfect code all the time, but who does? I have even been told that books, yes even those written by pretty good coders, usually need errata.

I try to do my best and produce the best code I can given the usual constraints of time, (my usually poor) knowledge and environment.

So I find the contempt for "most programmers" that I read in this interview more than a tad irritating.

It won't prevent me from sleeping at night though...

Comment on Re: Words from Theo de Raadt

Replies are listed 'Best First'.
Re: Re: Words from Theo de Raadt by Petruchio (Vicar) on Dec 12, 2000 at 17:28 UTC
I can see your point. Certainly I am in the same position; I often need to get things done at work. I guess I just took the words in a more positive way, as an exhortation to hold yourself to a higher standard. I hear plenty at work and elsewhere about getting things done, and very little about becoming a better programmer, or being proud of your code. And if you consider it, a lot of people don't care. I have a problem with those people too. So I hope you're more sympathetic to my reasons for posting the quotes than to the quotes themselves. Since you are a person trying to do his best, it's a matter of cheering you on, like the spectators in the quote.	[reply]
Re: Re: Words from Theo de Raadt by extremely (Priest) on Dec 12, 2000 at 15:51 UTC
First of all, I think Theo is exasperating. The world needs people like him, but I sure don't have to enjoy knowing what they think. And I doubt I'd enjoy a long conversation with him. In this case, however, his only comment would likely be "Don't call what you do 'secure' then." =) I too wish I had more time to look before I leap when coding. -- $you = new YOU; honk() if $you->love(perl)	[reply]
Re: Re: Words from Theo de Raadt by chromatic (Archbishop) on Dec 14, 2000 at 09:26 UTC
Half of the responsibility resides with library and module authors. First, they have to create sane and usable interfaces. Second, they have to document them clearly. Most importantly, they have to make as few assumptions and interdependencies as possible -- and document the side effects where they can't avoid it. If your library can be used in a multi-threaded environment and, for some reason, a function cannot be interrupted for any reason, make it abundantly clear that there needs to be a mutex. Better yet, provide a different entry point to the function yourself. Given clean and intelligent interfaces and effective documentation, the fault for misuse must lie with other people. Until then, we all share responsibility.	[reply]