January 2008 Archives

I was perusing some job descriptions recently, and ran across the interesting phrase "robust programming".

The manner in which it was in the job description seemed to indicate that it was likely more than my immediate thought on the topic. Robust meaning that it has a quality of being sturdy and able to withstand change, I took this to mean that it was a form of fail-safe programming. That it was the concepts that you program to gracefully and properly handle errors, and try to write programs in a fashion that they were difficult to break. Being curious, I went out into that great big research resource (aka The Internet) and did a couple searches to see if I could find more information.

Of course, I did.

First stop, wikipedia:

In computing terms, robustness is the resilience of the system under stress or when confronted with invalid input. It is the ability of the software system to maintain function even with the changes in internal structure or external environment. For example, an operating system is considered robust if it operates correctly when it is starved of memory or disk storage space, or when confronted with an application that has bugs or is behaving in an "illegal" manner, such as trying to access memory or storage belonging to other tasks in a multitasking system.

Ages ago, when I was learning object oriented programming for the first time, I recall learning about Parnas' Principle which states:

The developer of a software component must provide the intended user with all the information needed to make effective use of the services provided by the component, and should provide no other information.

The developer of a software component must be provided with all the information necessary to carry out the given responsibilities assigned to the component, and should be provided with no other information.

So, both sides of an object, a function, a method, a procedure, a program, etc. should give the other side all the information they need to take the expected action, and only the information needed. This fits in very well with security models, only tell them what they need to know to do what they are supposed to do, and only accept the information that is necessary for the action but only the information needed for the action.

In my searching, I ran into what seems like a very thorough covering of the topic of robust programming by Matt Bishop at UCDavis

It's interesting reading, and makes you realize how fragile the typical programming really is. One thing that I hadn't thought about previously, when you get a data structure as part of an interface to a library, how much can you mangle the structure by filling it with inappropriate values and get 'unexpected results' which can be used to your advantage.

Hopefully, with more use of test-driven developement, pair programming, robust programming, and people focusing on writing bomb-proof code, we will see fewer security issues in software.

Honestly, I'm not holding my breath because everyone seems to think that their code is either invulnerable, or not important enough for someone to care about how secure it is.

I recently had a party for a bunch of friends, and while I like pasta salads they have in the past gone largely untouched. This makes me sad, so I decided to throw together a different kind of pasta salad, thinking that possibly that was the problem. (Not everyone likes the typical mayonnaise-coated pasta salads, though I admit to being similarly picky.)

i decided on something vaguely mediterranean themed, but without the olives (because I can't stand them). The ingredient list I came up with was:

• Orzo
• Olive Oil (Good quality extra virgin)
• Garlic, minced
• Basil, chiffonade
• Salt and Pepper, ground
• Artichoke hearts, sliced
• Feta, sliced (a good feta, please)
• Prosciutto, sliced into thin strips
• Lightly Roasted Pine Nuts
• Optional: Olives, also sliced.

Chop the garllic and basil and dump into a bunch of olive oil and let sit as you cook the orzo per the directions. You can work on prepping the artichokes, the feta, the prosciutto, and shudder the olives while the orzo is cooking. (Honestly, I also did the olive oil, garlic, and basil while the pasta was cooking as well.) Pour the hopefully seasoned olive oil, with all the seasonings over the orzo and stir. Use a big bowl with lots of room, think of it as similar to making sushi rice where you want to get it nice and fluffy. Add more olive oil and basil chiffonade as appears reasonable. Dump in the artichoke hearts and stir through. Salt and pepper some, remember that there the feta and prosciutto are going to add to the flavors. Once the orzo has cooled sufficiently (this may be aided with a refrigerator) add the feta and the prosciutto, again stir through. Do a final taste and season with salt and pepper, and if anything else in the spice rack looks like it should be added feel free to improve(-ize). Chill for a couple hours and serve.