Not only a hasty fix, its been a disaster when you consider few worth while students are entering the programming field in the U.S. for fear they'll be outsourced in the future. It was hard enough to find qualified people when I.T. was a desirable field to go into.
Steven S. Ashley
Jonathan Afek and Adi Sharabani of Watchfire Inc. are reporting that they have discovered a reliable method for exploiting a common programming error, dangling pointers, which until now had been considered simply a quality problem. If true this could be a major problem for hundreds if not thousands of existing programs. Jonathan and Adi found the method for remotely exploiting dangling pointers while executing the company's AppScan software against a Web server. The web server crashed in the middle of the scan and upon investigation, a dangling pointer was found, not too surprising, as this is a common programming mistake, especially in C++. The pair also found they could reproduce the error by sending a specially crafted URL to the server. Next they began looking for a way to run their own code on the target machine using the dangling pointer as a starting point. Unfortunately they were successful. In August, Jonathan Afek, will present the technique he and Adi developed for exploiting the dangling pointer at the Black Hat Briefings in Las Vegas. The technique involves using generic dangling pointers to run their own shell code, and is said to work with any application in which there is a dangling pointer. Since there are hundreds perhaps thousands of applications in production with this type of error, this is a very scary discovery and application testing just got a whole lot more difficult and a whole lot more important. It is a whole new class of bugs to look for, on the same order as SQL Injection or Buffer Overflow. Thousand of existing production programs will need to be retested for vulnerability to this type of exploit. Microsoft, of Redmond, Wash., addresses the problem in IIS with one of the July security bulletins, MS07-041 . It should be pointed out that dangling pointers occur primarily in lower level languages and some languages such as Java are not vulnerable to this exploit because they have automatic mechanisms for deallocating memory. For additional information on this error take a look at SearchSecurity.com's article: New hacking technique exploits common programming error Now what do we do with all our existing applications? Test'm?
Steven S. Ashley
H1B Bills purport to help solve the Technology gap in US industry, but really all they do is hold down wages of Information Technology professionals. I think the really reason that H1B exists is to make sure that the MBA's get payed more than the IT guys. And this article goes a long way to providing proof.
Steven S. Ashley
Perhaps crippled is too strong a word, it must be the DBA in me. Any time an application is disconnected from it primary data source, their is a chance that the primary data source will change. The risk of this, and the risk that it can effect the user of the application, vary greatly from application to application. In a lot of cases the data is static enough - (Google Reader, Email) as not to create any problems but I would not want to put a Stock Trading application in the same situation. When I say crippled, I mean "Not Fully Functional", as developers our challenge is to correctly handle these unexpected changes properly. Sorry for any confusion I created. ;)
Steven S. Ashley
It answers the question, What happens to my fancy Google Enabled Web App when the internet is down.. Till today, it was it's DEAD, After today, it's crippled but still alive. One more of the reasons not to Web-base our applications goes down...
Steven S. Ashley
Won't work sound does travel through a vacuum. Seriously pretty good, I think I've worked on that team.:)
Steven S. Ashley
Everyone who is predicting that Outsourcing will eliminate the American Programmer doesn't take into account that sooner or later there will be a very public theft of company proprietary data that will bring down, maybe even bankrupt a major American Company. Then the pendulum will begin to swing back to internal development. The problem is that the American I.T. community is aging and shrinking and we may not be able to complete the swing back to internal development. The shortage will be good news to us, as the demand and therefore wages will be high. That's how I see it. ;)
Steven S. Ashley
I say 3,2,1 because and 3 is the most important: If the unit testing is good and the code passes. Then while I care about the others, I really don't need them until I need to revise the code.
Steven S. Ashley
I'm seriously considering following you. I am just not sure how XP would handle my Core2 Duo would like XP. I had a lot of problems moving my file from my previous notebook to this one and I don't really see what its bought me in advanced features. Let us know how you progress in your efforts.
Steven S. Ashley
I thought they called that Access?? I would not hold my breath, if they could have created a "codeless programming" they would have long ago. Access never turned out they way they thought it would. ;)
Steven S. Ashley