C has gifted us yet another 10/10 security exploit. (((CVE-2017-8890))) The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
This exploit has scored 10/10 CVSS score. Exploit does not require authentication, confidentiality impact is high.
>What caused this A fucking double free in the year of 2017
>Prevention Ban and outlaw C programming all round the globe. C is not safe enough for the current digital life style. Remember when C was invented half a century ago, safety was NONE of it's concern.
Use modern languages that prevents double free, use Rust or Ada. Ignore C jews and NSA shills. Your privacy and your security is worth protecting.
sure when somebody makes a good language to replace it
Blake Hall
>le ban C maymay XDDDDDDDDDD >>>/reddit/ Sage, report and hide.
Zachary King
If you care about speed, you do it in either assembly or in C. And since C compilers write assembly better than 99% of programmers, you plain just do it in C. High level / "safe" languages are typically dynamic or have runtime resolution of some sort and therefore making it slow. I bet you're the type to think that pointers are unsafe, too.
Angel Ortiz
Rust doesn't have this problem
>Ownership The compiler uses an affine type system to track the ownership of each value: a value can only be used at most once, after which the compiler refuses to use it again. fn main() { let original = "Hello, World!".to_string(); let other = original; println!("{}", original); }
yields an error: 4:20: 4:28 error: use of moved value: `original` [E0382] 4 println!("{}", original); ^~~~~~~~
This, notably, prevents the dreaded double-free regularly encountered in C or C++ (prior to smart pointers).
>Borrowing The illumination that comes from Rust is that memory issues occur when one mixes aliasing and mutability: that is, when a single piece of memory is accessible through multiple paths and it is mutated (or moved away) leaving behind dangling pointers.
The core tenet of borrow checking is therefore: Mutability XOR Aliasing. It's similar to a Read-Write Lock, in principle.
This means requires that the Rust compiler tracks aliasing information, for which it uses the lifetime annotations (those 'a in &'a var) to connect the lifetime of references and the value they refer to together.
A value is borrowed if someone has a reference to it or INTO it (for example, a reference to a field of a struct or to an element of a collection). A borrowed value cannot be moved.
>Mutability (without aliasing) You can obtain only a single mutable reference (&mut T) into a given value at any time, and no immutable reference into this value may exist at the same time; it guarantees that you have exclusive access to this tidbit of memory and thus you can safely mutate it.
Easton Walker
Don't bother replying to him, these kind of threads are made by Rust shills, they'll just reply with more memes.
Nathaniel Lopez
We've reached the point where we are not restricted by hardware anymore. 8 cores 16 threads are the new norm. You should notice:
Computers are enormously quicker but software development is not faster. Dependency management is a big part of software development today but the “header files” of languages in the C tradition are antithetical to clean dependency analysis—and fast compilation. There is a growing rebellion against cumbersome type systems like those of Java and C++, pushing people towards dynamically typed languages such as Python and JavaScript. Some fundamental concepts such as garbage collection and parallel computation are not well supported by popular systems languages. The emergence of multicore computers has generated worry and confusion.
Jordan Cook
>We've reached the point where we are not restricted by hardware anymore What a retard. I write programs that routinely grind the fuck out of the current hardware. Fucking game shitters.
Liam Bell
Write good programs then
Nolan White
>This mad
William Wood
>Computers are enormously quicker but software development is not faster. I've also noticed that computers are enormously faster, but software is not faster. That's because of people like you.
Angel Ward
Good post. user. Thanks. I'm not into programming but if I am I'll definitely look into Rust
Ryder Morris
>but software is not faster. Back in the 80's, people used to write CLI programs, which were not resource intensive. GUI applications are more costly and thus you feel that difference. What remained from the 80's style computing is the practice of unsafe programming.
Parker Ortiz
>The compiler uses an affine type system to track the ownership of each value: a value can only be used at most once, after which the compiler refuses to use it again. Which is also why rusffags always use the latest nightly Rust builds, so that they can use the latest and greatest (((unsafe))) features, so they can actually use their shitty language for anything more advanced the Hello World.
Levi Brooks
In case you hadn't noticed, GUIs have been ubiquitous since the 90s.
Jace Smith
And those were slow
Michael Adams
these are my favorite threads
Kayden Powell
Not slower than today's GUIs.
Brandon Rogers
That's because todays hardware are faster
Ryder Moore
That should mean that the old GUIs should be slower.
Christopher Evans
No, the current hardware makes up for it
Aiden Jones
>Use rust Nice sjw shilling, heck we could go even further and use nodejs or electron
Connor Sullivan
lol, this. I can't way for Rust to take over just to see all the new CVEs constantly found in unsafe blocks written by people who thought rust would be safe.
Thomas Cox
I'd rather not have kernel level security exploit than your confliction of philosophical stand point
Ian Smith
If hardware has become faster, the programs running on it should also run faster. The fact that they don't means that software has become slower. Because of people like you.
Owen Richardson
?
Nathaniel Howard
we'll ban C if you rewrite the whole kernel first or give bajillion of dollars to fund it. bear in mind that I'll have to review the code so you better get to it
t. linus torvalds
Xavier Wright
>implying you know shit about application performance
I'll bet this user loves Electron apps
Ian Howard
Top quality argument 10/10 really made me think
Gabriel Moore
Linux is a C purist kernel (project philosophy), you can't rewrite Linux in other languages
Angel Johnson
>SJWust kys
Owen Martinez
So where is your argument?
Easton Wilson
servo is now on rust stable, so you don't know at all what you are talking about
Nathan Jenkins
fuck off commie scum
Ryan Lopez
So all you got is: >kys >SJW >Commie scum etc.
Are you so upset that you have lost your clear mind? Or are you trying to fit into the thread and look cool?
Owen White
Every layer of abstraction eliminates a decade of CPU advances. And multiple cores won't help here at all.
Carter Richardson
watch me
Henry Parker
Elaborate. Also, things like macros aren't really big of an abstractions
William Allen
you don't judge a programmer by their opinions, only their code
Samuel Stewart
you are fucking terrible with your algorithms then you dumbass
Aaron Long
How hypocritical.
Liam Howard
Why is that hypocritical? And why is a little bit of hypocrisy bad? Everyone one is hypocrite
Kevin Davis
>Every layer of abstraction eliminates a decade of CPU advances LOL you don't understand zero cost abstractions
>Rust toddlers need IDEs to fix their syntax errors >Rust toddlers need compilers to fix their logic errors >Rust togglers need languages to collect their garbage
Christian Adams
I'm actually pretty good. You just have no idea what you're talking about.
>thinking I write "apps" or "games"
Robert Ward
fuck off commie scum.
every line of code you write in Rust destroys white peopluation.
Kayden Bell
>IDE is bad hmmm, I wonder how old you are
Brody Hernandez
Is this false-flagging? kek
Michael Brooks
>integrated DESIGNATED environments
Kayden Rogers
The SJWs who push for Rust don't judge by the code alone, so it's pretty hypocritical of them to demand that. Do I really have to spell it out to you, you tumblrina?
My philosophy is tit for tat.
Brandon Allen
>t. Go bootcamp kiddie
Sebastian White
It's ok. Linux being free and open source means there are a million eyes looking for this sort of thing so it would be immediately found out and patched when it was first introduced 25 years ago.
Isaac Lee
A good compiler and a good IDE is what you need if you are developing anything but fizzbuzz. Also, Rust is not garbage collected. Learn and educate yourself, neo-Sup Forums
Colton Bennett
Now that's edgy
Thomas Baker
The problem is not in Linux, the problem is in C
Angel Bennett
Like what faggot? I'd like to hear about the hard core programs that you C retards claim to write.
Thomas Wright
>neo-Sup Forums t. /r/unixporn
Jonathan Howard
I'd say you are 15~16
Xavier Cook
OS adds a huge overhead(you could see examples even in Terry's videos, where his scheduler was 3 orders of magnitudes faster than Linux's). Language itself introduces overheads. Then there are languages for VMs. About 30% percent of CPU time is spent on dereferencing pointers. Macros are just code transformations, so really no big deal here, but they can inflate the resulting code.
James Diaz
But it's open source. Open source is free of exploits.
Aaron Scott
>Linux >Secure Pick one. Now that grsec is effectively closed source (prove me wrong and post patches, faggots) it has worse security than Windows 10.
Carter Roberts
Languages like Rust are for autists. It's time to move on to C#.
Give me a single reason C# can't fulfill all of your programming needs.
Joseph Parker
Physics simulations.
Nathan Morris
So some overheads are not avoidable? Who knew? Nothing to do with source being open or not It's fixed already, idiot
Jason Kelly
>Slower than Java kek
Caleb Fisher
GRsecurity is mostly placebo
Jaxon Hernandez
Who cares? Performance is good enough with modern hardware.
Look at Android. It gets slower and slower every year, but as mobile hardware becomes more and more powerful, effective performance remains unaffected.
Aiden Foster
>Slower than Android apps kek
Leo Kelly
Human garbage like you should be collected
Easton Cox
Microsoft Windows doesn't have this problem.
Leo Gonzalez
>every line of code you write in Rust destroys white peopluation. HAHAHAHAHA
They are free to do that, it has no effect on the language's usability or the code they produce. I don't care about what their opinions are.
Landon Young
Microsoft Windows has tons of other problems. Like that one bug that lets hackers encrypt HDDs and wants ransom :^)
Nolan Smith
>It's fixed already, idiot lel, like how the exploits in Windows were already fixed before WannaCry was a thing. How many of these silly Linux CVEs need to pop up before you dumb niggers realize that it's a swiss cheese operating system with more holes than a beehive?
Levi Scott
You do realize that you are in the wrong thread, right?
Grayson Garcia
Only on unupdated systems ;^^^^)
Sebastian Flores
Sounds like you are a shitty programmer then. Most shit are done with high level languages calling libraries when needed. You are probably trying to reinvent the wheel and failing at it at the same time.
William Evans
>Rust into the trash it goes
Isaiah Watson
>It gets slower and slower every year Ugh, no. You probably meant iOS.
Josiah Turner
>How many of these silly Linux CVEs need to pop up Eh? The source being open, many more researchers are actually reviewing the code. Linux is getting more secure one CVE at a time. Where as windows... Even google gets fed up that MS is not patching the exploits and publishes them to the public.
Linux fixes CVEs, Windows hoards CVEs until someone finds it out
Julian Jackson
That's good, I'd rather not waste 4 hours a day updating system
Josiah Young
t. retard
Jack Baker
Very well thought out post user. It's very well structured and consists of properly backed arguments that one cannot refute. Perfectly appealing for Sup Forums
Lucas Morgan
This fallacy again If the source is always open, why the fuck so many vulnerabilities appear so often? Are lintards utterly incompetent?
Michael Howard
>Linux >getting more secure At the rate they keep adding "features" and shit to it, no it isn't.
Blake Garcia
>If the source is always open, why the fuck so many vulnerabilities appear so often? Because people are studying and finding exploits? Is it too hard to understand?
Jack Kelly
Little to do with C, everything to do with monolithic design.
As long as the kernel is basically megabytes of object code running in supervisor mode, bugs like this will keep popping up. You simply can't make something that big bug-free.
This is ignoring Linus doesn't give a fuck about security. Best workaround until serious OSs based on seL4 such as Genode are ready for general use is to do what all "masturbating monkeys" (Linus dixit) do. Run Openbsd.
Michael Collins
user, you DO realize you are in the wrong thread, right? You DO realize this thread is for autistic programmers, right?
Have you ever felt you don't belong somewhere before? Now is the time.
James Mitchell
>>Rust toddlers need IDEs to fix their syntax errors I don't use an IDE.
>>Rust toddlers need compilers to fix their logic errors And apparently C fags could use that too.
>>Rust togglers need languages to collect their garbage Fucking retard, Rust doesn't have a GC, it uses RAII like C++ does.
Luke Sanchez
>Is it too hard to understand? just give up, the level of intelligence of Sup Forums is somewhere between Sup Forums and Sup Forums. Whether Sup Forums or Sup Forums is smarter I don't know.
Luke Gutierrez
True
Ethan Russell
And what is stopping the NSA from finding these exploits before you lincucks and not telling anyone?
Daniel Walker
Give me a single reason why brainfuck can't fulfill all of your programming needs.
Lucas Green
How is that any different to windows, you dumb faggot. Just go back to your graphics card thread.
Alexander Murphy
> Are lintards utterly incompetent? I'd say they're a mixture of the best programmers various companies have, and then also more average ones from many other companies.
Do you think we have more competent programmers stashed away somewhere?
Andrew Diaz
>somewhere between Sup Forums and Sup Forums
Joseph Martin
You have absolutely no idea what you're talking about.
Owen Sanders
There is no Rust IDE yet you retard.
Owen Reed
NSA finds exploits tells no one. (They also buy backdoors from MS too and MS keeps it alive until contract finishes) NSA and other people finds exploits in Linux and other people post CVEs
Liam Williams
>How is that any different to windows, you dumb faggot exactly, how is open source any different than windows?
Evan Bennett
You keep telling yourself that.
Maybe when you grow up, you can learn efficient problem solving and not fail at optimizing things in C when it is not needed. I bet your projects are a cesspool of shitty code. Have fun with them