... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.os.linux.misc

Linux-specific topics not covered by oth

135,536 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 135,218 of 135,536

Richard Kettlewell to The Natural Philosopher

Re: Python: A Little Trick For Every Nee

04 Feb 26 19:58:41

   From: invalid@invalid.invalid   
      
   The Natural Philosopher  writes:   
   > On 04/02/2026 14:50, Richard Kettlewell wrote:   
   >> The Natural Philosopher  writes:   
   >>> On 04/02/2026 08:24, Richard Kettlewell wrote:   
   >>>>>     Being able to pass pointers back and forth is a strong point with   
   >>>>>     'C'. In theory this COULD be exploited by evil actors, but I can't   
   >>>>>     find any clear doc on whether it's been done to any relevant degree.   
   >>>> Yes, constantly and for many decades now. Have a look through CV >   
   >>>> databases or follow a list like oss-security and you’ll see a steady   
   >>>> stream of vulnerabilities arising from C’s lack of memory safety.   
   >>>   
   >>> Yes, constantly and for many decades now. Have a look through CV   
   >>> databases or follow a list like oss-security and you’ll see a steady   
   >>> stream of memory bound exception arising from generations of  lazy   
   >>> amateur  programming....   
   >>   
   >> By that standard the original Unix team were lazy amateurs, given the   
   >> vulnerabilities in their code.   
   >   
   > I would say that that is a fair description of their   
   > abilities. Berkeley Unix was almost completely written by   
   > students. Very little of any of the distributions were subject to in   
   > depth scrutiny. Even after it became severely non free.   
      
   I’m talking about the AT&T team, same guys who invented C.   
      
   > And that applies as much to Microsoft as well.   
   >   
   >> The reality is that the language is error-prone, and blaming   
   >> programmers for the outcome is just sticking your head in the sand.   
   >>   
   > All languages are error prone.   
      
   They are not all error-prone in _the same way_, and C stands out as   
   especially fragile. There are whole classes of vulnerability that either   
   don’t exist in other languages or need the programmer to much more   
   deliberately go ‘off piste’ before they can happen.   
      
   > And blaming that for deficiencies in programmer quality  is just   
   > sticking your head in the sand.   
      
   I’m not say that there aren’t lazy and incompetent programmers. I   
   remember a colleague at a previous job proposing that we could work   
   faster by skipping bounds checking in network-facing code, because we   
   “knew” what maximum sizes the inputs would be. Obviously in C the   
   consequences (had anyone paid attention to that individual) would have   
   been vulnerabilites.  In a language with automated bounds checking the   
   question wouldn’t even have arisen.   
      
   --   
   https://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]