From Scripting to Programming

programming
scripting

(oaktree) #1

@Suser thinks I have a good perspective on transitioning from scripting (in my case, Ruby) to programming (in C++). This post deals particularly with Ruby and C++, but some facets are broadly applicable.


Why

Before I list some differences between scripting and programming, I will specify a few reasons to not “just stick with Python”.

  • Compiled languages are faster than scripting languages.
  • What happens if, during a legal pentest, a victim’s machine doesn’t have /usr/bin/python installed?
  • Familiarizing yourself with a wide range of tools (languages are tools) will make you a better programmer, thinker, and problem-solver.

Some Big Differences

In general, the shift from scripting to what some purists might call “grown-up programming” is hard at first. A statically-typed (for the most part) language like C++ demands more of the coder; programming requires more forethought for types.

C++'s compiler errors are fairly convoluted. It takes hundreds of hours with C++ to pick out the patterns of each error. Once up the learning curve, you realize common errors and avoid them. I’m sure that there exist other languages similar to C++, with respect to paradigms and typing, that have clearer, friendlier error messages.

Coming from Ruby, I did not know about integer overflow. Learn about integer overflow.

Another particular thing about C++ that throws off a long-time scripter is [function prototyping](https://en.wikipedia.org/wiki/Function_prototype). While this is fixed in newer languages, C++ still requires the programmer to provide at least a [function declaration](http://en.cppreference.com/w/cpp/language/function) before any calls to a function are made.

The following is an example of a function declaration (sometimes called a function prototype).

int do_something(int something);

While this is a function definition:

int do_something(int something) {
    return something * 42;
}

C++ makes the programmer more aware of how exactly data is passed around. You come to learn about pointers, references, and how the two are used in code.

Perhaps the biggest change from scripting to programming (in C++, or C) is that C and C++ give the programmer loose access to memory. The programmer can change bits and bytes on a whim. This also leaves more room for error. C++ is moving away from (the excessive use of) raw pointers.


Learning Tips

The following suggestions are my own mixed in with what was said in IRC at the time of this writing. Note that they apply to people who already know how to code in at least one language.

  • Look at lots of code examples. Read through them; understand what they do. A good source of code is GitHub.
  • Port a project over from whatever language you last used.
  • Dig deep into the standard library. Learn how to use it and recognize the implementations underneath. This helps you understand some of your new language’s quirks.

Conclusion

I look forward to any discussion(s) this writing prompts.


#2

Cool post @oaktree!

Disclaimer: I have respect towards all kinds of programmers. I don’t consider myself anywhere close to a professional programmer. I will just give my personal opinion through my interactions with other programmers and my personal experience since I’ve played around with both types. I might be a bit biased because I’m a C/ASM nazi so feel free to disagree.


  1. If you want to code, pick a scripting language, if you want to learn HOW to code, pick a compiled language.

  2. If you want to have full control over your program and be able to troubleshoot it faster, pick a compiled language. Some scripting programmers would argue on that, but trust me, [1] is all you need.

  3. If you want to have a deeper understanding of computers, pick a compiled language.

  4. There are ton of scripting programmers who think they know what references truly are, which is probably the most important concept in scripting languages. Their view on that matter(which is wrong most of the time) just shows they never coded in a compiled language enough to understand it. References != pointers.

  5. If you are a scripting programmer AND call yourself a legit programmer, the least you can do is read and understand your language’s interpreter. Everything lately is an “object”. We can bet if you want that behind the scenes every scripting language bases its core functionalities on compiled languages (function calling, memory allocation etc). We can have another bet that most of scripting programmers never thought of object functions as pointers to an array of function pointers. A fact that makes so much sense only if you have a compiled language background.

  6. I’ve noticed many scripting folks, who call themselves programmers, thinking of scripting as “it works, I don’t care why”. Horrible mindset.

  7. Java-like languages are a disgusting example of a compiled language (just had to throw that out there) in terms of understanding computers in a deeper level (just my opinion). C/C++ FTW.


To sum up, programming to scripting is the way to go in my opinion and not the other way around. The reason for that is because scripting languages are so damn abstracted from the truth that they make the programmers forget/ignore and assume some of Computer Science’s fundamentals, which will make their programming journey quite more challenging.

If anyone suggests you to start off with a scripting language because they are more “intuitive”, they don’t care enough about your education. Yes, compiled languages are a mess, but the road is worth it.


(The memelord of 0x00sec) #3

Why is there a constant battle between programming and scripting languages? Both of them have their advantages and disadvantages.

Why battle between the two, when you can harness the power of both?

@_py if you are a C/ASM nazi, then I wonder why your name is “py”?


#4

First of all, thanks @oaktree for bringing such debate !

@_py Well, I share the exact same opinion except that I don’t consider a scripter as a programmer. From my point of view, scripting and programming are truly different and you succesfuly pointed out the details which characterize the difference between those areas.

Well … A language which required an IDE to be compiled should not be considered as a real language … Just good for the garbage :stuck_out_tongue:


(Security Architect & Founder) #5

He has left the dark side and migrated to the light side. He has seen the light; forever enlightened to build his houses with grains of sand, because he’s a power hungry, mad CS scientist.

Just kidding @_py, however, scripting languages do have their place. I wrote a twitter bot for the 0x00secOfficial Twitter account in little over an hour, that is from never writing a Twitter bot to learning the API and parsing RSS feeds.

I used Python for this, and it made my life so easy. You would be an idiot to write that Bot in C.

@_py you are also forgetting that you too first learned Python first. For me, my first encounter with scripting was bash, I was using the CLI, and it was cool that I could automate stuff. Then I wanted to do real things, stuff that actually did cool things, so I went out and bought the second edition of The C Programming Language, I read it for a while, and it was cool, but I struggled to sit there and read it.

I wanted to do things like pull data from a page and parse it, or even make a text game. My interest in programming had seriously dive-bombed.

A few weeks later I discovered codecademy, this was super useful to me, I learned Python in a few weeks, and I was using it to do cool stuff, then, and only then, did I have the motivation to go and check out C again.

IMO, recommending C/C++ as your first language makes complete logical sense, in fact, the most logical way to learn a computer would be from the physical hardware, the soldering and the transistors, right? That way you would learn the way everything works together. In reality? That won’t work. People’s attention will fall.

That way of teaching looks great in hindsight, but I bet if you, pre-knowledge of anything computer wise, and were told to sit down and learn C, you would lose interest. As with anything, learning is a constant process and one that requires you to enjoy it for it to be effective. We aren’t in a military camp, we’re here to have fun and do cool things.

That is just my 0.00007BTC.


#6

It’s going to be quick cause we already covered this subject thousands of times however, I myself started programming in C and it gave me all I need to know about programming (paradigm, logic, etc)

Since, I never struggled on any other languages thanks to those knowledge acquired during my C learning process. I will not lie to you, It wasn’t easy however, but it seems to be, from point of view, a pain necessary to anyone that want to be ackowledgeable and efficient in the programming field.

Love.

Best,
Nitrax


(Security Architect & Founder) #7

TLDR; I’m not saying you shouldn’t learn C, I am saying you shouldn’t have to learn C as your first language.


#8

When looking back how I got “taught” how to program it was something like this:

High school: weird Lego bot -> Pascal -> Java
Uni, Starting right from first semester: C,Java,Python

Back in high school I like the minimalism of Pascal even when you couldn’t or at least we weren’t doing much with it, when doing java afterwards I kinda disliked it, which continued in uni too.
I dunno I just don’t like this language, except for putting together some quick android apps, but never dived too much into that matter as well.

C was something mind blowing to me at first with all this low level operations and pointer arithmetic stuff.
I genuinely had no idea of it, but it taught me greatly!
=> Similar to what @_py said earlier already. The basics and fundamentals are key to understand!

But I also do get @pry0cc’s approach to things, when having no clue about programming in general and then getting to see C or any equivalent programming language it might be “too much” depending on your ability to grasp the situation.

The Python tasks in uni were in 9 out of 10 cases easily understandable and doable, because the syntax is intuitive and a lot of work is taken of your shoulders.
That’s just how Python works…

So would I prefer something like Python at the beginning for starting ?
Probably yes, that’s just my personal preference though. I learn by doing/seeing easy examples which are easy to grasp, that’s what python did and helped me with.
When getting all of those “nice automated python behaviors”, I liked to take a look at C too though, because I wanted to know how everything works under the hood, having some prior knowledge from python made all that easier!

So in the end what do you need and what should you learn?
Honestly I don’t know.
Up to now it really depends on what you wanna do later imho.
As of now I’m good with just knowing how to be able to write some python scripts to automate tasks or use this to reverse/pwn something.
Would I like to make tools with more depth, and functions which operate on low level instructions, I’d probably take up a C book now and start reading/doing


#9

@Retr1Static It’s called debate, not a battle and it’s really healthy to do that once in a while. Lastly, please don’t remind me of the biggest mistake I’ve ever made in my life.

@pry0cc:

My first languge was C. Anyway, I agree with your point of view when it comes to scripting and how easy it is to automate certain tasks. In fact, I consider you a pretty decent programmer because you’ve made a bunch of cool tools even if you haven’t touched “bare metal” languages.

However, the points I made regarding the compiled languages were mainly focused on the depth/internals of computers. I believe that was crystal clear (keywords being deep understanding, control etc). I’m not saying compiled langs > scripting langs or the other way around, not in a million years.

I guess it all depends on your standards/focus. I assumed that anyone who wants to get started in programming will want to know the true hows and whys and not just “code”, if that makes sense. But maybe I was wrong I guess.

I just feel like with scripting you don’t really appreciate the beauty and possibilities of your CPU, you just see programming as a tool and not as this beautiful abstraction over complexity.

C/C++ is hard, and always will be for both novice and experienced programmers. But don’t forget, nothing worthy comes easy in life.


(The memelord of 0x00sec) #10

Actually, some people just want to get shit done and for that scripting languages are excellent. Wether it is a good thing to do that or not, I’ll leave up to you to decide (but I assume it’s a horrible mindset). I am not allowed to speak about programming mindsets yet, for I am not proficient in both programming or scripting languages.

I gotta side with @pry0cc. As a novice to both programming and scripting, I too can’t sit still for hours reading a textbook. Plus the fact that I am below average on the intelligence scale also makes it harder for me to absorb new things. Scripting languages are, for me atleast, a great way to get your hands dirty without the need to absorb a lot of knowledge when you’re clearly not able to. But hey, to each their own am I right?


#11

I’ve been programming for about 10 years now and have had a great deal of experience with both compiled languages and scripted languages. While I agree with some of @_py 's points that you SHOULD have a deeper understanding of your scripting language if you truly want to call yourself a programmer, I also feel that a lot of this is splitting hairs and borderline walking the “No true Scotsman” fallacy. Personally, I started learning to code through C/C++. However, I would recommend Python to someone starting out any day of the week. Starting with a scripting languages eases new people into one of the hardest parts of programming: The Mindset. I have taught a large amount of people how to code on a basic level and that always comes up as the single worst issue that people have. Someone can be taught to read code all day long, but teaching someone to think in a way that allows them to reach and implement a solution is an entirely separate beast.

@oaktree is right that Compiled languages ARE faster than scripting languages and usually require a lot less dependencies. Compiled languages are almost always more dependable on a foreign system than scripting languages as well. Scripting languages (At least in the NetSec world) also keep you hidden from a lot of the pitfalls that compiled language developers have to be wary of. The very same pitfalls that allow Penetration Testers to have a career exploiting software. Rarely does a Python, Lua, or Perl dev need to worry about memory mapping and pointers. It is for this reason that I love that Compiled languages are taught in Uni and there is a push for more people to learn them. I feel the stress of having to learn a Compiled language liked C is a necessary evil for anyone who seeks a position in software development. Even if it is for nothing more than learning WHY the languages they are used to work and what pitfalls they are actually exploiting on their end.

Teaching people to reverse engineer is another path to solving the underlying problem of complacency. Reverse engineering teaches people to analyze why a program works the way it does, make educated guesses as to the functionality behind the scenes, and learn the underlying principles on which the software works (Processor instructions). I started doing Reverse Engineering about 3-4 years ago and I can say that it has helped me as a programmer extensively. Despite having a C/C++ background, there were a lot of things I took advantage of through ignorance. I thought I understood pointers, references, array structures, etc. But going through an IDE like VisualStudio obscures so much of what is actually happening and can lead to a false sense of knowing.

@Retr1Static, While I agree that scripting languages can be insanely useful in some instances, but there are times where a compiled language application would ultimately be much better. Like @oaktree said, you can’t always assume that your client has Python installed. If you are working heavily with something like the Win32 API, you will need a lot of complex wrappers unless you feel like going through CPython’s very crunchy syntax.

TL;DR
Scripting languages are good, Compiled languages are good too. Both have their place and their purposes and claiming that one is objectively better than the other only cheapens the experience of the developer and demeans them as a programmer. The true key to being a good programmer is knowing when it is the right time to use which of your tools. Despite popular adage, not everything is a nail when all you have is a hammer.


(Full Snack Developer) #12

Glad you said that. You can do plenty of great CS and “grown-up” programming with scripting languages. Search complexity is the same problem regardless of the language you’re using. You can also do terrible, terrible things with compiled languages that aren’t really worth calling “programming.”

If you have to pick a place to split hairs, maybe it’s more along your experience and methods than what tool you’re using? We have the same discussion periodically in infosec around skid vs. hacker. We tend to say it’s the skids who use Metasploit. What about the legit pentesters and people like egyp7? Arguably that falls into @oaktree’s classification of “uses dynamic scripting language, but understands its core.” I think it better fits with “understands the principles behind what he’s doing.”


(oaktree) #13

I should say that the point of this post was not to say that scripting/interpreted languages are “worse” than compiled/static languages. Rather, I listed a few reasons to add a compiled language to one’s coding repertoire.


Absolutely. I never said that you can only learn CS in C or C++… It’s more about being close to the silicon.


Limiting yourself to only one of scripting/programming means you sometimes either (a) don’t have full appreciation for what lies underneath the abstraction(s); or, (b) you have to do a lot of work to accomplish a task that would be simpler with other tools.


Agreed :laughing: But they’re not truly compiled because of intermediate bytecode…


(The memelord of 0x00sec) #14

That is exactly what I ment (or ment to say if i failed to deliver the message)


#15

Folks, the “debate” was focused (or at least that’s how it started) on the depth that is covered by the aforementioned 2 types in terms of CS fundamentals, not how useful they are. Obviously their use cases vary and a good programmer knows when to use what. Comparing them with each other just makes no sense.

I disagree. Just because it doesn’t run natively on your host machine but through a custom arch (VM), doesn’t make it a non-compiled language imo. Everything ends up being run as binary anyway (whether it’s C or Java or Python).


#16

Unfortunately the schools here, they have implemented subjects that do teach you how to program, explain the basics of loops, variables and functions. They give you a problem based on a book, exercises and you do on your own after that, what people mostly do not understand is what Xorus said. Its the mindset on how you are going to tackle if there was a problem, bigger problems, not just a missing colon, syntax errors. Having a deeper understanding on how things work will help you on being a good problem solver.

For someone who learned programming in C++, I was in complete halt on the Pointers Chapter, I do understand what it does and in the long run, it would be wise to use it. I will tackle it again some time, but right now I love python :stuck_out_tongue:


#17

After scripting and programming, there is an even harder form of programming called Perl. It combines the weird stuff from C and languages like ruby and python to make a totally bizar but very powerful language.


(oaktree) #18

This topic was automatically closed after 30 days. New replies are no longer allowed.