ITT: Software redflags

Screenshotting your own posts is pathetic

Got any argument left? No? Thought so

There you go, a C apologist. C apologists are NSA shills plain and simple. Rust makes it harder to produce vulnerable programs as it actually implements safety precautions like Bounds checking, dangling pointer prevention, data race prevention, lifetimes etc. This is against the interest of the NSA and so they are shilling C so that people continue to produce exploit prone, unsafe and vulnerable programs.

Ignore the NSA/C shills. Programming in C should be banned and outlawed.
Say no to security exploits, say no to the NSA. Your data and your privacy is worth preserving.

>Programming in C should be banned and outlawed.
What business do you think the government has regulating what languages people are and aren't allowed to use in writing programs?

If the government is trying to ban encryption they should ban C too.

The arguments were in the 300 posts you didn't include in your screenshot you mong :^)

Seriously, at this point, the business of national defense.

China, Russia, and others are seriously fucking US economy and defense interests through cyber espionage and C/C++ makes the attack surface way larger than it'd be if everyone used safe(r) languages.

The government should not be allowed to ban encryption either. We should oppose them at every instance in their attempts to regulate the software industry and the Internet.

>2017
>double free
hahaha
bugzilla.redhat.com/show_bug.cgi?id=1428319

Amazingly, there are NSA shills that will defend THIS

>written in Java or adobe flash
>windows exclusive
>free but closed source

>fags UNIRONICALLY replying frogposting
>fucking frogposting in 2017

Do the world a favour and cut your neck you fucking retards.

>national defense
You know they use C++ in the F-35, right? Do you want to tell the military "you just spent a trillion dollars on a fighter jet, and by the way, you're no longer allowed to use the software you're using to control it now."

Lockhead uses C++ too, the templates are so broken they banned the usage of templates within the company by themselves.

I wouldn't write a system for a nuclear powerplant in C, not ever.

It uses a google captcha for authentication

>tfw your jet gets hacked out of the sky

Not only does the F-35 use C/C++, but so does the computer that the source code and other system details are on.

So now the Chinese guaranteed have a copy of the F-35's computer systems and are trying to figure out how to buffer overflow its RADAR systems and shit.

>I wouldn't write a system for a nuclear powerplant in C, not ever.
Maybe because you never had any training in safe and secure software.

Military and Nuclear facilities have verified compilers and verify their code significantly better than any civil institution.

Things still slipped through, but *save* languages wouldn't prevent replacing /10 with * 0.1 since that's a logic error.

>the templates are so broken they banned the usage of templates within the company by themselves.
Funny, templates are one of the most powerful tools in C++'s arsenal. You just have to not be a complete retard.

>I wouldn't write a system for a nuclear powerplant in C, not ever.
Right, but what about modern C++?

>Things still slipped through, but *save* languages wouldn't prevent replacing /10 with * 0.1 since that's a logic error.
what?

>open source
every schmuck 19 yr old russian can see the code and its flaws to exploit them

Ever heard of the patriot missile bug?
That happened because someone thought it was smart to replace a division with a multiplication on floats, since that's faster.
But we can't store 0.1 in floats, so that bug reduced the accuracy of the operation and things went out of the specified conditions.

It's not about making a perfectly safe language, it's about reducing your attack surface.

Oh, yes. I'm going to make logic errors anyways, so let's just go ahead and double+ the number of exploits in my system because I choose to use C/C++.

It is incredibly easy to not buffer overflow in C++.

Can someone explain to me what security means ? I've been coding in C for 6 years.

Great, you followed best practices.

Now how about the literally thousands of other subtle mistakes that can be made in C++ that will just get flatly rejected in Rust and other safer languages?

you just test your code

If you are thinking about nuclear or the F35 example and think that transforming security into safety problems you don't have any idea what the problem is.

see pic

>missile bug
doesn't sound very pleasing.

they already have a hardware backdoor in your PC anyway

It means that you can throw stupid inputs at the program all day, and you still manage to maintain:

Confidentiality
Integrity
Accessibility

>doesn't sound very pleasing.
It wasn't. The system misjudged by a couple hundred meters and failed to destroy a missile.

Just a nice little example of logic errors that are stupidly embedded into how our hardware works and no system currently catches in a static way.

>we can't store 0.1 in floats
Please tell me more. I am curious
import std.stdio;

void main(string[] args)
{
float x = (2.9*0.1);
writeln(x);
}

> 0.29

>t. Java Toddler

people who are using templates for """template metaprogramming""" are insane

Ty.

Isn't it linked to networking as well ?
Because if a user wants to crash his program by sending inane inputs, what is the problem ?

>t. C toddler

Getting lucky with your rounding, great fucking shit.
Unless you are able to show that it works for EVERY input you showed nothing.

Did you check which format that 0.1 is stored in? And if the compiler re-optimizes it to a /10 because it considers that as "better"?

>back in the 70's
>300 MHz processor with 64MiB RAM
>"MiB"
You have to be 18 or over to post on this web site.

Whoo one fucking testcase works. Great shit, stop the presses, math was proving wrong.

Check ieee754. If you are using floats, 0.1 is not a possibly accurate value (unless you have infinite memory, but that's not specified in 754 either way).

>Got any argument left? No? Thought so
did you really screenshot your own post?

>he thinks rounding issues are limited to C
>and not inherent to floating point arithmetic

This

>Hurr of course it's safe everyone can see the source so leaks are always fixed
Yeah no. No one is going to sift through piles of spaghetti code for hundreds of thousands of programs

you can find bugs in closed-source programs as well

Permanent reminder
Can you give me more test cases?

>hur durr let's just rephrase the arugment so that I can continue believing there's no reason to use Rust and other safe(r) languages and their ability to eliminate whole classes of bugs, including the sort of bugs that allowed the heartbleed exploit.

testing your code isn't a complete solution, though

are you retarded? what kind of twisted logic is this?
by usinh Rust, you just eliminated whole classes of security problems... what, you think C code magically lacks logic mistakes simply because it may have OTHER vulns?

You do realize you don't fit into the thead, right?

That's called mental gymnastics, NSA/C shills are good at it

>>written in meme language
>>le ebin html ui xD

Do you by chance want to direct that to the other people not getting the problem?

It's an IEEE754 problem here, not even really rounding, but limited accuracy.
Rounding is even more fun, but can be predicted since, you never guess, it's deterministic.

> Hurr durr the bad guys will sift through all that shit and no good guy ever will
The quality of opening source hinges on the work put into it from either side.

> Hurr durr let's ignore that safety is actually a problem and so called "save languages" do little work to actually be save, but only transform problems from security into savety
You don't prevent bug classes, you transform them from security relevant to safety relevant.
Which is good for things like webservers and home users, but nuclear plants, rockets, military don't value one over the other much, since both are catastrophic.

Nobody in the 70's had a 300 MHz processor or 64MB of RAM you diaper wearing faggot. The Cray 1, the fastest supercomputer from 1976 to 1982, ran at 80 MHz and had 8MB of RAM.

And 'MiB' wasn't a thing until the 2000's. I'm sure it existed before then, but NOBODY in the industry used it.

>'MiB' wasn't a thing until the 2000's
really made me think

what are you even doing here?

Similar to pic related is being done against C to push Rusts' agenda

Back to autistic neckbeard.

tedunangst.com/flak/post/heartbleed-in-rust
>Lets use a language that doesn't have a standard and almost no support.
You can write safe C code, and there have been plenty of other safe languages you could use before using something that isn't even ready yet.

>, I’m surprised how many focused on the private keys to the exclusion of everything else. Even with Yahoo’s private key, I wasn’t in a position to intercept their traffic. But usernames and session cookies? Those I could use from anywhere. Or SMTP. Many connections are upgraded with STARTTLS, but without authentication. Anyone in the position to execute a MITM with a stolen key could simply strip TLS. Heartbleed, however, allowed people from around the world to read any email I had recently received.

>Interestingly, despite the obvious parallels to Heartbleed, the recent X server XkbSetGeometry info leak is probably a better example of a bug that rust would have prevented

>For further reading, the JetLeak vuln in Jetty is practically identical to Heartbleed, except it occurred in Java, a nominally memory safe language.

One might also consider one of the bugs CloudFlare found in their Go DNS code. “The catch was that our ‘pack and send’ code pools []byte buffers to reduce GC and allocation churn, so buffers passed to dns.msg.PackBuffer(buf []byte) can be ‘dirty’ from previous uses.” Oops.

Tony took another look at Would Rust have prevented Heartbleed?. I think it’s a good post, summarizing the issue and clearly breaking down the difference between Heartbleed and “Tedbleed”. But again with the private key fixation. Worst case scenario for Tedbleed is “An attacker can recover arbitrary plaintexts from encrypted traffic”. I don’t think it gets much worse than that. I certainly don’t agree that Heartbleed is “a lot worse” than that.

>Comments are disabled
hmm

Anything by:
>autodesk
>Microsoft
>apple
>adobe
>canonical
>linux foundation

Programming in Rust means trusting other people for your programs security. No thanks I'll check my own pointers tyvm.

retard
retard
writeln rounds to 6 decimal digits. try
writefln("%.50f\n%.50f", 0.1f, 2.9*0.1);

note that 2.9*0.1 is evaluated with double precision

Double precision floating point is still a floating point and subject to the underlying mathematical problem that 0.1 can not be represented in finite memory with the used encoding.

>writeln rounds to 6 decimal digits. try
Explains a lot actually

No one prevents you from checking your own pointers in Rust, and it gives you extra security features on top of that. What a shitty analogy. Stop spreading superficial FUDs

This is not why that happened, it was a discrepancy between the hardware clock and how the software was sorting the floats. There was a nontrivial error introduced if the systems weren't reset every two days.
>Idiot grunts didn't reset the system
Additionally they were using old hardware from old rockets due to budget shortfalls

Since it was not an analogy sure it was a pretty shitty one.
Literally nothing Rust provides cannot easily be done in C. Some people like having their hand held. It's fine you don't need to be so defensive.

In the 70s 300Mhz and 64MiB ram would be considered imaginary godhood.

Even with a 4mhz processor and 64KiB ram people were like "WHAT THE HELL ARE WE SUPPOSED TO DO WITH ALL OF THIS"

>Rust provides cannot easily be done in C
Not rust, there are many things C doesn't provide. Modules, Generics, Error handling, lambdas, actual metaprogramming and the list goes on.

Also by your logic writing C means you are trusting your security with the compilers other people wrote. Go being a brain dead idiot somewhere else

>hur durr let's take a bug in a 30 year old software projects disregarding all programming best practice and shift the blame on the programming language

>a bug
>30 y/o
C was a mistake

>desktop app
>powered by java

guaranteed memory leaks combined with 2GB ram usage at minimum.

Go choke on a dick, SJW. There is your hearbleed in Rust:
struct OpenSSLShit {
// Don't use Vec here, we can't afford these allocations
// because we need speed and shit
buffer: *const u8,
}

>b-but this would never happen in a 30 year old Rust project with a trillion lines of code written by old guys and some undergrad students because they will stick to programming best practice

This shows how two faced all of your security comparisons are.

Do you know what heartbleed bug is you fucking low IQ dipshit C.uck?

Holy shit Rust faggot BTFO'd. Maybe now he will fuck off for good.

>but muh language safety!

anything that requires vmware is a backdoor
installing programs made by some rando @ his moms basement is a nono. backdoors/trojans.

>software is proprietary
Oh so you mean I don't own it? Yes good.

NEEEXT

>he doesn't use millions of external tools that will validate C at code level and during runtime, provide memory safety and protect against UB and security exploits to a level incomprehesible to an average rust evangelical strikeforce member, because C had decades to create and perfect such tools, while rust is still useless for anything else than masturbating about muh memory safety

This

>developer only publishes linux and mac releases even though source compiles fine on windows

"compiles" isn't really the same as "works well". even if test suite passes there may be strange corner cases on windows. dev may simply say windows is not officially suported, so you'll be on your own if shit happens, it's his right.
also when you have the sources, binary packages are just a convenience frrom the developer.

>he thinks those tools will catch all the bugs
the task of an exploit developer is to bypass those shitty tools/security measures...

also, protip: they won't tell you about your bugs, because an exploitable bug means $$$

Half the military would jump at the chance to drop the F-35. It's an overpriced piece of shit that congress and the security companies are trying to force them to adopt.

I program systems with 32KB of memory running at 20MHz. Tell me why I shouldn't use C.

context is important, m8

Nigger you can't write an OS with Python, JS, or your meme Java language.

Also
>programmer does stupid thing
>HURR DURR ITS THE LANGUAGE'S FAULT
kys retard, bet you're just a CS undergrad.

my man

> I wouldn't write a system for a nuclear powerplant in C, not ever.
What would you write it on?

COBOL

just use node.js dude.

>Writing a system that needs to be restarted every 2 days

>using the smiley with a carat nose

>Using JavaScript
>It's not for a website

C was a mistake

Oh ok you should have said you've never programmed before in your life, then I would have known to just ignore your stupid ass.