RE: Good resource for beginning programmers

  • From: "Sina Bahram" <sbahram@xxxxxxxxx>
  • To: <programmingblind@xxxxxxxxxxxxx>
  • Date: Thu, 18 Nov 2010 15:46:54 -0500

Sure, I can send you some papers, including one of the ones I published in that 
space.
 
I'll send those to you off line. I warn you that it requires a good 
understanding of operating systems, because the authors only get
10 pages, double column, 9 point font, and they don't waste time explaining 
what a page fault handler does, but know that anything
you don't understand, you can simply ask about or look up in Wikipedia.

Now, you did mention one thing that I'd like to touch on. You mentioned 
damaging the hard drive. Damaging it without root privilege
might be a bit tricky, although possible of course, but damaging the data on it 
could be very likely ... You write 0's to the wrong
places using a raw enough addressing mode, and you can corrupt file systems and 
do all sorts of nasty stuff.

So be careful with disk IO, as corrupting data is doable if you're not careful.

As far as being scared of c++, I would say that I'm scared of a hammer when 
some crazy person is aiming it at my head; otherwise, I
use it to construct things made out of wood and nails, so a tool is a tool is a 
tool., is the moral of that particular metaphor.

Take care,
Sina

-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx 
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Littlefield, Tyler
Sent: Thursday, November 18, 2010 3:34 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers

Awesome. Well, the point was to keep the OP from getting scared away from c++ 
in the thought that as alix posted, you could ruen
your harddrive, bla bla. On another note, I am kind of curious about some of 
these attacks you talked about. Is there a good place
to learn about them? I can understand the page fault handler; I'd assume you'd 
just do whatever you want then call the one before or
whatever, but I'd like to learn a lot more of the theory behind the attacks, 
try the code on a box that I can afford to crash a time
or 10, etc.

On 11/18/2010 1:31 PM, Sina Bahram wrote:
> Oh for sure.
>
> Otherwise, all you're going to do is simply crash your own program. 
> It's hard to even get a old fashioned blue screen anymore, much less 
> accidentally corrupt someone else's address space.
>
> Take care,
> Sina
>
> -----Original Message-----
> From: programmingblind-bounce@xxxxxxxxxxxxx 
> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of 
> Littlefield, Tyler
> Sent: Thursday, November 18, 2010 3:28 PM
> To: programmingblind@xxxxxxxxxxxxx
> Subject: Re: Good resource for beginning programmers
>
> Hahaha. That sounds fun. I guess the point I'm trying to make: you 
> have to intentionally try to get to this point. You can do these lovely 
> things, but in order to get there, you have to knowingly
escolate privileges, inject code, whatever.
> On 11/18/2010 1:24 PM, Sina Bahram wrote:
>> Nope, none of them require API's.
>>
>> You can do some really weird things with privilege escalation, and 
>> then it's all over. Jump to lib attacks, return oriented programming, 
>> jump oriented programming, basic stack smashing, basic heap 
>> overflows, dll injection, ring -1, -2, and -3 level attacks depending
> on virtualization technologies being used, page table corruption attacks, 
> chain of trust invalidation, etc, etc, etc.
>> That's only the latest stuff. You'd be amazed how many attacks from 
>> pre 2005 still work. For example, you overwrite the interrupt 
>> descriptor table, grab some debug registers, point one of them at 
>> your page fault exception handler, and it's over ... There is no
> way to detect that sucker, no matter how good your antivirus is.
>> Take care,
>> Sina
>>
>> -----Original Message-----
>> From: programmingblind-bounce@xxxxxxxxxxxxx
>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of 
>> Littlefield, Tyler
>> Sent: Thursday, November 18, 2010 3:18 PM
>> To: programmingblind@xxxxxxxxxxxxx
>> Subject: Re: Good resource for beginning programmers
>>
>> Well, you need to go through an API usually, no? It's not going to happen 
>> with a dangling pointer in a normal app.
>> On 11/18/2010 1:16 PM, Sina Bahram wrote:
>>> Not hard at all, just minorly annoying.
>>>
>>> Take care,
>>> Sina
>>>
>>> -----Original Message-----
>>> From: programmingblind-bounce@xxxxxxxxxxxxx
>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of 
>>> Littlefield, Tyler
>>> Sent: Thursday, November 18, 2010 3:04 PM
>>> To: programmingblind@xxxxxxxxxxxxx
>>> Subject: Re: Good resource for beginning programmers
>>>
>>> That's what I was getting at; the whole virtual addressing and stuff. He 
>>> was making it sound as if:
>>> int i[10]
>>> i[10]=300
>>> Was going to make things go boom. :) I jus didn't want the OP to be 
>>> scared off. Windows and *nix both have virtual addressing, so accessing 
>>> bob's process from joe's process is fairly hard.
>>> On 11/18/2010 12:57 PM, qubit wrote:
>>>> Hi Ty -- I am not sure about windows so take this with a grain of 
>>>> salt, but it is true that an OS does have some protections, such as 
>>>> preventing writing to someone else's virtual memory, to guard 
>>>> against malware.  However a truely pathological C++ program can use 
>>>> pointers to do some interesting things with stack frames that will cause a 
>>>> lot of very strange behavior.
>>>> But no, it won't go outside the process's virtual space, fortunately.
>>>> And perhaps it varies with the OS.
>>>> Keep in mind though that a debugger is just a program, and needs to 
>>>> have the ability to control a process and therefore needs to be 
>>>> able to write to addresses that are otherwise protected.
>>>> I particularly enjoyed debugger development when I was working in 
>>>> language support.  It is fascinating to me to see how a process is 
>>>> implemented.
>>>> --le
>>>>
>>>> ----- Original Message -----
>>>> From: "Littlefield, Tyler"<tyler@xxxxxxxxxxxxx> 
>>>> To:<programmingblind@xxxxxxxxxxxxx>
>>>> Sent: Wednesday, November 17, 2010 7:32 PM
>>>> Subject: Re: Good resource for beginning programmers
>>>>
>>>>
>>>> You're making c++ sound way way to dangerous. If you mess up with a 
>>>> pointer, unless you're programming at a way way low level and 
>>>> directly accessing the harddrive, you're not going to trash anything.
>>>> You have access to memory, but like I said before when you went off 
>>>> on this "c++ can blow up the world," thing, the OS protects 
>>>> programmers from themselves. Or sort of, anyway.
>>>> On 11/17/2010 6:20 PM, Alex Midence wrote:
>>>>> Good lord, no!  php might be written in c++ but, I promise you 
>>>>> that you can not do the same things.  Php won't have stuff like 
>>>>> template metaprogramming, generic programming nor will it compile 
>>>>> right down to binary like c++.  If you write stuff in c++, it runs 
>>>>> lightning fast.
>>>>> I don't know the syntax to php but, I'm pretty sure it's too 
>>>>> different from c++ to be concsidered a dialect.  Python is 
>>>>> definitely nothing like c in its syntax.  And, you could never 
>>>>> program a driver in Python.  It would take forever if it runs at 
>>>>> all.  They are not dialects of the languages they are written in.
>>>>> I wish someone who was a bonified computer scientist could jump in 
>>>>> and explain this in terms more fitting.  Scripting languages are used 
>>>>> primarily for tweaking.
>>>>> Look at the Jaws scripting language, for instance.  Languages like 
>>>>> Python and lua are used to customize applicatiosn written in stuff 
>>>>> like c++ so that they don't have to rewrite the whole app and 
>>>>> recompile it just for a few modifications.  It's hard to explain.
>>>>> Honestly, you will just have to do some research until you find 
>>>>> something that explains it to you in a way that will make sense to 
>>>>> you.
>>>>>
>>>>> Yes, the lines between some scripting languages and programming 
>>>>> languages are becoming blurred but the great yawning chasm that 
>>>>> will never be crossed is still the interpreted versus compiled chasm.
>>>>> You might technically be able to write an application from the 
>>>>> ground up in pure Python but, I promise you that if that thing 
>>>>> goes toe to toe with another version of the same application 
>>>>> written in
>>>>> c++, it will lose every time.  By the time the Python app is done
>>>>> printing out its welcome message, the c++ app has done what was asked of 
>>>>> it and closed.
>>>>>       This is because there are too many layers between the app 
>>>>> and the binary code for it.  It's first got to go through the 
>>>>> interpreter which then puts it into binary.  The app written in 
>>>>> c++ runs right on the system itself.  You have to go to something 
>>>>> like c or asm to get lower level.  The isntructions to the 
>>>>> computer don't have to be translated before execution.  The day 
>>>>> when what you mention with regard to making something like c++ 
>>>>> available to the nonprogrammer is way way far off in the future if it 
>>>>> will ever come.
>>>>> I frandkly hope it doesn't  The thought of some nonprogrammers I 
>>>>> know with acces to that kind of computing power is frightening.  I 
>>>>> mean, you can tell the computer exactly what to do right down to 
>>>>> what goes where in each individual piece of memory.  There are no 
>>>>> shortcuts in that language.
>>>>> And, there shouldn't be.  It gives you so many chances to shoot 
>>>>> yourself in the foot that if you aren't down in the inner workings 
>>>>> of it, as it were, under the proverbial hood, you won't be able to 
>>>>> control what it does.  You could realistically totally trash a 
>>>>> hard drive if you screw up just right with pointers and if you do 
>>>>> something like overflowing an array of 10 items with say 100 or 
>>>>> something like that.  I hear you can do some serious damage with stuff 
>>>>> like that.
>>>>> Can't see that kind of damage being caused by php or python.
>>>>>
>>>>> Alex M
>>>>>
>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx>      wrote:
>>>>>> Hi-
>>>>>> Thank you for that explanation.
>>>>>> Seems like the line between programming and scripting languages 
>>>>>> is getting blurred.
>>>>>> Are scripting languages becoming as powerful as a programming language?
>>>>>> Or
>>>>>> do they just bring the best out of the programming language they 
>>>>>> are written in.
>>>>>> If PHP and Python are written in C and C++, then why can't they 
>>>>>> make PHP and Python to be more like a CMS and useable by non-programmers?
>>>>>> In summary, if I have this correct, a scripting language is 
>>>>>> actually written in a programming language and is just a way of 
>>>>>> accessing and using the given programming language.
>>>>>> When I use PHP and Python, I am actually using C and C++, just in 
>>>>>> a unique dialect?  That is assuming Python and PHP are written in 
>>>>>> C or
>>>>>> C++.
>>>>>> So somehow, PHP and Python were supposed to make C or what ever 
>>>>>> programming language easier to use?
>>>>>> Is this accurate?
>>>>>> Sorry for the dumb questions.
>>>>>>
>>>>>> H.R. Soltani
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: programmingblind-bounce@xxxxxxxxxxxxx
>>>>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of 
>>>>>> Christopher
>>>>>> Sent: Wednesday, November 17, 2010 6:24 PM
>>>>>> To: programmingblind@xxxxxxxxxxxxx
>>>>>> Subject: Re: Good resource for beginning programmers
>>>>>>
>>>>>> This is one of my pet peeves.
>>>>>>
>>>>>> A programming language is a language that is, in the majority of 
>>>>>> the cases, compiled to native machine code -and- used for 
>>>>>> application development (i.e. C, C++, D) A scripting language is 
>>>>>> a language that is, in the majority of the cases, interpreted 
>>>>>> -and- used to control applications, and sometimes application 
>>>>>> development in general (i.e.
>>>>>> Python, PHP, Ruby, AutoIT, etc.) Java was not a true programming 
>>>>>> language until recently when it decided to compile its bytecode 
>>>>>> on-the-fly. C# has always been a programming language because it 
>>>>>> has always compiled its MSIL on-the-fly. PHP and Python are both 
>>>>>> written in C and are both interpreted. (PHP might be written in
>>>>>> C++.)
>>>>>>
>>>>>> I refuse to call a non-compiled language a programming language, 
>>>>>> regardless of the language.
>>>>>>
>>>>>> So, here is a simple test to see what is a programming language 
>>>>>> and what is a scripting language.
>>>>>>
>>>>>> 1. Can you write a full application in the language? If yes, then 
>>>>>> is the language compiled? If yes, then it is a programming language.
>>>>>> 2. Can you write a full application in the language? If yes, then 
>>>>>> is the language compiled? If no, then it is a scripting language.
>>>>>> 3. Can you write a full application in the language? If no, then 
>>>>>> it is a scripting language.
>>>>>>
>>>>>>
>>>>>> On 11/17/2010 2:24 PM, Alex Midence wrote:
>>>>>>> I am not at a stage in my learning where I can do well at 
>>>>>>> explaining this so, I have provided some links for you to explore:
>>>>>>>
>>>>>>> Scripting language
>>>>>>> http://en.wikipedia.org/wiki/Scripting_language
>>>>>>>
>>>>>>> Programming language:
>>>>>>>
>>>>>>> http://en.wikipedia.org/wiki/Programming_language
>>>>>>>
>>>>>>> Be warned:  This will create more questions for you.  Have fun!!!
>>>>>>>
>>>>>>> Alex M
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx>       wrote:
>>>>>>>> Hi-
>>>>>>>> What is the difference between a scripting language and a 
>>>>>>>> programming language?
>>>>>>>> So if PHP and Python are scripting languages, what programming 
>>>>>>>> language
>>>>>> are
>>>>>>>> they written in?
>>>>>>>> And why are they called scripting languages?
>>>>>>>>
>>>>>>>> H.R. Soltani
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: programmingblind-bounce@xxxxxxxxxxxxx
>>>>>>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of 
>>>>>>>> Alex Midence
>>>>>>>> Sent: Wednesday, November 17, 2010 3:52 PM
>>>>>>>> To: programmingblind@xxxxxxxxxxxxx
>>>>>>>> Subject: Re: Good resource for beginning programmers
>>>>>>>>
>>>>>>>> You've got scripting languages and programming languages there.
>>>>>>>> Javascript is client side scripting.  Websites run scripts on 
>>>>>>>> the visitor's machine to dynamically change themselves 
>>>>>>>> according to stimuli.  Php is a scripting language that does 
>>>>>>>> dynamic webpage changing among other things from the server 
>>>>>>>> side.  It is used in conjunction with database solutions like my sql 
>>>>>>>> and the like.
>>>>>>>> Java and C are both programming languages.  Java is a high 
>>>>>>>> level object-oriented language that runs on a virtual machine.  
>>>>>>>> It is used to create applets and web apps for all sorts of functions.
>>>>>>>> Java is also used to create desktop  applicaitons like, for 
>>>>>>>> instance, Eclipse, Open Office, and things of that nature.  C 
>>>>>>>> is a low-level procedural programming language that is used for 
>>>>>>>> desktop aplications and low-level programming such as drivers, 
>>>>>>>> utilities and the like.
>>>>>>>> Certain platforms are also written in C like, for instance, 
>>>>>>>> Windoes is in C.  I believe Gnome was also written in C.  I 
>>>>>>>> went into this detail because your post indicated that you 
>>>>>>>> thought these were all web development languages and they are not.
>>>>>>>> Python is a scripting language that can do a lot of the same 
>>>>>>>> things programming languages can do and has a reputation for 
>>>>>>>> being easy to learn and fostering rapid development.  An 
>>>>>>>> applications that php could not create, IMHO is a screen reader.  
>>>>>>>> Python was used to create two of them.
>>>>>>>>
>>>>>>>> Hope that helps,
>>>>>>>> Alex M
>>>>>>>>
>>>>>>>>
>>>>>>>> On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx>       wrote:
>>>>>>>>> Hi everybody-
>>>>>>>>> I am trying to decide where to start as far as learning programming.
>>>>>>>>> I decided I would focus on 1. PHP, 2. JavaScript, 3. Java, 4. 
>>>>>>>>> C I figured these are being used the most in web development 
>>>>>>>>> and custom applications. So, where does Python come in?  How 
>>>>>>>>> would you compare
>>>>>> Python
>>>>>>>>> with Java, PHP, and C??
>>>>>>>>> Can anybody give me an example of what cannot be developed in 
>>>>>>>>> PHP which
>>>>>>>> can
>>>>>>>>> be developed in Python?
>>>>>>>>> Or how about Java vs Python if PHP is to lowly?  I have just 
>>>>>>>>> heard PHP
>>>>>> has
>>>>>>>>> limitations.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> H.R. Soltani
>>>>>>>> __________
>>>>>>>> View the list's information and change your settings at 
>>>>>>>> //www.freelists.org/list/programmingblind
>>>>>>>>
>>>>>>>> __________
>>>>>>>> View the list's information and change your settings at 
>>>>>>>> //www.freelists.org/list/programmingblind
>>>>>>>>
>>>>>>>>
>>>>>>> __________
>>>>>>> View the list's information and change your settings at 
>>>>>>> //www.freelists.org/list/programmingblind
>>>>>>>
>>>>>> __________
>>>>>> View the list's information and change your settings at 
>>>>>> //www.freelists.org/list/programmingblind
>>>>>>
>>>>>> __________
>>>>>> View the list's information and change your settings at 
>>>>>> //www.freelists.org/list/programmingblind
>>>>>>
>>>>>>
>>>>> __________
>>>>> View the list's information and change your settings at 
>>>>> //www.freelists.org/list/programmingblind
>>>>>
>>>>>
>


-- 

Thanks,
Ty

__________
View the list's information and change your settings at 
//www.freelists.org/list/programmingblind

__________
View the list's information and change your settings at 
//www.freelists.org/list/programmingblind

Other related posts:

  1. Home
  2. programmingblind
  3. Archive
  4. 11-2010