Tyler, can you forward that off list email along? Take care, Sina -----Original Message----- From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of black ares Sent: Thursday, November 18, 2010 11:05 PM To: programmingblind@xxxxxxxxxxxxx Subject: Re: Good resource for beginning programmers can I have those papers too? matematicianu2003@xxxxxxxxxxx ----- Original Message ----- From: "Sina Bahram" <sbahram@xxxxxxxxx> To: <programmingblind@xxxxxxxxxxxxx> Sent: Thursday, November 18, 2010 10:46 PM Subject: RE: Good resource for beginning programmers > Sure, I can send you some papers, including one of the ones I published in > that space. > > I'll send those to you off line. I warn you that it requires a good > understanding of operating systems, because the authors only get > 10 pages, double column, 9 point font, and they don't waste time > explaining what a page fault handler does, but know that anything > you don't understand, you can simply ask about or look up in Wikipedia. > > Now, you did mention one thing that I'd like to touch on. You mentioned > damaging the hard drive. Damaging it without root privilege > might be a bit tricky, although possible of course, but damaging the data > on it could be very likely ... You write 0's to the wrong > places using a raw enough addressing mode, and you can corrupt file > systems and do all sorts of nasty stuff. > > So be careful with disk IO, as corrupting data is doable if you're not > careful. > > As far as being scared of c++, I would say that I'm scared of a hammer > when some crazy person is aiming it at my head; otherwise, I > use it to construct things made out of wood and nails, so a tool is a tool > is a tool., is the moral of that particular metaphor. > > Take care, > Sina > > -----Original Message----- > From: programmingblind-bounce@xxxxxxxxxxxxx > [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Littlefield, > Tyler > Sent: Thursday, November 18, 2010 3:34 PM > To: programmingblind@xxxxxxxxxxxxx > Subject: Re: Good resource for beginning programmers > > Awesome. Well, the point was to keep the OP from getting scared away from > c++ in the thought that as alix posted, you could ruen > your harddrive, bla bla. On another note, I am kind of curious about some > of these attacks you talked about. Is there a good place > to learn about them? I can understand the page fault handler; I'd assume > you'd just do whatever you want then call the one before or > whatever, but I'd like to learn a lot more of the theory behind the > attacks, try the code on a box that I can afford to crash a time > or 10, etc. > > On 11/18/2010 1:31 PM, Sina Bahram wrote: >> Oh for sure. >> >> Otherwise, all you're going to do is simply crash your own program. >> It's hard to even get a old fashioned blue screen anymore, much less >> accidentally corrupt someone else's address space. >> >> Take care, >> Sina >> >> -----Original Message----- >> From: programmingblind-bounce@xxxxxxxxxxxxx >> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of >> Littlefield, Tyler >> Sent: Thursday, November 18, 2010 3:28 PM >> To: programmingblind@xxxxxxxxxxxxx >> Subject: Re: Good resource for beginning programmers >> >> Hahaha. That sounds fun. I guess the point I'm trying to make: you >> have to intentionally try to get to this point. You can do these lovely >> things, but in order to get there, you have to knowingly > escolate privileges, inject code, whatever. >> On 11/18/2010 1:24 PM, Sina Bahram wrote: >>> Nope, none of them require API's. >>> >>> You can do some really weird things with privilege escalation, and >>> then it's all over. Jump to lib attacks, return oriented programming, >>> jump oriented programming, basic stack smashing, basic heap >>> overflows, dll injection, ring -1, -2, and -3 level attacks depending >> on virtualization technologies being used, page table corruption attacks, >> chain of trust invalidation, etc, etc, etc. >>> That's only the latest stuff. You'd be amazed how many attacks from >>> pre 2005 still work. For example, you overwrite the interrupt >>> descriptor table, grab some debug registers, point one of them at >>> your page fault exception handler, and it's over ... There is no >> way to detect that sucker, no matter how good your antivirus is. >>> Take care, >>> Sina >>> >>> -----Original Message----- >>> From: programmingblind-bounce@xxxxxxxxxxxxx >>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of >>> Littlefield, Tyler >>> Sent: Thursday, November 18, 2010 3:18 PM >>> To: programmingblind@xxxxxxxxxxxxx >>> Subject: Re: Good resource for beginning programmers >>> >>> Well, you need to go through an API usually, no? It's not going to >>> happen with a dangling pointer in a normal app. >>> On 11/18/2010 1:16 PM, Sina Bahram wrote: >>>> Not hard at all, just minorly annoying. >>>> >>>> Take care, >>>> Sina >>>> >>>> -----Original Message----- >>>> From: programmingblind-bounce@xxxxxxxxxxxxx >>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of >>>> Littlefield, Tyler >>>> Sent: Thursday, November 18, 2010 3:04 PM >>>> To: programmingblind@xxxxxxxxxxxxx >>>> Subject: Re: Good resource for beginning programmers >>>> >>>> That's what I was getting at; the whole virtual addressing and stuff. >>>> He was making it sound as if: >>>> int i[10] >>>> i[10]=300 >>>> Was going to make things go boom. :) I jus didn't want the OP to be >>>> scared off. Windows and *nix both have virtual addressing, so accessing >>>> bob's process from joe's process is fairly hard. >>>> On 11/18/2010 12:57 PM, qubit wrote: >>>>> Hi Ty -- I am not sure about windows so take this with a grain of >>>>> salt, but it is true that an OS does have some protections, such as >>>>> preventing writing to someone else's virtual memory, to guard >>>>> against malware. However a truely pathological C++ program can use >>>>> pointers to do some interesting things with stack frames that will >>>>> cause a lot of very strange behavior. >>>>> But no, it won't go outside the process's virtual space, fortunately. >>>>> And perhaps it varies with the OS. >>>>> Keep in mind though that a debugger is just a program, and needs to >>>>> have the ability to control a process and therefore needs to be >>>>> able to write to addresses that are otherwise protected. >>>>> I particularly enjoyed debugger development when I was working in >>>>> language support. It is fascinating to me to see how a process is >>>>> implemented. >>>>> --le >>>>> >>>>> ----- Original Message ----- >>>>> From: "Littlefield, Tyler"<tyler@xxxxxxxxxxxxx> >>>>> To:<programmingblind@xxxxxxxxxxxxx> >>>>> Sent: Wednesday, November 17, 2010 7:32 PM >>>>> Subject: Re: Good resource for beginning programmers >>>>> >>>>> >>>>> You're making c++ sound way way to dangerous. If you mess up with a >>>>> pointer, unless you're programming at a way way low level and >>>>> directly accessing the harddrive, you're not going to trash anything. >>>>> You have access to memory, but like I said before when you went off >>>>> on this "c++ can blow up the world," thing, the OS protects >>>>> programmers from themselves. Or sort of, anyway. >>>>> On 11/17/2010 6:20 PM, Alex Midence wrote: >>>>>> Good lord, no! php might be written in c++ but, I promise you >>>>>> that you can not do the same things. Php won't have stuff like >>>>>> template metaprogramming, generic programming nor will it compile >>>>>> right down to binary like c++. If you write stuff in c++, it runs >>>>>> lightning fast. >>>>>> I don't know the syntax to php but, I'm pretty sure it's too >>>>>> different from c++ to be concsidered a dialect. Python is >>>>>> definitely nothing like c in its syntax. And, you could never >>>>>> program a driver in Python. It would take forever if it runs at >>>>>> all. They are not dialects of the languages they are written in. >>>>>> I wish someone who was a bonified computer scientist could jump in >>>>>> and explain this in terms more fitting. Scripting languages are used >>>>>> primarily for tweaking. >>>>>> Look at the Jaws scripting language, for instance. Languages like >>>>>> Python and lua are used to customize applicatiosn written in stuff >>>>>> like c++ so that they don't have to rewrite the whole app and >>>>>> recompile it just for a few modifications. It's hard to explain. >>>>>> Honestly, you will just have to do some research until you find >>>>>> something that explains it to you in a way that will make sense to >>>>>> you. >>>>>> >>>>>> Yes, the lines between some scripting languages and programming >>>>>> languages are becoming blurred but the great yawning chasm that >>>>>> will never be crossed is still the interpreted versus compiled chasm. >>>>>> You might technically be able to write an application from the >>>>>> ground up in pure Python but, I promise you that if that thing >>>>>> goes toe to toe with another version of the same application >>>>>> written in >>>>>> c++, it will lose every time. By the time the Python app is done >>>>>> printing out its welcome message, the c++ app has done what was asked >>>>>> of it and closed. >>>>>> This is because there are too many layers between the app >>>>>> and the binary code for it. It's first got to go through the >>>>>> interpreter which then puts it into binary. The app written in >>>>>> c++ runs right on the system itself. You have to go to something >>>>>> like c or asm to get lower level. The isntructions to the >>>>>> computer don't have to be translated before execution. The day >>>>>> when what you mention with regard to making something like c++ >>>>>> available to the nonprogrammer is way way far off in the future if it >>>>>> will ever come. >>>>>> I frandkly hope it doesn't The thought of some nonprogrammers I >>>>>> know with acces to that kind of computing power is frightening. I >>>>>> mean, you can tell the computer exactly what to do right down to >>>>>> what goes where in each individual piece of memory. There are no >>>>>> shortcuts in that language. >>>>>> And, there shouldn't be. It gives you so many chances to shoot >>>>>> yourself in the foot that if you aren't down in the inner workings >>>>>> of it, as it were, under the proverbial hood, you won't be able to >>>>>> control what it does. You could realistically totally trash a >>>>>> hard drive if you screw up just right with pointers and if you do >>>>>> something like overflowing an array of 10 items with say 100 or >>>>>> something like that. I hear you can do some serious damage with >>>>>> stuff like that. >>>>>> Can't see that kind of damage being caused by php or python. >>>>>> >>>>>> Alex M >>>>>> >>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx> wrote: >>>>>>> Hi- >>>>>>> Thank you for that explanation. >>>>>>> Seems like the line between programming and scripting languages >>>>>>> is getting blurred. >>>>>>> Are scripting languages becoming as powerful as a programming >>>>>>> language? >>>>>>> Or >>>>>>> do they just bring the best out of the programming language they >>>>>>> are written in. >>>>>>> If PHP and Python are written in C and C++, then why can't they >>>>>>> make PHP and Python to be more like a CMS and useable by >>>>>>> non-programmers? >>>>>>> In summary, if I have this correct, a scripting language is >>>>>>> actually written in a programming language and is just a way of >>>>>>> accessing and using the given programming language. >>>>>>> When I use PHP and Python, I am actually using C and C++, just in >>>>>>> a unique dialect? That is assuming Python and PHP are written in >>>>>>> C or >>>>>>> C++. >>>>>>> So somehow, PHP and Python were supposed to make C or what ever >>>>>>> programming language easier to use? >>>>>>> Is this accurate? >>>>>>> Sorry for the dumb questions. >>>>>>> >>>>>>> H.R. Soltani >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: programmingblind-bounce@xxxxxxxxxxxxx >>>>>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of >>>>>>> Christopher >>>>>>> Sent: Wednesday, November 17, 2010 6:24 PM >>>>>>> To: programmingblind@xxxxxxxxxxxxx >>>>>>> Subject: Re: Good resource for beginning programmers >>>>>>> >>>>>>> This is one of my pet peeves. >>>>>>> >>>>>>> A programming language is a language that is, in the majority of >>>>>>> the cases, compiled to native machine code -and- used for >>>>>>> application development (i.e. C, C++, D) A scripting language is >>>>>>> a language that is, in the majority of the cases, interpreted >>>>>>> -and- used to control applications, and sometimes application >>>>>>> development in general (i.e. >>>>>>> Python, PHP, Ruby, AutoIT, etc.) Java was not a true programming >>>>>>> language until recently when it decided to compile its bytecode >>>>>>> on-the-fly. C# has always been a programming language because it >>>>>>> has always compiled its MSIL on-the-fly. PHP and Python are both >>>>>>> written in C and are both interpreted. (PHP might be written in >>>>>>> C++.) >>>>>>> >>>>>>> I refuse to call a non-compiled language a programming language, >>>>>>> regardless of the language. >>>>>>> >>>>>>> So, here is a simple test to see what is a programming language >>>>>>> and what is a scripting language. >>>>>>> >>>>>>> 1. Can you write a full application in the language? If yes, then >>>>>>> is the language compiled? If yes, then it is a programming language. >>>>>>> 2. Can you write a full application in the language? If yes, then >>>>>>> is the language compiled? If no, then it is a scripting language. >>>>>>> 3. Can you write a full application in the language? If no, then >>>>>>> it is a scripting language. >>>>>>> >>>>>>> >>>>>>> On 11/17/2010 2:24 PM, Alex Midence wrote: >>>>>>>> I am not at a stage in my learning where I can do well at >>>>>>>> explaining this so, I have provided some links for you to explore: >>>>>>>> >>>>>>>> Scripting language >>>>>>>> http://en.wikipedia.org/wiki/Scripting_language >>>>>>>> >>>>>>>> Programming language: >>>>>>>> >>>>>>>> http://en.wikipedia.org/wiki/Programming_language >>>>>>>> >>>>>>>> Be warned: This will create more questions for you. Have fun!!! >>>>>>>> >>>>>>>> Alex M >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx> >>>>>>>> wrote: >>>>>>>>> Hi- >>>>>>>>> What is the difference between a scripting language and a >>>>>>>>> programming language? >>>>>>>>> So if PHP and Python are scripting languages, what programming >>>>>>>>> language >>>>>>> are >>>>>>>>> they written in? >>>>>>>>> And why are they called scripting languages? >>>>>>>>> >>>>>>>>> H.R. Soltani >>>>>>>>> >>>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: programmingblind-bounce@xxxxxxxxxxxxx >>>>>>>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of >>>>>>>>> Alex Midence >>>>>>>>> Sent: Wednesday, November 17, 2010 3:52 PM >>>>>>>>> To: programmingblind@xxxxxxxxxxxxx >>>>>>>>> Subject: Re: Good resource for beginning programmers >>>>>>>>> >>>>>>>>> You've got scripting languages and programming languages there. >>>>>>>>> Javascript is client side scripting. Websites run scripts on >>>>>>>>> the visitor's machine to dynamically change themselves >>>>>>>>> according to stimuli. Php is a scripting language that does >>>>>>>>> dynamic webpage changing among other things from the server >>>>>>>>> side. It is used in conjunction with database solutions like my >>>>>>>>> sql and the like. >>>>>>>>> Java and C are both programming languages. Java is a high >>>>>>>>> level object-oriented language that runs on a virtual machine. >>>>>>>>> It is used to create applets and web apps for all sorts of >>>>>>>>> functions. >>>>>>>>> Java is also used to create desktop applicaitons like, for >>>>>>>>> instance, Eclipse, Open Office, and things of that nature. C >>>>>>>>> is a low-level procedural programming language that is used for >>>>>>>>> desktop aplications and low-level programming such as drivers, >>>>>>>>> utilities and the like. >>>>>>>>> Certain platforms are also written in C like, for instance, >>>>>>>>> Windoes is in C. I believe Gnome was also written in C. I >>>>>>>>> went into this detail because your post indicated that you >>>>>>>>> thought these were all web development languages and they are not. >>>>>>>>> Python is a scripting language that can do a lot of the same >>>>>>>>> things programming languages can do and has a reputation for >>>>>>>>> being easy to learn and fostering rapid development. An >>>>>>>>> applications that php could not create, IMHO is a screen reader. >>>>>>>>> Python was used to create two of them. >>>>>>>>> >>>>>>>>> Hope that helps, >>>>>>>>> Alex M >>>>>>>>> >>>>>>>>> >>>>>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx> >>>>>>>>> wrote: >>>>>>>>>> Hi everybody- >>>>>>>>>> I am trying to decide where to start as far as learning >>>>>>>>>> programming. >>>>>>>>>> I decided I would focus on 1. PHP, 2. JavaScript, 3. Java, 4. >>>>>>>>>> C I figured these are being used the most in web development >>>>>>>>>> and custom applications. So, where does Python come in? How >>>>>>>>>> would you compare >>>>>>> Python >>>>>>>>>> with Java, PHP, and C?? >>>>>>>>>> Can anybody give me an example of what cannot be developed in >>>>>>>>>> PHP which >>>>>>>>> can >>>>>>>>>> be developed in Python? >>>>>>>>>> Or how about Java vs Python if PHP is to lowly? I have just >>>>>>>>>> heard PHP >>>>>>> has >>>>>>>>>> limitations. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> H.R. Soltani >>>>>>>>> __________ >>>>>>>>> View the list's information and change your settings at >>>>>>>>> //www.freelists.org/list/programmingblind >>>>>>>>> >>>>>>>>> __________ >>>>>>>>> View the list's information and change your settings at >>>>>>>>> //www.freelists.org/list/programmingblind >>>>>>>>> >>>>>>>>> >>>>>>>> __________ >>>>>>>> View the list's information and change your settings at >>>>>>>> //www.freelists.org/list/programmingblind >>>>>>>> >>>>>>> __________ >>>>>>> View the list's information and change your settings at >>>>>>> //www.freelists.org/list/programmingblind >>>>>>> >>>>>>> __________ >>>>>>> View the list's information and change your settings at >>>>>>> //www.freelists.org/list/programmingblind >>>>>>> >>>>>>> >>>>>> __________ >>>>>> View the list's information and change your settings at >>>>>> //www.freelists.org/list/programmingblind >>>>>> >>>>>> >> > > > -- > > Thanks, > Ty > > __________ > View the list's information and change your settings at > //www.freelists.org/list/programmingblind > > __________ > View the list's information and change your settings at > //www.freelists.org/list/programmingblind > __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind