Well guys, you might wanna contact a graphic artist because there's a new linux vulnerability in the openssh client.
Apparently you can use a buffer overflow and gin access to a private key.
Of note from the provided link is that while most distributions have already fixed the issue and OpenBSD even stripped the functionality altogether:
UPDATE: For Mac OS X, the version of OpenSSH in MacPorts has been updated. Since Apple typically delays security fixes, you're advised to apply the workaround if using the bundled OpenSSH instead.
Have you seen how fast the community reacted and fixed the packages? If it was closed we would still be vulnerable waiting for the grace of the developers to acknowledge the bug and fix it. Not to mention some who would sue the researcher who found the issue instead.
>since paid developers whose jobs are on the line actually write good code
Pic related. Code written by a billion dollar company.
How do dumbfucks like you get by so long? Security through obscurity doesn't work. If this was a closed source package an attacker would still have figured it out and meanwhile a fix from the provider would still be coming "maybe eventually".
what are you even trying to say?
arrays need an element size (statically implicit in their type), a start pointer, and either an element count or a tail point.
the issue is that C arrays, even when declared in function scope, can't be passed through function arguments without losing their size, which has to be passed as a separate argument and tracked through a separate variable in the callee, which gets bungled by even "professional" and/or high profile projects like this.
> array/ptr decay is the great killer of our time
Real programmers like to use tools that encourage good coding practices and discourage bugs like this buffer overflow shit. They don't attempt to micromanage every little thing because that will inevitably lead to failure when working on anything nontrivial, even for experts. In other words, C is shit.
Cowboy coders like C too much, because it lets them vomit on the keyboard and have errors only turn up much later when it's exponentially harder to deal with them and tons of damage has already been done. We've had viable replacement(s) for decades.
You know what they call good security through obscurity? Passwords. Stop your memeing.
Are they a specific piece of information that, if known or guessed by an attacker, would blow the whole thing wide open? Yes? Then of course they are. Just very well designed and controlled obscurity. More ordinary design flaws are isomorphic to a (usually weak) password/encryption key.
"Needs to be", and "is feasible to do so" are two very different things. No one thinks C is great, or even good, or at least no one who is at all a competent programmer. We are stuck with C for the simple fact that we are stuck with C. There's way too much existing C code, to just scrap it and start all over, and as long as that is the case C will still be used. As long as it is used, the more it will need to be used. There's just no easy way around that. Just the amount of code in the *Nix world is enough to make sure of that, several times over.
Pascal is for the most part dead these days. Contrary to what C programmers of yesterday claimed, it's actually every bit as powerful and capable as C, while being a much neater, and easier to use and maintain. But that doesn't matter even a little bit, because C is the one that won.
>what is volkswagen
Unlike open source programmers, closed source ones write the bare minimum they need to to create something that *appears* to work.
They will often cheat, lie and do straight up dangerous stuff but you'll never figure it out because its a black box
>No one thinks C is great, or even good
Password obscurity and vulnerability are not the same thing. A password that's selected carefully (not vulnerable to dictionary attack or whatever) has to be brute forced to discover. A program vulnerability can be found by analyzing input/output, attaching it to debugging tools, etc. How are these two at all related? Stop being autistic
>The best one is Ada.
best answer in all likelihood, despite being virtually unknown outside defense contracting
> Others that tend to get mentioned include
not acceptable due to mandatory GC, which still can't be completely stopped
lost any chance of equivalent utility by not supporting non-statically sized arrays from the beginning. (added in early 90s, but too late to save the language)
a year ago I might have agreed it had a future, but the community has gone full retard with peripheral (i.e., SJW bullshit) concerns instead of pushing the language to serious developers
> and C++
seems reasonable at first glance, but has a LOT of issues:
> lack of standard ABI/name mangling for linkers
> exceptions are basically landmines when allowed to escape an API
> inherits all the awful shit of C (unhygenic preprocessor macros, array decay, dogshit slow compilation requires stupid build system tricks, etc.)