FreeBSD codebase diagnosed; 50+ potential memory exploits have been uncovered

>So you thought you can expect the so-called a well written C project in FreeBSD
You're confusing OpenBSD with FreeBSD
FreeBSD code quality has dived in the last 4 years, and they never really cared about code quality
Just use Ada, but a language will never be enough to protect people from retarded CS grads

>actually spending the time to type out an entire paragraph for your shitty bait

Those aren't problems. They are features that can be abused.

>50 possible memory exploits found in 23 year old operating system
ok
"exploit" doesnt mean "security vulnerability" either, some of these could be insanely specific and irrelevant.

...

Rust

Nobody uses FreeBSD, which means not many developers, which means more exploits. These anti-C cucks are really fucking retarded jesus

The fact that nobody uses FreeBSD actually means there should be less vulnerabilities, idiot

lolwat

>have small userbase
>have to still develop for new hardware
>>developer we have a shitty code base
>so? I don't have time to fix it
>50 exploits

>No one uses FreeBSD
>No new drivers
>No new requests
>No dead line
>Infinite amount of time to spend time on 40 y/o codebase

It's used by netflix and whatsapp

I believe it's really popular with nu-males honestly

gb2r/the_donald fucking newfag
FreeBSD has always been popular on servers and routers

What is that?

How much of a downgrade the transition is. Negative numbers account for the superiority factor.

What's a FreeBSD? I've never heard of it. Is it an important project?

How to find 56 potential vulnerabilities in FreeBSD code in one evening - viva64.com/en/b/0496/

FreeBSD was never secure and never will be.
Your best bet is either linux with grsec/PaX or OpenBSD.

...

Large number of false positives here, but that software sucks. It seems to detect false positives, but clearly not the actual ones, as every large project has vulns in them, MANY MORE THAN 56.

i don't understand the ban C meme

anyway i bet that one freebsd shill is scrambling for excuses now

It started at the same time as the paid rust shills started polluting /dpt/.
It will end once rust is dead, shouldn't take that long.

>c project fails
>Blame language
>Advocate outlawing programming language
>Advocate destruction of information, Nazi style

Wow you must be very dumb

>make shitty language
>blame programmers
>every minor bug becomes massive security hole
>NSA pays shills to shill for language
>whine on a Mongolian throat singing imageboard when your language starts plummeting in usage
kek, stay mad C-toddler

Found the web Pajeet.

>I want to claim that the c language is shitty
>I don't have evidence other than an example which does not isolate C as the problem
>Someone doesn't agree with my claim
>Might as well claim that the NSA pays all C programmers to shill
>Might as well claim that C programmers all go on Mongolian throat singing boards
>Might as well call anyone who disagrees with me a toddler

Keep crying pajeet

Is this how they hacked that other imageboard which used to be run by that guy in the rocket powered wheelchair?

you'd have to be a complete idiot to develop a C program that faces the web

C has its uses, and this is not one of them

linux is made by women and fat beta spergs, you really trust those cunts to write secure code? I don't.

when pajeet is the default response for everything you don't like it loses all meaning.

anytime someone uses pajeet on Sup Forums you can rest assured they're a complete idiot.

Hold on let me be a a Rustard except defending C instead of Rust
>name 1 flaw with C that isn't actually a feature
protip: you can't

learnbchs.org/

well as long as you don't let the user input anything its ok i guess

PHP

a dialect of lisp

No, he's just an idiot who thinks he's smart because he graduated mommy coder camp and learned some Java or JavaScript.

Pretty much this.

Nice meaningless graph faggot.

The problem with C isn't the design, it's that people care too much about performance and will sacrifice security by not including checks for undefined behavior.

Rust

Shoo, shoo, Go/Rust shill, go away

Seriously tho, if Go every fixes its reflection and ABI mess (which makes it now useless for any kind of systems programming), C is pretty much kill for good.

Rust is too much of a paradigm departure, might as well use Haskell instead.

>rust
rust still uses LLVM, which is part of the over optimization problem

>over optimization problem
What?

If you're talking about optimizations that break programs, only GCC does that.

No, LLVM does it to: blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
(the LLVM ir itself has a decent amount of undefined behavior)

I suppose it still beats C++ anytime, rust frontend is a bit faster, but llvm backend still nukes it.

It will now take 3 hours to compile a browser instead of 8. Thanks llvm!

See now you're not even arguing your point, you're just butthurt because an anonymous person on Sup Forums called you a pajeet

FORTRAN

Is there even a chance that they "fix" go to make it usable in systems programming? Something that dethrones C would be nice.

How about this? Would this be worth learning?
en.wikipedia.org/wiki/ATS_(programming_language)
ATS (Applied Type System) is a programming language designed to unify programming with formal specification. ATS has support for combining theorem proving with practical programming through the use of advanced type systems.[1] The performance of ATS has been demonstrated to be comparable to that of the C and C++ programming languages.[2] By using theorem proving and strict type checking, the compiler can detect and prove that its implemented functions are not susceptible to bugs such as division by zero, memory leaks, buffer overflow, and other forms of memory corruption by verifying pointer arithmetic and reference counting before the program compiles. Additionally, by using the integrated theorem-proving system of ATS (ATS/LF), the programmer may make use of static constructs that are intertwined with the operative code to prove that a function attains its specification.

Use Minix 3 micro-kernal with NetBSD.

>isn't infested with SJWs
>Rust

Coq
HOL
Why3
Boogie
Agda

C is never going away in Unix™ and Unix™-inspired OS's.

Make your own Rust OS if you want people to use it.

This, I suspect. It's annoying to work with, but for heavy number-crunching it's faster than just about anything else. Weather forecast models still use FORTRAN-based libraries for linear algebra-tier calculations (and it STILL takes hours to run the models) today.

>implying anyone bothers to fuzztest OpenBSD which has 2 types of users: Theo and his circlejerk crew

Only decent answer. Rest are stupid code monkeys.

Matthew Garrett wrote drivers in C while at Intel, and he is the biggest cuck SJW of them all.

t. fartfartfart

All meme languages.

and yahoo

>in the 80’s when security had 0 (ZERO) security concerns.
>security had zero security concerns
Stick to the script Pajeet, this freestyle shit isn't cutting it.

We've established already. C is just plain cancer. C programmers are either senile old faggots that cannot embrace technological advancement or just a neo Sup Forums hipsters that hasn't programmed anything substantial.

C's design has many flaws. Its compilers produce hundreds of undefined behaviors --in fact C is THE language of undefined behaviors imo

> writing DDR4 drivers in Rust

yey

>FreeBSD
>Good

At least try to put effort into your bait.

>writing drivers in a language with side effects
plebs

Side effects give good performance

we've been saying that for ages: freebsd is hot garbage

Anybody ever audited OpenBSD besides their own security team?

No. That's why it's the most "secure *BSD"

whenever someone does and finds something, they usually credit the person who found it in the CVS commit message

hi, are you the freebsdfag

I'm actually the KDE Shill

Here I was just about to take Dragonfly for a spin

well dfly forked off from freebsd 4, way before it became shit

oh, and i think the 2nd big remote exploit found in openbsd was also found by a third party

Numales uSE macos

macos is the very best desktop os and the very best unix workstation os

it's just nextstep with modern stuff and it kicks ass

you're just a poo who can't afford a loo

Oh you fool... With fire you can cook the perfect steak, or burn your house down. C is a tool just like any other. Used properly it creates perfection.

>it's cheaper to use existing pile of shit than develop new pile of shit
>therefore, existing pile of shit is better
no, that's not how it works.
legacy != quality.
it's called "the NOAA doesnt have enough money to port an existing codebase to newer languages", and it drives up costs as fortran programmers become scarcer and can charge more.
and knowing how much republicans fear discretionary spending, we won't be seeing funds to upgrade the systems anytime soon.

OP is a Rust faggot

now that multiple c to j.asm compilers exist, and of course any language really can do this. why not just move a javascript interpreter into the kernel and forget native code entirely

it's the most popular language with the most powerful modern oop opensource codebase.

portability would be solved forever and we can really do what we've been flirting with for years now, this is obviously what we need

browsers are the portal to 90% of average users programs, this can finally end this and make the computing world make sense.

Q1. Won't this be way slower than C or something?
WRONG! asm.js is approaching C speeds even with little investment being done so far, infact C compiled into asm.js is actually faster than Clang compiled code for box2d game engine.
Source: hacks.mozilla.org/2013/12/gap-between-asm-js-and-native-performance-gets-even-narrower-with-float32-optimizations/

Q2. what about vm overhead! it can never truly be as fast!
WRONG!. Infact according to a study by Microsoft a shift to virtual memory protection instead of hardware based irq we can increase speed by 25 - 40%
using a conservative 80-90% vm overhead we can actually gain a modest speed increase with our new kernal j.asm interpreter
source: research.cs.wisc.edu/areas/os/Seminar/schedules/papers/Deconstructing_Process_Isolation_final.pdf

Q3. Won't this be insecure!
WRONG! how often does javascript break out of sandbox today? Anyway. libcurl is written in one of the most insecure and outadted languates ever C, with no garbage collection and shitty manual memory management its practically a joke in the security world; yet libcurl is constantly and exhaustively searched for issues and therefore remains relevant even now
source: daniel.haxx.se/blog/2017/03/27/curl-is-c/

so Sup Forums, is it time to dump native code and move everything to the worlds most popular language?
I say yes

>and move everything to the worlds most popular language?
But, user, there are already 3 billion devices running Java, why we want 3 billion more?

>no other language has any kind of bug whatsoever
kys

kek'd hard, mr. stallman

Go write easy hardware interfacing code in Java or whatever high profile language you want

Calm down Pajeet.
Don't take the insults personally, this is Sup Forums after all.
Just kindly calm down, and listen to advice to poo in loo, and you'll be gold

Go is garbage collected so it will never replace C
It's not possible they could get rid of it while still having pointers though. Pointers without garbage collection can lead to dangling pointers.
Go's solution to this issue is garbage collection (which inevitably slows the language down a fuck ton)
Rust's is to have "unsafe blocks" which sort of defeats the purpose of using the language in the first place. But at least it's faster.

OpenBSD is widely deployed in government routers and mail servers, people do bother to fuzztest it
Anyways, that's not the point, the point is that the FreeBSD team isn't autistic about code quality

Funny, a third of Apple's engineers are Indians and they keep opening campuses in India

except nazis only destroyed jewish books that promoted degeneracy that you love very much

>wat is trusted computing
>wat is FIPS
>wat is hw routing

Do you seriously think an OS that implements a syscall wrapper, which has proven to be inherently insecure, refuses to comply to government standards for a secure OS, does not have a FIPS compliant implementation of TLS, has no notion of confinement of applications, is outright giant locked all the way through, including the firewall, has no means to get a packet into userspace fast enough and outright starves the NIC of buffers because the kernel is too fucking slow to handle it is run in government institutions? user pls.

Isn't FreeBSD the only OS without ASLR in 2017?

> literally no IDE
> ass toolkit
> no cross platform GUI for it
> no ready-to-use implementations like Java/Python/Ruby/Perl/C#/C++ or any other normal languages has

It just fucking sucks mate.
Yeah, fizz-buzz is so fucking better in it, oh my god you cream your pants. For anything else it's pure shit.

False.
hardenedbsd.org/

It is not mainstream though.
See the "official reply": marc.info/?l=freebsd-security&m=145754056512200&w=2