This is more of a question that has bothered me forever, rather than a pet peeve, but anyway:
How do you help people who are asking for advice on how to complete a thing, when they are doing just about everything wrong?A recent particular example I stumbled on was someone writing a "server" in C on Linux. They use
recv() on a socket to read a structure, but never even check how many bytes they actually received. They then use
strcmp() on structure members to check the username and password. Their question is, how to add many users.
Everything in it is wrong, especially if they are using
TCP sockets, since the number of bytes available depends on the network conditions, and does not necessarily reflect the number of bytes sent. Assuming data is a string, terminated with a nul byte (as you do when you use
str...() family of functions in C), is a clear buffer overrun risk.
Not to mention the overall architecture. You want to use a database (a flat file will work fine) of usernames, salts, and salted hashes of the passwords to compare against. To explain why, you need to understand the overall security model, and that alone is at least a dozen paragraphs.
My intuition is to point out a few of the errors in the existing code, and then throw it all away and start from scratch, using sensible engineering principles. (This includes things like using the proper available POSIX interfaces like
getaddrinfo() to obtain the socket given host name and service or port,
nftw() to scan directory trees,
scandir() to list the contents of a specific directory,
regexes for matching (
regcomp()/regexec()/regerror()/regfree(), all of the aforementioned being included in the standard C library; plus things like return value checking, proper error messages via
%m (GNU extension) or
strerror(errno) (pure C), robust data structures using known working approaches, and so on.)
In face-to-face, I can observe cues and adjust my approach so that the learner does not get frustrated, just more motivated/excited. (I've used things like describing past projects by myself and other people; showing how the proper engineering approach is not only more powerful, but saves a lot of work in the long term; and how these things makes one quite a powerful developer.)
Online, say stackoverflow, possibly here also, the more likely response is "No, I didn't ask for that. I asked for help with my code. If you cannot help me with this, please do not post at all."
In a similar vein, here in physics threads, I've tried to describe things in a way that helps people intuitively grasp the phenomena better, but as such descriptions are not exactly what is discussed in text books, the response is similarly polarized to positive and utterly negative, with nearly nothing in between. (Consider things like describing electron orbitals around an atom as electron clouds. Each "cloud" is just one delocalized electron, with "density" corresponding to the squared modulus of the actual quantum wave function. If you examine each term in isolation, you can find several faults in it. But, if you examine the two sentences assuming that the terms used are
descriptive, not
definitive or exact, then you have to agree that it fits perfectly to our current quantum mechanical understanding of atom electron orbitals.)
The underlying question is,
what is the approach that has the best chance of actually being useful?And "useful" defined as something that helps there be less crappy software or misunderstanding of physics out there in the future.
This bugs me to no end. I don't want to waste my efforts when it is not welcome or is considered not useful. But seeing someone just take off with a little bit of help, I really really like that.
Home
Help
Search
Login
Register
