i seem to be evaluating a few new software packages, mostly web servers and web applications. i'm trying to think up heuristics to help me form a quick opinion of a new code base, mainly the probability that it will contain disastrous (requiring repeated and probably unsuccessfull (win32 shatter attacks) patching) flaws. one that i came up with was
grep -r close * | less
and check if the developers cared enough to actually check the return codes of system calls. i figured close is a good C && Perl compatible call to search for.
nginx seems to at least make a determined effort, i'm starting to like this web server a lot. lighttpd of course, didn't make an attempt that i could see. so, on went the test. the next five fairly major projects (non-CPAN) i tested failed impressively as well. bad/meaningless test maybe?