Thread replies: 194
Thread images: 32
Thread images: 32
Anonymous
/dcsvt/ - Daily C security vulnerability thread 2017-04-25 12:13:30 Post No. 60058392
[Report] Image search: [Google]
/dcsvt/ - Daily C security vulnerability thread 2017-04-25 12:13:30 Post No. 60058392
[Report] Image search: [Google]
File: 1486037277518.jpg (233KB, 503x662px) Image search:
[Google]
233KB, 503x662px
/dcsvt/ - Daily C security vulnerability thread
Anonymous
2017-04-25 12:13:30
Post No. 60058392
[Report]
Previously >>60025712
Welcome to /dcsvg/ where we discuss security vulnerabilities caused by stagnant C/C++ which is preventable by default by modern languages and their compilers.
>ITT
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
>Exploit summary
This exploit would let an attacker invoke denial of service in Linux. Authentication is NOT required to exploit this vulnerability.
>Caused by
Use after free.
Here’s a simple example of user after free in C, it's a valid C code:uint8_t* pointer = (uint8_t*) malloc(SIZE);
...
if (err) {
abort = 1;
free(pointer);
}
...
if (abort) {
logError("operation aborted before commit", pointer);
}
>How modern languages tackle this issue:
Like C++, Rust uses the RAII approach everywhere (Resources Acquisition Is Initialization). That means that every variable is deterministically freed when it goes out of scope (= a pair of curly braces). So with “safe” Rust, you NEVER need to worry about freeing memory.
But Rust doesn’t stop there. It goes a crucial step further. It won’t let you access memory that was freed! That’s enforced via the Ownership rules.
In Rust, variables have a property that’s called Ownership.
An owner has the rights to use its data freely. Also, it can lend its data for a limited lifetime (= Borrowing).
Moreover, data can only have a single owner. Thus, the scope of the owner dictates where the data will be freed (via RAII).
TLDR:C == GUARANTEED SECURITY EXPLOITS
>Why does windows has less exploits in comparison
Written in C++, it has RAII
>>
>>60058392
Look up CVE-2017-7374
>>
>>60058392
>which is preventable by default by modern languages and their compilers.
Rust won't prevent integer overflow bugs any more than C or C++ will.
>>
>>60058465
Who said anything about integer overflow?
Dumb C tard fuck off
>>
>>60058482
This thread is about security vulnerabilities. Integer overflow is a security vuln.
>>
>>60058498
Which is why rust has checkedadd()
>>
>>60058507
Not by default.
GCC C has https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
>>
>>60058533
>Not by default.
Nice try, NSA
>>
>>60058551
Try actually using the languages you shill.
The Rust compiler disables overflow checks in release builds.
>>
>>60058563
And it doesn't do that in debug builds. Nice try diverting the attention from >>60058392 though, fucking CIA nigger
>>
>>60058593
Test cases are not all encompassing.
It's quite easy for an integer overflow to escape testing, and in rust it'll quite easily land into release like with any other language.
You're a retarded diehard safety fag who won't listen to any reason whatsoever, and you clearly know nothing at all about actual software development.
>>
>>60058634
>safety is bad
I know would say that why don't you try fucking right off, cocksucking faggot?
>>
>>60058654
>>safety is bad
Can you point to the post where I said that?
>>
>>60058634
are you just RUST shill?
>>
>>60058685
I'm not seeing it.
I see me calling you a diehard safety fag, but I don't see anywhere where I say that safety is bad.
>>
>>60058465
Not only C doesn't prevent integer overflow but also C doesn't prevent invalid pointer returns. What a shitty language.
>>
>>60058697
What?
>>
>>60058703
Nice backpedaling. 12 shekels will be deposited into your NSA/C defense force campaign account for trying to divert attention.
>>
File: 1477845093406.png (245KB, 1855x577px) Image search:
[Google]
245KB, 1855x577px
>>60058465
>>60058392
LOL repeat after me:
C was a _____
>>
>>60058704
>C doesn't xyz
It makes a lot more sense if you think of it as portable assembler. It gives you control over the hardware instead of trying to hide it.
>>
>>60058704
Yes, I know that, what's your point?
I'm not a diehard Cfag so I'm not going to defend that, but it's only when you start doing low level things where you start to appreciate the language not getting in your damn way all the time.
Low level programming is inherently unsafe.
>>60058728
Backpedalling? where?
If you think me calling you a diehard safety fag means I think safety is bad, then you'd be wrong.
I don't think safety is bad, but I think people like you who defend it AT ALL COSTS and disregard any reasoning and coherency are severely retarded.
Example: >>60058753
>>
>>60058771
"""portable""" garbage is for people who cannot write ASM
>>
Write a UEFI bootloader in your safe language, scriptkiddies.
>>
File: 1462976315180.jpg (8KB, 244x206px) Image search:
[Google]
8KB, 244x206px
>>60058788
>Backpedalling? where?
>I'm not a diehard Cfag
>If you think me calling you a diehard safety fag means I think safety is bad, then you'd be wrong.
Are you alright there, anon?
>>
does these threads just a shill thread?
>>
>>60058822
Yeah, I shill for safety. I shill for security
>>
>>60058799
It's possible in Rust, you just need a few unsafe blocks.
Rust is actually a proper systems language, and it's safety features can be easily bypassed when needed.
It's just that it's easier and simpler to do in C or C++.
Of course, if you have any competency in programming at all, safety shouldn't be a concern for you, so C is a good choice for simplicity reasons.
>>
It's hilarious how Rust faggots can only advocate for their shitty language by attacking other languages.
>>
>>60058816
Point to the post where I claimed I was a Cfag.
You don't have to be a Cfag to defend C. Actually I'm not even defending C, I'm just dispelling your stupidity.
Literally the only people who bash C is retards who don't know how to program.
t. Rustfag
>>
>>60058843
>Rust is actually a proper systems language, and it's safety features can be easily bypassed when needed
_Its_ safety measures are unnecessary for competent programmers. Now learn some grammar and fuck off.
>>
File: 1464295247279.png (377KB, 3555x2198px) Image search:
[Google]
377KB, 3555x2198px
>>60058857
Oh no it's not like C tards attack other languages for what shortcomings they have, amirite?
>>
>>60058871
I agree.
>>
>>60058857
No, you're just seeing it that way.
>>
>>60058871
Name one competent C programmer
>>
>>60058392
>windows has less exploits
Oh my god
>>
>>60058902
Linus Torvalds
>>
File: 1493069834059.jpg (38KB, 500x667px) Image search:
[Google]
38KB, 500x667px
The reason Rust is being pushed so hard is because social justice warriors have found great difficulty penetrating the communities of open source system coders who use C and/or C++.
The "safety" features give advantages to lobotomised Feminist studies "coders" who are trying to "disrupt" these communities while breaking the knee caps of everyone else who knows what they are doing.
Literally nothing in Rust actually solves problems that haven't already been solved by RAII in C++ and even some GC/stack/heap techniques in the arguably superior but slower D compiler.
The advocates are all social justice warriors and this is their "long march through the development communities". They are employing critical theory against their main targets C and C++, by criticising everything it is and does and demonising its users. They've held back their "cis het white male" jargonism for now, but once they have established a foot hold "killer app", expect them to go wild with it. Just read through the big throbbing CoC they've erected on their main website.
Rust is kill. Don't touch it, spit on all its advocates.
>>
>>60058920
Thanks for the most bug ridden and vulnerable kernel in 2017, Linus. Consider your project dead after you die as well
>>
>>60058953
That would be Windows.
Torvalds doesn't even write any code for Linux anymore, he just merges pull requests.
Someone else is responsible for the bug in the OP.
>>
>>60058940
D hasn't removed their GC just yet, Rust is still miles ahead of D. Nice try to appeal gullible /pol/ babbies with your muh SJW bogeyman so they forget about the elephant in the room called security and privacy
>>
>>60058982
wont you tired of samefagging?
>>
File: rust-sjw.jpg (62KB, 480x268px) Image search:
[Google]
62KB, 480x268px
>>60058953
>t. Rustfags
>>
>>60058940
> He thinks a bloated language can replace C
They lost before they even started. All the bloated languages that can't be deeply understood without devoting your life to them will eventually die.
C++, C#, Java, Object-C, Go, Python, all this shit will eventually go down in flames. Languages like C and Lua will prevail.
By the way, do you know any more small, may be niche, languages like C and Lua, that were not dissolved into uncountable dialects? Regex would count too, I suppose, there aren't too many differences once you know the basics.
>>
>>60058940
>The "safety" features give advantages to lobotomised Feminist studies "coders" who are trying to "disrupt" these communities while breaking the knee caps of everyone else who knows what they are doing.
Hmmmm
>Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. CVE-2017-7374
> The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. (CVE-2017-6951)
>The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. (CVE-2017-5577)
>The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)
All these in 2017. I'm afraid your /pol/ bullcrap isn't solving any of these
>>
>>60059011
Nigger
>>
>>60059013
What are you talking about? C is a bloated language.
>>
>>60058982
>/pol/ babbies
Notice how Rustfags can never call you a faggot or a nigger. They have to use infantalisation terms. This is because their SJW-programming short circuits the moment
>D hasn't removed their GC just yet,
And?
C++ has shared_ptr<>, unique_ptr<> and weak_ptr<>, Rust literally has no point except for penetration of existing communities by the same freak Firefux show that fired the creator of javascript (Brendan Eich) because he exercised his democratic right to fund a lobbying firm. In truth, just to stop his resistance against w3c's agenda of inserting DRM into HTML5.
We are well aware of your agenda, don't think for a minute we are ignorant of it.
>>
>>60059031
>/pol/ outgrouping
Back to >>>/lgbt/ you go.
>>60059042
>C
>bloated
I mean what's less "bloated", FORTH? Scheme? Go fuck yourself.
>>
>>60059042
Well, if C is bloated, then Rust is your mom.
>>60059031
This is the nature of a monolithic kernel. There will always be bugs in a monolithic kernel. Microkernels are the answer.
>>
>>60059011
Isn't it amazing when C toddlers defend Linux when Linux itself is literal SJW garbage?
>D hasn't removed their GC just yet,
>And?
Suffers from sub par GC performance. Fuck off, idiot, D isn't all that bad but I'd wait until they completely remove GC to actually compete against Rust
>>
>>60059046
>Notice how Rustfags can never call you a faggot or a nigger.
But this >>60059036 one just did.
>>
>>60059065
>>/pol/ outgrouping
>
>Back to >>>/lgbt/ you go.
What you don't realize is /pol/ and /lgbt/ are actually crossboarders. Never been to /pol/? I thought so
>>
>>60058392
(((Rust)))
>>
File: 1486001190929.jpg (180KB, 500x380px) Image search:
[Google]
180KB, 500x380px
>>60059046
NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER NIGGER XDXDdddDDDxD
Am I /pol/ yet?
>>
>(((>>60059097)))
>>
>>60059102
Reported to SJW HQ
You can kiss goodbye to you Shariablue cents, goy
>>
>>60059102
kek
>>
>>60059065
>Sending a /pol/ fag to /lgbt/ manually
How new are you?
>>
>>60059046
C++'s scoped pointers don't have any support by the compiler; shared_ptr<> doesn't protect against data races and none of them stop access after the resource has been destroyed, moreover Rust's type checker guards against data races, iterator invalidation and other things C++ doesn't because it can't due to the fundamental design choices it made early in its lifetime.
>>60059065
People outgroup /pol/ because you're all incapable of not dragging your dumb internet crusades into unrelated topics and use it to divert from topical discussions, like you just did with your response.
>>
>>60059102
>XD
get out
... and take your rusty shit with you
C++ already has awesome sanitizers so your MUH SAFETY bs isn't welcome here
https://www.youtube.com/watch?v=Q2C2lP8_tNE
>>
>>60059102
whoa that was fucking hardcore
>>
>>60059147
> C++
Kill yourself too
>>
File: 1470820586596.png (100KB, 1244x1024px) Image search:
[Google]
100KB, 1244x1024px
>>60059147
>C++
LMAO Even C is bettar than that fucking SHITE broken language
>>
>>60059142
>shared_ptr<> doesn't protect against data races and none of them stop access after the resource has been destroyed
Yes they do if you use the locks properly, holy fuck are you retarded? You sound like you haven't written a line of C++.
>Rust's type checker guards against data races, iterator invalidation and other things C++ doesn't because it can't due to the fundamental design choices it made early in its lifetime.
Except it can if you use the right tools. e.g >>60059147
>>60059142
>People outgroup /pol/ because you're all incapable
>We outgroup you into this group because you're part of this group
Good to know your Rustic mind can't recognise circular logic. Cool argument bro. >>>/lgbt/
>>
>>60059147
>awesome sanitizers xzDdddDDDDxdd
welcome to 2007, the year you were born
>>
Nuke this board already, it's all stupid generals, falseflagging shills, and /v/ermin.
>>
>>60059171
OH MY GOD I HATE C++ NOW!!!!!!!11XD
I AM NOW A FULLY FLEDGED TRANNIE-USING RUST. YOUR CODEBASE IS NOW SAFE FROM MY MENTAL ILLNESS.
THANK YOU BASED (((MOZILLA))).
>>
->60059147
>C++
You tried. No (you) for you
>>
File: 1492003532363.png (48KB, 778x1068px) Image search:
[Google]
48KB, 778x1068px
>>60059188
>xzDdddDDDDxdd
Seriously if I didn't know any better I would have thought the Rust faggots on this thread were false flaggers.
But clearly they're this retarded. Threads like this are why no body likes your shit language.
>>
>>60058728
He didn't say safety was bad, he said you were a safety fag. Which even if one takes context into account and a negative connotation, only means that safety is bad in your case. And I can see his point. You post these threads daily and seem either paid or obsessed. Anything in that extreme is bound to be bad in some ways. I think the go-to though is a shitty community which constantly baits and shills a language that may well have been decent, but now everyone hates. And its mostly because of you screaming incoherently about safety.
Thus you are a safety fag. Mods you don't have to ban rust threads, but can you please ban rust shitposters at least?
>>
File: 1474027160545.jpg (147KB, 2038x1505px) Image search:
[Google]
147KB, 2038x1505px
>>60059198
Oooooh, struck your nerve, haven't I?
>>
>>60059215
>waaa mods ban them they hurt my feelings
Fuck off back to plebbit, NSA cuck
>>
>>60058392
C really was a mistake after all. 45 years and these bugs still pop up
>>
File: 1463012043391.jpg (28KB, 642x481px) Image search:
[Google]
28KB, 642x481px
>Amount of C apologists ITT
Fucking WEW. No wonder there, CIA posts on /g/ now
HURR DURR DON'T BRING THIS UP GOYIM, C IS GOOD
>>
>>60059237
>NSA cuck
>Implying Mozilla is not compromised after Eich was removed
>>
>>60059179
>Yes they do if you use the locks properly,
This isn't something enforceable by the compiler in C++ and "it works right if you don't make mistakes" is a tangent to the idea that rust is better because it stops these errors from happening by way of compiler checks in the first place.
>Except it can if you use the right tools.
These are runtime debugging tools; they can't catch all errors of those categories and they only work if and when the control flow reaches the bug during testing.
>Good to know your Rustic mind can't recognise circular logic.
Generalizing about someone from the negative qualities of a group isn't the same as dismissing someone for solely being part of it. You don't seem any better at this.
>>
Holy fucking shit, can Rust faggots be any more fucking shit. This thread is so fucking horrible holy fuck. C is a perfectly fine language, you can not blame it for the mistakes of inept programmers who do simple things like use after free, or don't check their buffer bounds.
>>
>>60059268
This. If you are defending C after all these you are either an idiot suffering from baby duck syndrome or an actual paid NSA shill.
China, Russia and (((Israel))) are constantly attacking our cyberspace and there are idiots that defend C in this decade
>>
>>60059339
Why do you have to blame the programmer if the language/compiler is able automate tedious tasks for you?
>>
>>60058392
So this is the power of Linux
>>
>>60059364
You mean the power of C
>>
>>60059350
because those things cause extra overhead if they are happening at runtime, otherwise you could just employ static analysis and be able to achieve the same results.
>>
>>60059323
>This isn't something enforceable by the compiler in C++
Which is a GOOD THING because that's not the compiler's job. That's what sanitizers are for.
>These are runtime debugging tools
WRONG.
https://github.com/google/sanitizers
> Generalizing about someone from the negative qualities of a group
>Still employing circular logic by outgrouping as priori
What part of circular logic does your tiny head not comprehend?
>>
>>60059397
>you could just employ static analysis
Why is that optional? Static analysis should and must be compulsory in compiler or project management.
Linux is not a hobby project. I'm pretty sure people that write Linux is smarter than you and yet they keep "mysteriously" forgetting about using static analysis
>>
File: 1493084234934.jpg (898KB, 1570x1876px) Image search:
[Google]
898KB, 1570x1876px
Fresh OC
>>
File: 1467109777987.jpg (49KB, 600x900px) Image search:
[Google]
49KB, 600x900px
>>60059471
Why does C attract underage memelords? Legit question.
>>
>>60059481
Why does Rust attract homosexuals?
>>
>>60059481
Why do pro rust shitposters all sound like they learned to speak "4chan" from /pol/?
>>
>>60059485
Case on point.
>>
>>60059339
>you can not blame it for the mistakes of inept programmers who do simple things like use after free, or don't check their buffer bounds.
Basically every major project written in C has a not-insignificant portion of incompetent programmers then, based on the long track-record of vulnerabilities. It's good we can agree C users are too inept and need better tools then.
>>60059397
Rust (and many other safe languages) run their checks at compile time with zero runtime cost, and C and C++ do not have enough sophistication in their type system to support the same level of static analysis.
>>60059402
>Which is a GOOD THING because that's not the compiler's job.
Type checking your program to guard against clear semantic errors is exactly what the compiler's job is and the more well-developed the type system, the better job it will do of it.
>WRONG.
All three of the tools listed in the title of that video have runtime components that are linked to the resulting binary. Check their documentation in the llvm project.
>What part of circular logic does your tiny head not comprehend?
Sorry, your understanding of the idea seems thin and you're bad at explaining your interpretation of it in relation to what I've posted. I guess you'll have to take solace in calling me dumb some more :^(
>>
>>60058876
This
>>
File: tumblr_o6crjzE5hk1v0pigno1_500.jpg (45KB, 409x409px) Image search:
[Google]
45KB, 409x409px
>no GC
Enjoy your memory leaks, rustfags
I'll stay comfy over here using Go
>>
>>60060143
Rust does a pretty good job preventing memory leaks but some leaks aren't prevented. It's the same with GC though
>>
>>60058392
How exactly is that perfectly valid C code? You free the pointer and then use it again. Obviously that's not valid.
Yes if there is no error, the pointer won't be freed, and the program will compile and execute. But I fail to see why you'd free the pointer at all if there is an error, and I definitely don't see that as good code.
I wouldn't blame the language for that, I'd blame sloppy devs
Unless you know of a valid reason to free that pointer in the if statement.
>>
>>60060277
It's not invalid and hence it compiles
>>
>>60058392
It's hilarious to see how many languages have to tried to upend C and failed miserably.
C++ is the only one that really can, and even when it's used in place of C, few of the "features" of C++ are used.
>>
>>60058392
>shit library devs are the language's problem!
Just use a sandboxed language if you're this retarded.
>>
>>60060321
Is whether or not it compiles all you care about? That's a poor philosophy, IMHO
I would consider this a bug or a runtime error
For one, relying on compiler's to be smart is bad practice.
For two, even "safe" languages have buggy code that runs but gives an unintended result. The only difference is that this buggy code leads to unsafe memory.
If code is buggy, it should be fixed. I don't see why it is the languages fault for people writing buggy code.
Under your definition of "valid code" bugs are perfectly valid, and run time errors can emerge from valid code. I can't say I agree with that understanding.
>>
File: Unsorted:B 669.png (676KB, 800x1200px) Image search:
[Google]
676KB, 800x1200px
now that multiple c to j.asm compilers exist, and of course any language really can do this. why not just move a javascript interpreter into the kernel and forget native code entirely
it's the most popular language with the most powerful modern oop opensource codebase.
portability would be solved forever and we can really do what we've been flirting with for years now, this is obviously what we need
browsers are the portal to 90% of average users programs, this can finally end this and make the computing world make sense.
Q1. Won't this be way slower than C or something?
WRONG! asm.js is approaching C speeds even with little investment being done so far, infact C compiled into asm.js is actually faster than Clang compiled code for box2d game engine.
Source: https://hacks.mozilla.org/2013/12/gap-between-asm-js-and-native-performance-gets-even-narrower-with-float32-optimizations/
Q2. what about vm overhead! it can never truly be as fast!
WRONG!. Infact according to a study by Microsoft a shift to virtual memory protection instead of hardware based irq we can increase speed by 25 - 40%
using a conservative 80-90% vm overhead we can actually gain a modest speed increase with our new kernal j.asm interpreter
source: http://research.cs.wisc.edu/areas/os/Seminar/schedules/papers/Deconstructing_Process_Isolation_final.pdf
Q3. Won't this be insecure!
WRONG! how often does javascript break out of sandbox today? Anyway. libcurl is written in one of the most insecure and outadted languates ever C, with no garbage collection and shitty manual memory management its practically a joke in the security world; yet libcurl is constantly and exhaustively searched for issues and therefore remains relevant even now
source: https://daniel.haxx.se/blog/2017/03/27/curl-is-c/
so /g/, is it time to dump native code and move everything to the worlds most popular language?
I say yes
>>
>>60060441
Why would a compiler compile an invalid code?
wtf I hate C now even more
>>
>>60058392
more like rust shilling thread
>>
>>60060459
You are fucking retarded.
>>
File: Unsorted:B 713.png (660KB, 800x1200px) Image search:
[Google]
660KB, 800x1200px
>>60060496
not an argument lol
>>
>>
>>60060528
Shill for Java then.
>>
>>60060486
Wtf true, JavaScript is never buggy with it's interpreter, we should all use that
>>
>>60060528
you are not shill for security, you are shill for rust
>>
>>60060556
Which has more security
>>
>>60058507
>people are going to use checkedadd(x, y) instead of x + y everywhere
Wew, it's like super cancer.
>>
>>60060569
and still has exploit
>>
>>60060573
check 'em, faggot
>>
>>60060581
less* exploit
>>
>>60060597
it's still exploit
>>
>>60060624
..that are statistically less probable
>>
>>60060581
You mean C is less safe.
>>
File: 1nu6mc.jpg (52KB, 702x395px) Image search:
[Google]
52KB, 702x395px
>>60060597
That's because no one uses it.
>>
File: chuunibyou_demo_koi_ga_shitai-11-dekomori-crying-tears-sad.jpg (83KB, 1280x720px) Image search:
[Google]
83KB, 1280x720px
oh no, my program is full of security holes because I haven't read the C manuals and I don't understand Assembly,
>>
>>60060688
>117 posts
>19 posters
No one cares about your crappy, poorly titled, low-performing language whose only innovation is a new name. Every concept in rust is copied from other languages and your criticism of C is beyond invalid.
>>
>>60060876
> Every concept in rust is copied from other languages
Wtf I love rust now
>>
>>60058790
only someone who doesn't understand either asm nor C would say this
>>
File: bitches-dont-know-emacs.jpg (68KB, 473x555px) Image search:
[Google]
68KB, 473x555px
>>60060684
I smoked a lot of pot, and I laughed a lot at this - thank you
>>
>>60061004
Are there any other websites where you go to discuss Rust?
>>
ITT people who don't use analysis tools and think their compiler handles every single bug for them.
>>
>>60061044
>>
>>60061058
Very sad my man.
You need to find something else to do with your spare time. Your attitude here is just dismal and pathetic towards anyone who doesn't agree with you. You can't even play this off as trolling. If you find your insults are amusing to yourself then you simply have a pathetic sense of humor.
>>
>>60058465
>integer overflow
>security vulnerability thread
>>
Rusticide when?
>>
>>60060876
kek, that was my first post on this thread.
Get a life, because a job is out of question :^)
>>
What's a better language than C for embedded microcontroller development?
>>
>>60061266
The assclown will probably say Java
>>
>>60058392
>uint8_t* pointer = (uint8_t*) malloc(SIZE);
You are disqualified from taking about C if you cast your mallocs.
>>
>>60061232
keep samefagging
>>
File: download (1).jpg (5KB, 225x225px) Image search:
[Google]
5KB, 225x225px
>>60061391
whatever you say honey, now take your meds
>>
>>60058871
>unnecessary for competent programmers
this is what C-tards actually believe
they are machines who never mess up with code
ok kiddo
>>
>>60061044
youtube red©
>>
>>60058940
That's an interesting theory.
Long time ago I was considering doing a hobby os kernel in something like rust or D. It seemed to me that D didnt really support kernel dev, the D compiler made it difficult to write standalone without the library while it seemed rust was more supportive of kernel dev. But, with all the people with an agenda are shilling hard for it and so on makes me shy away from rust. Luckily, looks like the D compiler is becoming more supportive of this with things like "betterC".
Another weird anomaly about rust that I find strange is that some person made a OS in rust[1] an immediately after that individual released it, it started to become popular and attract over 40 developers. That's weird because many other talented individuals have developed OS projects in safer languages but none of them have gained any traction.
If it was a OS written in a safe language, why didnt any of the earlier projects catch on? Why was it this one specific rust project that attracted so much attention so quickly?
[1]: https://en.wikipedia.org/wiki/Redox_OS
>>
>>60058940
>>60059046
https://www.phoronix.com/scan.php?page=news_item&px=MTczODk
>Richard Newman of Mozilla also argued, "Mozilla isn't a company that's trying to win the market. It's a community that's trying to change the world.
>>
Rust is a meme though.
>>
>>60062242
Most of /g/ is meme-posting and trolling.
>>
#[derive(Copy, Clone, SocialJustice, EmpowerMarginalizedMinorities)]
struct FuckStraightWhiteMales {
ptr: *const u8,
}
impl FuckStraightWhiteMales {
fn new() {
FuckStraightWhiteMales{ ptr: unsafe { ::std::ptr::null() } }
}
}
impl Drop for FuckStraightWhiteMales {
fn drop(&mut self) {
unsafe { libc::free(self.ptr); }
}
}
fn main() {
let a = FuckStraightWhiteMales::new();
let b = a.clone();
}
Glad Rust warns me about this potential double free... NOT
>>
>>60058392
Ah yes, the classic "Error was a double free so I will dumb down the problem and take a retarded example instead of explaining how complicated the kernel code was that lead to this error and how 90% of vulnerabilities in the kernel are language-agnostic logic errors that are unavoidable in any other language"
>>
File: 986f0d9f001ef8a4bea3c1a5d0260c0d-imagejpeg.jpg (78KB, 900x900px) Image search:
[Google]
78KB, 900x900px
>>60061745
>That's weird because many other talented individuals have developed OS projects in safer languages but none of them have gained any traction.
It really tells you that SOMETHING is attracting people to Rust and it's nothing to do with merit. Very suspicious indeed.
>>60061803
>Mozilla isn't a company that's trying to win the market. It's a community that's trying to change the world.
https://www.macfound.org/grantees/543/
>Grants to Mozilla Foundation
>$2,000,000
>$1,500,000
>$2,050,000
Gee I wonder why they're funding them this much?
http://leftexposed.org/2016/02/macarthur-foundation/
> The John D. and Catherine T. MacArthur Foundation, the tenth largest philanthropic foundation in the United States, is one of the largest donors to “anti-technology” activism and progressive causes
>The foundation now focuses on funding what many would consider “hardcore” liberal causes.
http://www.newsbusters.org/blogs/business/alatheia-nielsen/2016/05/18/25-mil-liberal-soros-backed-media-macarthur-foundation
>$25 Mil to Liberal, Soros-Backed Media from MacArthur Foundation
Really triggers the neurons
>>
>>60061266
Rust
>>
>>60063413
>using language that has no compiler that can compile to microcontrollers
sure nigger
>>
>>60063432
I gotta admit, that was a pretty good bait
>>
>>60060573
you can make `+` use checkedadd for Integers in sane languages
Rust has typeclasses so it should be able to do that
>>
>>60058843
You think competent programmers never write buggy software.
I hope I never have to run any code written by you.
>>
>>60058871
t. someone who has never written code professionally
>>
>>60063413
Sorry but no one is going to be using a trannie-fueld programming language that gets in your way every fucking second you want to do something mission critical for embedded programming.
>>
>>60063611
Funny, I actually have a coding job.
>Professional
>Rust
LOL. Keep telling yourself that.
>>
>>60063843
>I have a coding job
Sure you do fucking webdev nodejs artisan, fuck off
>>
>>60063826
>too retarded for rust
stick to p*thon, mongrel
>>
>>60060143
Leaking memory accidentally is pretty hard in Rust. In fact it's pretty hard in any language that supports RAII.
Enjoy programming in your language literally made for retards, retard.
>>
File: 1492094982786.png (499KB, 944x720px) Image search:
[Google]
499KB, 944x720px
ANSI C or C99?
>>
>>60064221
C-ancer
>>
File: Smug_191c79_5762907.jpg (20KB, 379x364px) Image search:
[Google]
20KB, 379x364px
I guess C to rust is like a bicycle to tricycle, stick to tricycles rustfags
>>
>>60064241
>>60064221 (samefag)
How do you jump to that conclusion?
>>
>>60061189
integer overflow is a security vuln you dumbfuck.
>>
File: 2017-04-25-150258_391x102_scrot.png (11KB, 391x102px) Image search:
[Google]
11KB, 391x102px
>>60064247
does multiple people disagreeing with you hurt you this bad haha?
safety features are only needed if you struggle with managing memory and your application yourself, i guess rust is akin to a helmet in this regard, keep wearing it so you dont hit your head on poles lmao
>>
>>60064278
Sure took you a while to edit those elements. s̶m̶a̶r̶t̶ dumb anime poster
>>
>>60064221
C11, you retard.
>>
File: smugloli.png (2MB, 2048x1152px) Image search:
[Google]
2MB, 2048x1152px
>>60064294
sure, it was an inspect element, it's not like multiple people found out about your IQ, you can sigh in relief now xd
>>
>>60060684
>TempleOS is the most secure operating system
>>
You are not even trying anymore, s̶m̶a̶r̶t̶ dumb anime poster
>>
>>60064321
Well it seems I don't need to do anything myself, just let you talk and have people make their own conclusions, cheers <3
>>
You are not even making sense anymore, s̶m̶a̶r̶t̶ dumb anime poster
>>
C's strength is in performant cross architecture memory manipulation which it's still the best at. Think appliances and microcontrollers. You're not even correct about safety, C's weakness is in scaling.
>>
>>60064373
>C's weakness is in scaling.
Elaborate
>>
>>60064383
The problem of memory management only arises in gigantic software written in C.
>>
>>60058392
*if you are a pajeet.
>>
>>60061266
A lots of custom languages like specialized BASICs and Ada and custom shit and graphical shit and STL
>>
File: 1493115731871.jpg (133KB, 1440x1080px) Image search:
[Google]
133KB, 1440x1080px
>>60064296
>c11
>barely any changes from c99 apart from shitty bounds checking which everyone hates
>>
>>60058704
Are you a dirty fucking indian? Your english is shitty.
>>
>>60064690
true.
>>
>>60064800
C11 is actually vastly improved over C99, most important thing is anonymous structures and unions which are very helpful in emulation applications.
>>
>>60058392
wtf I hate C now
>>
The only way to combat Rust shills
Is to support Golang.
Because lets be honest: Golang > Rust
Its simplicity and stability trumps Rust every time. Rust changes all the fucking time, and it's a complex fucking language compared to simple, beautiful Go.
Golang was also invented by Rob fucking Pike.
>>
>>60064914
>Literally using a language built by google for retards
/g/ everybody
>>
>>60064924
Rob.
Fucking.
Pike.
>>
>>60064934
All I read was
>nigger
>nigger
>nigger
>>
>>60064914
Can some one post the github link where Golang got thoroughly BTFO upside down inside out?
>>
>>60064946
No because it doesn't exist lmao
>>
File: 1482099854291.png (365KB, 720x527px) Image search:
[Google]
365KB, 720x527px
>>60064946
https://github.com/ksimka/go-is-not-good
>>60064914
>The key point here is our programmers are Googlers, they’re not researchers. They’re typically, fairly young, fresh out of school, probably learned Java, maybe learned C or C++, probably learned Python. They’re not capable of understanding a brilliant language but we want to use them to build good software. So, the language that we give them has to be easy for them to understand and easy to adopt.
t. Rob Pike
Even Rob Pike calls you retarded for using Go
Look man, I actually think getting rid of that shitty ; at the end of the line is convenient but go is beyond redeemable
>>
>>60064983
>https://github.com/ksimka/go-is-not-good
fake
>>
>>
>>60064983
Oh boy
>>
File: 1484140204283.jpg (8KB, 180x180px) Image search:
[Google]
8KB, 180x180px
>>60064983
>https://github.com/ksimka
>click on "Repositories"
>click on "Sources"
>PHP
>JavaScript
Okay... apart from that, you can do a list like this about any language. Rust fanboys think their language is flawless because their CoC considers any sort of critizism harrasment.
>>
>>60065253
>>click on "Sources"
>>PHP
>>JavaScript
What are you trying to say here actually?
>>
>>60065269
Like getting investment advice from the bum living under the railroad bridge
>>
>>60064924
>/g/ everybody
Finally the proxyfag OP reveals that he isn't even from around here.
>>
>>60058392
>denial of service
wow it's literally fucking nothing
>>
File: 1492451501942.jpg (98KB, 1280x720px) Image search:
[Google]
98KB, 1280x720px
>>60065253
>language is flawless because their CoC considers any sort of critizism harrasment.
That makes so much sense
>>
File: autistic_sCreeching_remix.png (442KB, 3555x2198px) Image search:
[Google]
442KB, 3555x2198px
>>60058876
I improved your 11 month meme a bit.
Thread posts: 194
Thread images: 32
Thread images: 32