FreeBSD codebase diagnosed; 50+ potential memory exploits have

what use instead c

>>59781272
Javascript

>>59781157
>80’s
70s

>>59781157
Rust is too complex to use as a replacement

File: 1459789901514.jpg (53KB, 550x461px) Image search: [Google]

53KB, 550x461px

>>59781157
>>59781285

>>59781157
Name one language that's secure, as fast as C, and isn't infested with SJWs. I'm waiting.

>>59781272
He's forgotten to take his pills, don't take it seriously.

>>59781313
no language is secure except BrainFuck

>>59781315
He's right that C has problems, the other problem is that no alternative exists.

>>59781157
>So you thought you can expect the so-called a well written C project in FreeBSD
You're confusing OpenBSD with FreeBSD
FreeBSD code quality has dived in the last 4 years, and they never really cared about code quality
>>59781313
Just use Ada, but a language will never be enough to protect people from retarded CS grads

File: 1484616352382.png (180KB, 500x550px) Image search: [Google]

180KB, 500x550px

>>59781157
>actually spending the time to type out an entire paragraph for your shitty bait

>>59781323
Those aren't problems. They are features that can be abused.

>50 possible memory exploits found in 23 year old operating system
ok
"exploit" doesnt mean "security vulnerability" either, some of these could be insanely specific and irrelevant.

File: 1476213456289.png (790KB, 3720x3720px) Image search: [Google]

790KB, 3720x3720px

>>59781272
Rust

Nobody uses FreeBSD, which means not many developers, which means more exploits. These anti-C cucks are really fucking retarded jesus

>>59781455
The fact that nobody uses FreeBSD actually means there should be less vulnerabilities, idiot

>>59781469
lolwat

>have small userbase
>have to still develop for new hardware
>>developer we have a shitty code base
>so? I don't have time to fix it
>50 exploits

>>59781522
>No one uses FreeBSD
>No new drivers
>No new requests
>No dead line
>Infinite amount of time to spend time on 40 y/o codebase

>>59781455
It's used by netflix and whatsapp

I believe it's really popular with nu-males honestly

>>59781581
gb2r/the_donald fucking newfag
FreeBSD has always been popular on servers and routers

>>59781451
What is that?

>>59781661
How much of a downgrade the transition is. Negative numbers account for the superiority factor.

>>59781157
What's a FreeBSD? I've never heard of it. Is it an important project?

How to find 56 potential vulnerabilities in FreeBSD code in one evening - https://www.viva64.com/en/b/0496/

>>59781157
FreeBSD was never secure and never will be.
Your best bet is either linux with grsec/PaX or OpenBSD.

>>59781157
Large number of false positives here, but that software sucks. It seems to detect false positives, but clearly not the actual ones, as every large project has vulns in them, MANY MORE THAN 56.

>>59781157
i don't understand the ban C meme

anyway i bet that one freebsd shill is scrambling for excuses now

>>59782483
It started at the same time as the paid rust shills started polluting /dpt/.
It will end once rust is dead, shouldn't take that long.

>c project fails
>Blame language
>Advocate outlawing programming language
>Advocate destruction of information, Nazi style

Wow you must be very dumb

>>59782551
>make shitty language
>blame programmers
>every minor bug becomes massive security hole
>NSA pays shills to shill for language
>whine on a Mongolian throat singing imageboard when your language starts plummeting in usage
kek, stay mad C-toddler

>>59782595
Found the web Pajeet.

>>59782595
>I want to claim that the c language is shitty
>I don't have evidence other than an example which does not isolate C as the problem
>Someone doesn't agree with my claim
>Might as well claim that the NSA pays all C programmers to shill
>Might as well claim that C programmers all go on Mongolian throat singing boards
>Might as well call anyone who disagrees with me a toddler

Keep crying pajeet

File: 1374574651334.jpg (117KB, 600x600px) Image search: [Google]

117KB, 600x600px

>>59781157
Is this how they hacked that other imageboard which used to be run by that guy in the rocket powered wheelchair?

>>59782658
you'd have to be a complete idiot to develop a C program that faces the web

C has its uses, and this is not one of them

>>59781157
linux is made by women and fat beta spergs, you really trust those cunts to write secure code? I don't.

>>59782644
when pajeet is the default response for everything you don't like it loses all meaning.

anytime someone uses pajeet on /g/ you can rest assured they're a complete idiot.

Hold on let me be a a Rustard except defending C instead of Rust
>name 1 flaw with C that isn't actually a feature
protip: you can't

>>59782694
http://www.learnbchs.org/

>>59783404
well as long as you don't let the user input anything its ok i guess

>>59781272
PHP

>>59781272
a dialect of lisp

>>59781315
No, he's just an idiot who thinks he's smart because he graduated mommy coder camp and learned some Java or JavaScript.

>>59781401
Pretty much this.

>>59781451
Nice meaningless graph faggot.

>>59781157
The problem with C isn't the design, it's that people care too much about performance and will sacrifice security by not including checks for undefined behavior.

>>59781313
Rust

Shoo, shoo, Go/Rust shill, go away

Seriously tho, if Go every fixes its reflection and ABI mess (which makes it now useless for any kind of systems programming), C is pretty much kill for good.

Rust is too much of a paradigm departure, might as well use Haskell instead.

>>59783758
>rust
rust still uses LLVM, which is part of the over optimization problem

>>59783786
>over optimization problem
What?

If you're talking about optimizations that break programs, only GCC does that.

>>59783814
No, LLVM does it to: http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
(the LLVM ir itself has a decent amount of undefined behavior)

>>59783786
I suppose it still beats C++ anytime, rust frontend is a bit faster, but llvm backend still nukes it.

It will now take 3 hours to compile a browser instead of 8. Thanks llvm!

>>59782856
See now you're not even arguing your point, you're just butthurt because an anonymous person on 4chan called you a pajeet

>>59781313
FORTRAN

>>59783769
Is there even a chance that they "fix" go to make it usable in systems programming? Something that dethrones C would be nice.

How about this? Would this be worth learning?
https://en.wikipedia.org/wiki/ATS_(programming_language)
ATS (Applied Type System) is a programming language designed to unify programming with formal specification. ATS has support for combining theorem proving with practical programming through the use of advanced type systems.[1] The performance of ATS has been demonstrated to be comparable to that of the C and C++ programming languages.[2] By using theorem proving and strict type checking, the compiler can detect and prove that its implemented functions are not susceptible to bugs such as division by zero, memory leaks, buffer overflow, and other forms of memory corruption by verifying pointer arithmetic and reference counting before the program compiles. Additionally, by using the integrated theorem-proving system of ATS (ATS/LF), the programmer may make use of static constructs that are intertwined with the operative code to prove that a function attains its specification.

>>59781157

Use Minix 3 micro-kernal with NetBSD.

>>59783786
>isn't infested with SJWs
>Rust

>>59785033
Coq
HOL
Why3
Boogie
Agda

C is never going away in Unix™ and Unix™-inspired OS's.

Make your own Rust OS if you want people to use it.

>>59784532
This, I suspect. It's annoying to work with, but for heavy number-crunching it's faster than just about anything else. Weather forecast models still use FORTRAN-based libraries for linear algebra-tier calculations (and it STILL takes hours to run the models) today.

>>59781325
>implying anyone bothers to fuzztest OpenBSD which has 2 types of users: Theo and his circlejerk crew

>>59785983
Only decent answer. Rest are stupid code monkeys.

File: 1490742647439.jpg (31KB, 480x448px) Image search: [Google]

31KB, 480x448px

>>59781313
Matthew Garrett wrote drivers in C while at Intel, and he is the biggest cuck SJW of them all.

t. fartfartfart

>>59785983
All meme languages.

>>59781581
and yahoo

>>59781157
>in the 80’s when security had 0 (ZERO) security concerns.
>security had zero security concerns
Stick to the script Pajeet, this freestyle shit isn't cutting it.

>>59781157
We've established already. C is just plain cancer. C programmers are either senile old faggots that cannot embrace technological advancement or just a neo /g/ hipsters that hasn't programmed anything substantial.

>>59783743
C's design has many flaws. Its compilers produce hundreds of undefined behaviors --in fact C is THE language of undefined behaviors imo

>>59782595

> writing DDR4 drivers in Rust

yey

>FreeBSD
>Good

At least try to put effort into your bait.

>writing drivers in a language with side effects
plebs

>>59789598
Side effects give good performance

we've been saying that for ages: freebsd is hot garbage

Anybody ever audited OpenBSD besides their own security team?

>>59789660
No. That's why it's the most "secure *BSD"

>>59789660
whenever someone does and finds something, they usually credit the person who found it in the CVS commit message

>>59789677
hi, are you the freebsdfag

>>59789695
I'm actually the KDE Shill

>>59781157
Here I was just about to take Dragonfly for a spin

>>59789726
well dfly forked off from freebsd 4, way before it became shit


>>59789660
>>59789695
oh, and i think the 2nd big remote exploit found in openbsd was also found by a third party

>>59781581
Numales uSE macos

>>59789781
macos is the very best desktop os and the very best unix workstation os

it's just nextstep with modern stuff and it kicks ass

you're just a poo who can't afford a loo

>>59781157
Oh you fool... With fire you can cook the perfect steak, or burn your house down. C is a tool just like any other. Used properly it creates perfection.

>>59787448
>it's cheaper to use existing pile of shit than develop new pile of shit
>therefore, existing pile of shit is better
no, that's not how it works.
legacy != quality.
it's called "the NOAA doesnt have enough money to port an existing codebase to newer languages", and it drives up costs as fortran programmers become scarcer and can charge more.
and knowing how much republicans fear discretionary spending, we won't be seeing funds to upgrade the systems anytime soon.

OP is a Rust faggot

File: Unsorted:V 32.jpg (229KB, 1920x1080px) Image search: [Google]

229KB, 1920x1080px

now that multiple c to j.asm compilers exist, and of course any language really can do this. why not just move a javascript interpreter into the kernel and forget native code entirely

it's the most popular language with the most powerful modern oop opensource codebase.

portability would be solved forever and we can really do what we've been flirting with for years now, this is obviously what we need

browsers are the portal to 90% of average users programs, this can finally end this and make the computing world make sense.

Q1. Won't this be way slower than C or something?
WRONG! asm.js is approaching C speeds even with little investment being done so far, infact C compiled into asm.js is actually faster than Clang compiled code for box2d game engine.
Source: https://hacks.mozilla.org/2013/12/gap-between-asm-js-and-native-performance-gets-even-narrower-with-float32-optimizations/

Q2. what about vm overhead! it can never truly be as fast!
WRONG!. Infact according to a study by Microsoft a shift to virtual memory protection instead of hardware based irq we can increase speed by 25 - 40%
using a conservative 80-90% vm overhead we can actually gain a modest speed increase with our new kernal j.asm interpreter
source: http://research.cs.wisc.edu/areas/os/Seminar/schedules/papers/Deconstructing_Process_Isolation_final.pdf

Q3. Won't this be insecure!
WRONG! how often does javascript break out of sandbox today? Anyway. libcurl is written in one of the most insecure and outadted languates ever C, with no garbage collection and shitty manual memory management its practically a joke in the security world; yet libcurl is constantly and exhaustively searched for issues and therefore remains relevant even now
source: https://daniel.haxx.se/blog/2017/03/27/curl-is-c/

so /g/, is it time to dump native code and move everything to the worlds most popular language?
I say yes

>>59791747
>and move everything to the worlds most popular language?
But, anon, there are already 3 billion devices running Java, why we want 3 billion more?

>no other language has any kind of bug whatsoever
kys

>>59783659
kek'd hard, mr. stallman

Go write easy hardware interfacing code in Java or whatever high profile language you want

>>59782856
Calm down Pajeet.
Don't take the insults personally, this is 4chan after all.
Just kindly calm down, and listen to advice to poo in loo, and you'll be gold

>>59783769
Go is garbage collected so it will never replace C
It's not possible they could get rid of it while still having pointers though. Pointers without garbage collection can lead to dangling pointers.
Go's solution to this issue is garbage collection (which inevitably slows the language down a fuck ton)
Rust's is to have "unsafe blocks" which sort of defeats the purpose of using the language in the first place. But at least it's faster.

>>59788172
OpenBSD is widely deployed in government routers and mail servers, people do bother to fuzztest it
Anyways, that's not the point, the point is that the FreeBSD team isn't autistic about code quality

>>59790563
Funny, a third of Apple's engineers are Indians and they keep opening campuses in India

>>59782551
except nazis only destroyed jewish books that promoted degeneracy that you love very much

>>59792089
>wat is trusted computing
>wat is FIPS
>wat is hw routing

Do you seriously think an OS that implements a syscall wrapper, which has proven to be inherently insecure, refuses to comply to government standards for a secure OS, does not have a FIPS compliant implementation of TLS, has no notion of confinement of applications, is outright giant locked all the way through, including the firewall, has no means to get a packet into userspace fast enough and outright starves the NIC of buffers because the kernel is too fucking slow to handle it is run in government institutions? Anon pls.

>>59781157
Isn't FreeBSD the only OS without ASLR in 2017?

>>59781451
> literally no IDE
> ass toolkit
> no cross platform GUI for it
> no ready-to-use implementations like Java/Python/Ruby/Perl/C#/C++ or any other normal languages has

It just fucking sucks mate.
Yeah, fizz-buzz is so fucking better in it, oh my god you cream your pants. For anything else it's pure shit.

>>59793096
False.
https://hardenedbsd.org/

It is not mainstream though.
See the "official reply": http://marc.info/?l=freebsd-security&m=145754056512200&w=2

>>59793096
>>59793219
It looks like the implementation/developers pushing ASLR are just lazy fucks.
Every time they cry how it's not in mainstream, start pushing their shit, then just go fucking quiet once the FreeBSD project leads get interested.

I don't really care desu, first thing you disable on RedHat or Fedora is SELinux.

>>59793206
Someone programmed an operating system in it faggot.

>>59793350
Someone wrote an OS in JavaScript too, what's your point?

>>59781272
Ada

>>59793631
I mean they did a kernel https://github.com/redox-os/redox not just a fancy ui which runs on a brower.

>>59781303
It's simpler than C++.

>>59792137
...said anon as he went back to watching anime.

>>59793080
It is, also FIPS is meaningless and broken by design, trusted computing is just a fancy name for backdoors

>>59796344
he's probably the MUH MACs guy

Is this the biggest autist on all of /g/?

C is obsolete

- Linus Torvalds

File: everyone I don't like is hitler.jpg (21KB, 368x475px) Image search: [Google]

21KB, 368x475px

>>59782551

>>59796430
Not an argument

>>59796344
This statement says enough about OpenBSD """security""" lol. Your ASLR is a fucking joke, your W^X isn't strict and can be bypassed by mmap(PROT_WRITE) and mmap(PROT_EXEC) of the same address, you still believe syscall wrappers are secure(pledge(2)), when they have been proven to be insecure, and in fact, lots of undergraduates have a 1 week homework to bypass a syscall wrapper like that through concurrency, but hey, it might be secure on OpenBSD because you're still running on one thread.

Please, educate yourself about security and operating systems before you open your mouth and act superior to everyone just because you run OpenBSD, the OS that you've been told is secure by it's developers, who also seem to have no fucking clue what security is. And no, OpenBSD is _not_ run in any government agencies, you can be sure of that. It's insecure garbage that also just happens to not perform well.

>>59798292
nice pasta cuck

>>59798447
Heh, not a pasta, but wouldn't mind it becoming one as it's pretty much true

>>59795358
People have done that in JS too

>>59798596
No, NodeOS is based on linux kernel.
It's impossible to write whole kernel in javascript.

>>59798722
Where did I say I was talking about NodeOS?
>It's impossible to write whole kernel in javascript
Can't you write a kernel in any Turing complete language?

>>59798797
1.If you want to write a kernel the language has to be compiled. If you would use node.js as runtime then it wouldn't really be 100% javascript because node is written in c++. Also you need compilation for system initialization.
2. there is currently no way in javascript to manage memory.

Install Mezzano.