ITT: Software redflags I'll start: >Written in C Guaranteed

>>60029019
>runs on linux

File: 1478823002461.jpg (20KB, 318x326px) Image search: [Google]

20KB, 318x326px

>>60029666
>Doesn't run on Linux

>>60029019
>Written in Rust

File: oh-god-why.png (118KB, 353x430px) Image search: [Google]

118KB, 353x430px

>>60029666
Nice digits, but explain why running on Linux is bad
>>60029765
Reasons, explain why
>>60029794
Again, explain

>>60029019
> written in a meme language

>>60030053
OP said that:
>Written in C

their product's wiki is really barren.

>>60030022
Rust guarantees security exploits because people think that rust protects them, while they don't get that logic mistakes are worse than UB.

File: 1461774406040.png (315KB, 1876x559px) Image search: [Google]

315KB, 1876x559px

>>60030022
C is the mother of all security exploits (specially in Linux).

It's not very surprising. When C was created back in the 70's ancient time the main concern was the scarcity of computer hardware resources. People were more concerned about how to run a program in 300MHz processor with 64MiB RAM. No one thought about security and security exploits, the concept of security did not really exist back then.

Half a century later C's glaring holes show how faulty the language's philosophy is.

>>60030134
Screenshotting your own posts is pathetic

>>60030145
Got any argument left? No? Thought so

>>60030022
There you go, a C apologist. C apologists are NSA shills plain and simple. Rust makes it harder to produce vulnerable programs as it actually implements safety precautions like Bounds checking, dangling pointer prevention, data race prevention, lifetimes etc. This is against the interest of the NSA and so they are shilling C so that people continue to produce exploit prone, unsafe and vulnerable programs.

Ignore the NSA/C shills. Programming in C should be banned and outlawed.
Say no to security exploits, say no to the NSA. Your data and your privacy is worth preserving.

>>60030165

>Programming in C should be banned and outlawed.
What business do you think the government has regulating what languages people are and aren't allowed to use in writing programs?

>>60030199
>>60030199
If the government is trying to ban encryption they should ban C too.

>>60030165
The arguments were in the 300 posts you didn't include in your screenshot you mong :^)

>>60030199
Seriously, at this point, the business of national defense.

China, Russia, and others are seriously fucking US economy and defense interests through cyber espionage and C/C++ makes the attack surface way larger than it'd be if everyone used safe(r) languages.

>>60030217

The government should not be allowed to ban encryption either. We should oppose them at every instance in their attempts to regulate the software industry and the Internet.

>>60030255
>2017
>double free
hahaha
https://bugzilla.redhat.com/show_bug.cgi?id=1428319

Amazingly, there are NSA shills that will defend THIS

>>60029019
>written in Java or adobe flash
>windows exclusive
>free but closed source

>fags UNIRONICALLY replying frogposting
>fucking frogposting in 2017

Do the world a favour and cut your neck you fucking retards.

>>60030255

>national defense
You know they use C++ in the F-35, right? Do you want to tell the military "you just spent a trillion dollars on a fighter jet, and by the way, you're no longer allowed to use the software you're using to control it now."

>>60030322
Lockhead uses C++ too, the templates are so broken they banned the usage of templates within the company by themselves.

I wouldn't write a system for a nuclear powerplant in C, not ever.

It uses a google captcha for authentication

>>60030322
>tfw your jet gets hacked out of the sky

Not only does the F-35 use C/C++, but so does the computer that the source code and other system details are on.

So now the Chinese guaranteed have a copy of the F-35's computer systems and are trying to figure out how to buffer overflow its RADAR systems and shit.

>>60030360
>I wouldn't write a system for a nuclear powerplant in C, not ever.
Maybe because you never had any training in safe and secure software.

Military and Nuclear facilities have verified compilers and verify their code significantly better than any civil institution.

Things still slipped through, but *save* languages wouldn't prevent replacing /10 with

 * 0.1 

since that's a logic error.

>>60030360

>the templates are so broken they banned the usage of templates within the company by themselves.
Funny, templates are one of the most powerful tools in C++'s arsenal. You just have to not be a complete retard.

>I wouldn't write a system for a nuclear powerplant in C, not ever.
Right, but what about modern C++?

>>60030394
>Things still slipped through, but *save* languages wouldn't prevent replacing /10 with

 * 0.1 

since that's a logic error.
what?

>open source
every schmuck 19 yr old russian can see the code and its flaws to exploit them

>>60030411
Ever heard of the patriot missile bug?
That happened because someone thought it was smart to replace a division with a multiplication on floats, since that's faster.
But we can't store 0.1 in floats, so that bug reduced the accuracy of the operation and things went out of the specified conditions.

>>60030394
It's not about making a perfectly safe language, it's about reducing your attack surface.

Oh, yes. I'm going to make logic errors anyways, so let's just go ahead and double+ the number of exploits in my system because I choose to use C/C++.

>>60030389

It is incredibly easy to not buffer overflow in C++.

Can someone explain to me what security means ? I've been coding in C for 6 years.

>>60030425
Great, you followed best practices.

Now how about the literally thousands of other subtle mistakes that can be made in C++ that will just get flatly rejected in Rust and other safer languages?

>>60030444
you just test your code

>>60030422
If you are thinking about nuclear or the F35 example and think that transforming security into safety problems you don't have any idea what the problem is.

File: 1486541839800.png (100KB, 1244x1024px) Image search: [Google]

100KB, 1244x1024px

>>60030408
see pic

>>60030418
>missile bug
doesn't sound very pleasing.

>>60030165
they already have a hardware backdoor in your PC anyway

>>60030431

It means that you can throw stupid inputs at the program all day, and you still manage to maintain:

Confidentiality
Integrity
Accessibility

>>60030462
>doesn't sound very pleasing.
It wasn't. The system misjudged by a couple hundred meters and failed to destroy a missile.

Just a nice little example of logic errors that are stupidly embedded into how our hardware works and no system currently catches in a static way.

>>60030418
>>60030418
>we can't store 0.1 in floats
Please tell me more. I am curious

import std.stdio;

void main(string[] args) 
{
    float x = (2.9*0.1);
    writeln(x);
}

> 0.29

>>60029019
>t. Java Toddler

people who are using templates for """template metaprogramming""" are insane

>>60030491
Ty.

Isn't it linked to networking as well ?
Because if a user wants to crash his program by sending inane inputs, what is the problem ?

>>60030524
>t. C toddler

>>60030519
Getting lucky with your rounding, great fucking shit.
Unless you are able to show that it works for EVERY input you showed nothing.

Did you check which format that 0.1 is stored in? And if the compiler re-optimizes it to a /10 because it considers that as "better"?

>>60030134
>back in the 70's
>300 MHz processor with 64MiB RAM
>"MiB"
You have to be 18 or over to post on this web site.

>>60030519
Whoo one fucking testcase works. Great shit, stop the presses, math was proving wrong.

Check ieee754. If you are using floats, 0.1 is not a possibly accurate value (unless you have infinite memory, but that's not specified in 754 either way).

>>60030165
>Got any argument left? No? Thought so
did you really screenshot your own post?

File: Beautiful-girls-laughing.jpg (59KB, 550x340px) Image search: [Google]

59KB, 550x340px

>>60030418
>>60030538
>he thinks rounding issues are limited to C
>and not inherent to floating point arithmetic

>>60030413
This

>Hurr of course it's safe everyone can see the source so leaks are always fixed
Yeah no. No one is going to sift through piles of spaghetti code for hundreds of thousands of programs

>>60030413
you can find bugs in closed-source programs as well

File: 1462143529629.png (289KB, 1280x905px) Image search: [Google]

289KB, 1280x905px

>>60030539
Permanent reminder
>>60030555
>>60030560
Can you give me more test cases?

>>60030460
>hur durr let's just rephrase the arugment so that I can continue believing there's no reason to use Rust and other safe(r) languages and their ability to eliminate whole classes of bugs, including the sort of bugs that allowed the heartbleed exploit.

>>60030456
testing your code isn't a complete solution, though

>>60030087
are you retarded? what kind of twisted logic is this?
by usinh Rust, you just eliminated whole classes of security problems... what, you think C code magically lacks logic mistakes simply because it may have OTHER vulns?

>>60030572
>>60030413
You do realize you don't fit into the thead, right?

>>60030615
That's called mental gymnastics, NSA/C shills are good at it

>>written in meme language
>>le ebin html ui xD

>>60030567
Do you by chance want to direct that to the other people not getting the problem?

It's an IEEE754 problem here, not even really rounding, but limited accuracy.
Rounding is even more fun, but can be predicted since, you never guess, it's deterministic.

>>60030572
> Hurr durr the bad guys will sift through all that shit and no good guy ever will
The quality of opening source hinges on the work put into it from either side.


>>60030600
> Hurr durr let's ignore that safety is actually a problem and so called "save languages" do little work to actually be save, but only transform problems from security into savety
You don't prevent bug classes, you transform them from security relevant to safety relevant.
Which is good for things like webservers and home users, but nuclear plants, rockets, military don't value one over the other much, since both are catastrophic.

>>60030598
Nobody in the 70's had a 300 MHz processor or 64MB of RAM you diaper wearing faggot. The Cray 1, the fastest supercomputer from 1976 to 1982, ran at 80 MHz and had 8MB of RAM.

And 'MiB' wasn't a thing until the 2000's. I'm sure it existed before then, but NOBODY in the industry used it.

>>60030649
>'MiB' wasn't a thing until the 2000's
really made me think

>>60030418
what are you even doing here?

File: IMG_5337.png (139KB, 1600x1799px) Image search: [Google]

139KB, 1600x1799px

Similar to pic related is being done against C to push Rusts' agenda

File: 1488937702350.jpg (19KB, 320x318px) Image search: [Google]

19KB, 320x318px

>>60030820
Back to >>>/v/, autistic neckbeard.

>>60030600
http://www.tedunangst.com/flak/post/heartbleed-in-rust
>>60030444
>Lets use a language that doesn't have a standard and almost no support.
You can write safe C code, and there have been plenty of other safe languages you could use before using something that isn't even ready yet.

>>60030863
>>60030863
>, I’m surprised how many focused on the private keys to the exclusion of everything else. Even with Yahoo’s private key, I wasn’t in a position to intercept their traffic. But usernames and session cookies? Those I could use from anywhere. Or SMTP. Many connections are upgraded with STARTTLS, but without authentication. Anyone in the position to execute a MITM with a stolen key could simply strip TLS. Heartbleed, however, allowed people from around the world to read any email I had recently received.

>Interestingly, despite the obvious parallels to Heartbleed, the recent X server XkbSetGeometry info leak is probably a better example of a bug that rust would have prevented

>For further reading, the JetLeak vuln in Jetty is practically identical to Heartbleed, except it occurred in Java, a nominally memory safe language.

One might also consider one of the bugs CloudFlare found in their Go DNS code. “The catch was that our ‘pack and send’ code pools []byte buffers to reduce GC and allocation churn, so buffers passed to dns.msg.PackBuffer(buf []byte) can be ‘dirty’ from previous uses.” Oops.

Tony took another look at Would Rust have prevented Heartbleed?. I think it’s a good post, summarizing the issue and clearly breaking down the difference between Heartbleed and “Tedbleed”. But again with the private key fixation. Worst case scenario for Tedbleed is “An attacker can recover arbitrary plaintexts from encrypted traffic”. I don’t think it gets much worse than that. I certainly don’t agree that Heartbleed is “a lot worse” than that.

>Comments are disabled
hmm

>>60029019
Anything by:
>autodesk
>Microsoft
>apple
>adobe
>canonical
>linux foundation

>>60030165
Programming in Rust means trusting other people for your programs security. No thanks I'll check my own pointers tyvm.

>>60030538
retard
>>60030555
retard
>>60030519
writeln rounds to 6 decimal digits. try

writefln("%.50f\n%.50f", 0.1f, 2.9*0.1);

note that 2.9*0.1 is evaluated with double precision

>>60031094
Double precision floating point is still a floating point and subject to the underlying mathematical problem that 0.1 can not be represented in finite memory with the used encoding.

>writeln rounds to 6 decimal digits. try
Explains a lot actually

>>60031092
No one prevents you from checking your own pointers in Rust, and it gives you extra security features on top of that. What a shitty analogy. Stop spreading superficial FUDs

>>60030418
This is not why that happened, it was a discrepancy between the hardware clock and how the software was sorting the floats. There was a nontrivial error introduced if the systems weren't reset every two days.
>Idiot grunts didn't reset the system
Additionally they were using old hardware from old rockets due to budget shortfalls

>>60031152
Since it was not an analogy sure it was a pretty shitty one.
Literally nothing Rust provides cannot easily be done in C. Some people like having their hand held. It's fine you don't need to be so defensive.

>>60030134
In the 70s 300Mhz and 64MiB ram would be considered imaginary godhood.

Even with a 4mhz processor and 64KiB ram people were like "WHAT THE HELL ARE WE SUPPOSED TO DO WITH ALL OF THIS"

>>60031236
>Rust provides cannot easily be done in C
Not rust, there are many things C doesn't provide. Modules, Generics, Error handling, lambdas, actual metaprogramming and the list goes on.

Also by your logic writing C means you are trusting your security with the compilers other people wrote. Go being a brain dead idiot somewhere else

>>60030600
>hur durr let's take a bug in a 30 year old software projects disregarding all programming best practice and shift the blame on the programming language

>>60031276
>a bug
>30 y/o
C was a mistake

>>60029019
>desktop app
>powered by java

guaranteed memory leaks combined with 2GB ram usage at minimum.

>>60031290
Go choke on a dick, SJW. There is your hearbleed in Rust:

struct OpenSSLShit {
   // Don't use Vec<u8> here, we can't afford these allocations 
   // because we need speed and shit
   buffer: *const u8,
}

>b-but this would never happen in a 30 year old Rust project with a trillion lines of code written by old guys and some undergrad students because they will stick to programming best practice

This shows how two faced all of your security comparisons are.

>>60031369
Do you know what heartbleed bug is you fucking low IQ dipshit C.uck?

>>60031369
Holy shit Rust faggot BTFO'd. Maybe now he will fuck off for good.

>but muh language safety!

anything that requires vmware is a backdoor
installing programs made by some rando @ his moms basement is a nono. backdoors/trojans.

File: 1129ab1d8beb70e13205c705595ace02.jpg (60KB, 498x668px) Image search: [Google]

60KB, 498x668px

>>60029019
>software is proprietary
Oh so you mean I don't own it? Yes good.

NEEEXT

>he doesn't use millions of external tools that will validate C at code level and during runtime, provide memory safety and protect against UB and security exploits to a level incomprehesible to an average rust evangelical strikeforce member, because C had decades to create and perfect such tools, while rust is still useless for anything else than masturbating about muh memory safety

>>60030283
This

>developer only publishes linux and mac releases even though source compiles fine on windows

>>60031943
"compiles" isn't really the same as "works well". even if test suite passes there may be strange corner cases on windows. dev may simply say windows is not officially suported, so you'll be on your own if shit happens, it's his right.
also when you have the sources, binary packages are just a convenience frrom the developer.

>>60031800
>he thinks those tools will catch all the bugs
the task of an exploit developer is to bypass those shitty tools/security measures...

also, protip: they won't tell you about your bugs, because an exploitable bug means $$$

>>60030322
Half the military would jump at the chance to drop the F-35. It's an overpriced piece of shit that congress and the security companies are trying to force them to adopt.

>>60030134
I program systems with 32KB of memory running at 20MHz. Tell me why I shouldn't use C.

>>60033405
context is important, m8

>>60030134
Nigger you can't write an OS with Python, JS, or your meme Java language.

Also
>programmer does stupid thing
>HURR DURR ITS THE LANGUAGE'S FAULT
kys retard, bet you're just a CS undergrad.

File: PIC.jpg (20KB, 539x361px) Image search: [Google]

20KB, 539x361px

>>60033405
my man

>>60030360
> I wouldn't write a system for a nuclear powerplant in C, not ever.
What would you write it on?

>>60035503
COBOL

>>60033405
just use node.js dude.

>>60031194
>Writing a system that needs to be restarted every 2 days

>>60030228
>using the smiley with a carat nose

>Using JavaScript
>It's not for a website

>>60030274
C was a mistake

>>60031274
Oh ok you should have said you've never programmed before in your life, then I would have known to just ignore your stupid ass.

File: 1468241808590.png (47KB, 381x292px) Image search: [Google]

47KB, 381x292px

>>60030165
i bet you can't even write a non-trivial example program in Rust

File: 1309992714001.jpg (122KB, 460x288px) Image search: [Google]

122KB, 460x288px

>>60029666

>>60039792
>still no arguments
sad

>>60030418
>>60031147
>>60030555

If the differences in rounding between *0.1 and /10 become significant, then what the FUCK are you doing.
Unless we're talking integers, although even THEN the difference should be irrelevant for all relevant cases.

https://news.ycombinator.com/item?id=10864176
I'm a very experienced C programmer and one day my boss came to me and said that the sales guys had already sold a non-existing client side module to a house hold name appliance manufacturer. The deal was inked and it had to be ready in only 3 months. Even worse, it had to run in the Unix kernel of the appliance and therefore be rock solid so as to not take the whole appliance down. It also had to be ultra high performance because the appliance was ultra high performance and very expensive. Now the really bad news: I had a team made up of 3 more experienced C developers (including myself) and 3 very un-experienced C developers. We also estimated that in order to code all the functionality it would take at least 4 months. So we added on another 4 less experienced C developers (the office didn't have a lot of C developers). The project was completed in time, a success, and almost no bugs were found, and yet many developers without much C experience worked on the project. How?
(a) No dynamic memory allocation was used at run-time and therefore we never had to worry about memory leaks.
(b) Very, very few pointers were used. Instead mainly arrays. And not just C developers understand array syntax, e.g. myarray[i].member = 1 :-) Therefore we never had to worry about invalid pointers.
(c) Source changes could only be committed together with automated tests resulting in 100% code coverage
In essence, we created a kind of 'dumbed down' version of C which was approaching being as easy to code in as a high level scripting language. Developers found themselves empowered to write a lot of code very quickly because they could rely on the automated testing to ensure that they hadn't inadvertently broken something

>>60029019
>>Written in C
>Guaranteed security exploits

>>Written in x Language
>Guaranteed security exploits

>>60041740
C is a dumbed down version of C++

>>60041740
Sounds like shit that never happened