Archive for January 26, 2003

Sunday, January 26, 2003

Jason Orendorff (via Mark Pilgrim):

This module provides a single class that wraps the functionality in the os.path module. You wouldn’t think that would be so helpful, but in practice I find it much more pleasant to write and to read.

A Modest Proposal

No one seems that surprised that the MS SQL Worm could exist, and it’s popular to blame Microsoft and the server administrators who use SQL Server. If Microsoft would stop writing buggy software… If the admins had installed the update… If Microsoft had made the update easier to install… Well, I’m inclined to cut Microsoft some slack here. They didn’t screw up on purpose, and they’re not incompetent. Open source software isn’t free of security flaws, either.

It seems that no matter how carefully software is designed and reviewed, people will always be able to find security holes. That is why critical software like this should not be coded in unsafe languages such as C. I’ve read that more than half of all security holes are caused by buffer overflow bugs. Buffer overflows are not possible in a safe language. The solution is not to expect programmers to write bug-free code. We’ve already seen that this is practically impossible for humans to do, unless time and cost are not factors. Instead, we should give these programmers better tools that prevent these classes of errors.

Murphy’s Law Gone Wild


This is not the first time that a hard drive failure has led to a series of other problems that wound up wasting days and days of work. Notice that I had a very respectable backup strategy, everything was backed up daily, offsite. In fact I believe this is the third time that a hard drive failure has led to a series of mishaps that wasted days. Conclusion: backups aren’t good enough. I want RAID mirroring from now on.