Ban C

C has gifted us yet another 10/10 security exploit.
(((CVE-2017-8890))) The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

This exploit has scored 10/10 CVSS score. Exploit does not require authentication, confidentiality impact is high.

github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a

>What caused this
A fucking double free in the year of 2017

>Prevention
Ban and outlaw C programming all round the globe. C is not safe enough for the current digital life style. Remember when C was invented half a century ago, safety was NONE of it's concern.

Use modern languages that prevents double free, use Rust or Ada. Ignore C jews and NSA shills. Your privacy and your security is worth protecting.

Other urls found in this thread:

esr.ibiblio.org/?p=7516
twitter.com/NSFWRedditGif

sure when somebody makes a good language to replace it

>le ban C maymay XDDDDDDDDDD
>>>/reddit/
Sage, report and hide.

If you care about speed, you do it in either assembly or in C. And since C compilers write assembly better than 99% of programmers, you plain just do it in C.
High level / "safe" languages are typically dynamic or have runtime resolution of some sort and therefore making it slow. I bet you're the type to think that pointers are unsafe, too.

Rust doesn't have this problem

>Ownership
The compiler uses an affine type system to track the ownership of each value: a value can only be used at most once, after which the compiler refuses to use it again.
fn main() {
let original = "Hello, World!".to_string();
let other = original;
println!("{}", original);
}

yields an error:
4:20: 4:28 error: use of moved value: `original` [E0382]
4 println!("{}", original);
^~~~~~~~

This, notably, prevents the dreaded double-free regularly encountered in C or C++ (prior to smart pointers).

>Borrowing
The illumination that comes from Rust is that memory issues occur when one mixes aliasing and mutability: that is, when a single piece of memory is accessible through multiple paths and it is mutated (or moved away) leaving behind dangling pointers.

The core tenet of borrow checking is therefore: Mutability XOR Aliasing. It's similar to a Read-Write Lock, in principle.

This means requires that the Rust compiler tracks aliasing information, for which it uses the lifetime annotations (those 'a in &'a var) to connect the lifetime of references and the value they refer to together.

A value is borrowed if someone has a reference to it or INTO it (for example, a reference to a field of a struct or to an element of a collection). A borrowed value cannot be moved.

>Mutability (without aliasing)
You can obtain only a single mutable reference (&mut T) into a given value at any time, and no immutable reference into this value may exist at the same time; it guarantees that you have exclusive access to this tidbit of memory and thus you can safely mutate it.

Don't bother replying to him, these kind of threads are made by Rust shills, they'll just reply with more memes.

We've reached the point where we are not restricted by hardware anymore. 8 cores 16 threads are the new norm. You should notice:

Computers are enormously quicker but software development is not faster.
Dependency management is a big part of software development today but the “header files” of languages in the C tradition are antithetical to clean dependency analysis—and fast compilation.
There is a growing rebellion against cumbersome type systems like those of Java and C++, pushing people towards dynamically typed languages such as Python and JavaScript.
Some fundamental concepts such as garbage collection and parallel computation are not well supported by popular systems languages.
The emergence of multicore computers has generated worry and confusion.

>We've reached the point where we are not restricted by hardware anymore
What a retard. I write programs that routinely grind the fuck out of the current hardware. Fucking game shitters.

Write good programs then

>This mad

>Computers are enormously quicker but software development is not faster.
I've also noticed that computers are enormously faster, but software is not faster. That's because of people like you.

Good post. user. Thanks. I'm not into programming but if I am I'll definitely look into Rust

>but software is not faster.
Back in the 80's, people used to write CLI programs, which were not resource intensive. GUI applications are more costly and thus you feel that difference. What remained from the 80's style computing is the practice of unsafe programming.

>The compiler uses an affine type system to track the ownership of each value: a value can only be used at most once, after which the compiler refuses to use it again.
Which is also why rusffags always use the latest nightly Rust builds, so that they can use the latest and greatest (((unsafe))) features, so they can actually use their shitty language for anything more advanced the Hello World.

In case you hadn't noticed, GUIs have been ubiquitous since the 90s.

And those were slow

these are my favorite threads

Not slower than today's GUIs.

That's because todays hardware are faster

That should mean that the old GUIs should be slower.

No, the current hardware makes up for it

>Use rust
Nice sjw shilling, heck we could go even further and use nodejs or electron

lol, this. I can't way for Rust to take over just to see all the new CVEs constantly found in unsafe blocks written by people who thought rust would be safe.

I'd rather not have kernel level security exploit than your confliction of philosophical stand point

If hardware has become faster, the programs running on it should also run faster. The fact that they don't means that software has become slower. Because of people like you.

?

we'll ban C if you rewrite the whole kernel first or give bajillion of dollars to fund it. bear in mind that I'll have to review the code so you better get to it

t. linus torvalds

>implying you know shit about application performance

I'll bet this user loves Electron apps

Top quality argument 10/10 really made me think

Linux is a C purist kernel (project philosophy), you can't rewrite Linux in other languages

>SJWust
kys

So where is your argument?

servo is now on rust stable, so you don't know at all what you are talking about

fuck off commie scum

So all you got is:
>kys
>SJW
>Commie scum etc.

Are you so upset that you have lost your clear mind? Or are you trying to fit into the thread and look cool?

Every layer of abstraction eliminates a decade of CPU advances. And multiple cores won't help here at all.

watch me

Elaborate. Also, things like macros aren't really big of an abstractions

you don't judge a programmer by their opinions, only their code

you are fucking terrible with your algorithms then you dumbass

How hypocritical.

Why is that hypocritical? And why is a little bit of hypocrisy bad? Everyone one is hypocrite

>Every layer of abstraction eliminates a decade of CPU advances
LOL you don't understand zero cost abstractions

esr.ibiblio.org/?p=7516

>Rust toddlers need IDEs to fix their syntax errors
>Rust toddlers need compilers to fix their logic errors
>Rust togglers need languages to collect their garbage

I'm actually pretty good. You just have no idea what you're talking about.

>thinking I write "apps" or "games"

fuck off commie scum.

every line of code you write in Rust destroys white peopluation.

>IDE is bad
hmmm, I wonder how old you are

Is this false-flagging? kek

>integrated DESIGNATED environments

The SJWs who push for Rust don't judge by the code alone, so it's pretty hypocritical of them to demand that. Do I really have to spell it out to you, you tumblrina?

My philosophy is tit for tat.

>t. Go bootcamp kiddie

It's ok. Linux being free and open source means there are a million eyes looking for this sort of thing so it would be immediately found out and patched when it was first introduced 25 years ago.

A good compiler and a good IDE is what you need if you are developing anything but fizzbuzz. Also, Rust is not garbage collected. Learn and educate yourself, neo-Sup Forums

Now that's edgy

The problem is not in Linux, the problem is in C

Like what faggot? I'd like to hear about the hard core programs that you C retards claim to write.

>neo-Sup Forums
t. /r/unixporn

I'd say you are 15~16

OS adds a huge overhead(you could see examples even in Terry's videos, where his scheduler was 3 orders of magnitudes faster than Linux's). Language itself introduces overheads. Then there are languages for VMs. About 30% percent of CPU time is spent on dereferencing pointers. Macros are just code transformations, so really no big deal here, but they can inflate the resulting code.

But it's open source. Open source is free of exploits.

>Linux
>Secure
Pick one. Now that grsec is effectively closed source (prove me wrong and post patches, faggots) it has worse security than Windows 10.

Languages like Rust are for autists. It's time to move on to C#.

Give me a single reason C# can't fulfill all of your programming needs.

Physics simulations.

So some overheads are not avoidable? Who knew?
Nothing to do with source being open or not
It's fixed already, idiot

>Slower than Java
kek

GRsecurity is mostly placebo

Who cares? Performance is good enough with modern hardware.

Look at Android. It gets slower and slower every year, but as mobile hardware becomes more and more powerful, effective performance remains unaffected.

>Slower than Android apps
kek

Human garbage like you should be collected

Microsoft Windows doesn't have this problem.

>every line of code you write in Rust destroys white peopluation.
HAHAHAHAHA

They are free to do that, it has no effect on the language's usability or the code they produce. I don't care about what their opinions are.

Microsoft Windows has tons of other problems. Like that one bug that lets hackers encrypt HDDs and wants ransom :^)

>It's fixed already, idiot
lel, like how the exploits in Windows were already fixed before WannaCry was a thing. How many of these silly Linux CVEs need to pop up before you dumb niggers realize that it's a swiss cheese operating system with more holes than a beehive?

You do realize that you are in the wrong thread, right?

Only on unupdated systems ;^^^^)

Sounds like you are a shitty programmer then. Most shit are done with high level languages calling libraries when needed. You are probably trying to reinvent the wheel and failing at it at the same time.

>Rust
into the trash it goes

>It gets slower and slower every year
Ugh, no. You probably meant iOS.

>How many of these silly Linux CVEs need to pop up
Eh? The source being open, many more researchers are actually reviewing the code. Linux is getting more secure one CVE at a time. Where as windows...
Even google gets fed up that MS is not patching the exploits and publishes them to the public.

Linux fixes CVEs, Windows hoards CVEs until someone finds it out

That's good, I'd rather not waste 4 hours a day updating system

t. retard

Very well thought out post user. It's very well structured and consists of properly backed arguments that one cannot refute. Perfectly appealing for Sup Forums

This fallacy again
If the source is always open, why the fuck so many vulnerabilities appear so often? Are lintards utterly incompetent?

>Linux
>getting more secure
At the rate they keep adding "features" and shit to it, no it isn't.

>If the source is always open, why the fuck so many vulnerabilities appear so often?
Because people are studying and finding exploits? Is it too hard to understand?

Little to do with C, everything to do with monolithic design.

As long as the kernel is basically megabytes of object code running in supervisor mode, bugs like this will keep popping up. You simply can't make something that big bug-free.

This is ignoring Linus doesn't give a fuck about security. Best workaround until serious OSs based on seL4 such as Genode are ready for general use is to do what all "masturbating monkeys" (Linus dixit) do. Run Openbsd.

user, you DO realize you are in the wrong thread, right?
You DO realize this thread is for autistic programmers, right?

Have you ever felt you don't belong somewhere before?
Now is the time.

>>Rust toddlers need IDEs to fix their syntax errors
I don't use an IDE.

>>Rust toddlers need compilers to fix their logic errors
And apparently C fags could use that too.

>>Rust togglers need languages to collect their garbage
Fucking retard, Rust doesn't have a GC, it uses RAII like C++ does.

>Is it too hard to understand?
just give up, the level of intelligence of Sup Forums is somewhere between Sup Forums and Sup Forums. Whether Sup Forums or Sup Forums is smarter I don't know.

True

And what is stopping the NSA from finding these exploits before you lincucks and not telling anyone?

Give me a single reason why brainfuck can't fulfill all of your programming needs.

How is that any different to windows, you dumb faggot. Just go back to your graphics card thread.

> Are lintards utterly incompetent?
I'd say they're a mixture of the best programmers various companies have, and then also more average ones from many other companies.

Do you think we have more competent programmers stashed away somewhere?

>somewhere between Sup Forums and Sup Forums

You have absolutely no idea what you're talking about.

There is no Rust IDE yet you retard.

NSA finds exploits tells no one. (They also buy backdoors from MS too and MS keeps it alive until contract finishes)
NSA and other people finds exploits in Linux and other people post CVEs

>How is that any different to windows, you dumb faggot
exactly, how is open source any different than windows?

You keep telling yourself that.

Maybe when you grow up, you can learn efficient problem solving and not fail at optimizing things in C when it is not needed. I bet your projects are a cesspool of shitty code. Have fun with them