Forgot your password?
typodupeerror

Comment: Re:~45yrs of buffer overflows... (Score 2) 127

by soccerisgod (#47163187) Attached to: GnuTLS Flaw Leaves Many Linux Users Open To Attacks

It's a problem because it requires programmers to concern themselves with low-level tedious details that the compiler could handle for them

So basically your statement can be reduced to is "If you're lazy and stupid, don't use C". I'm fine with that. But I'd like to add that if you're lazy and stupid, don't program at all, become a manager.

Comment: Re:~45yrs of buffer overflows... (Score 2) 127

by soccerisgod (#47162723) Attached to: GnuTLS Flaw Leaves Many Linux Users Open To Attacks

C is especially bad because the language doesn't even have a way to talk about the size of an array. When you pass an array to a function, all size info is lost. This sucks.

How is that a problem? Pass the size in a separate variable. Put the array in a struct and add a member for the size. Or add a function to your struct that returns the size. Whatever. The possibilities are there. If you don't use them because programming in C is less cushy than in other languages, the fault is entirely yours. There is nothing in C preventing you from writing proper code. You just have to do it, with the understanding that it will be more work. But it's hardly impossible.

Comment: Re:Basic programming principles what? (Score 1) 127

by soccerisgod (#47162703) Attached to: GnuTLS Flaw Leaves Many Linux Users Open To Attacks

That's exactly the problem. If you think to add features first, security later you have already made a fundamental mistake. Writing secure code is not a matter of adding extra checking later. It means writing good, proper code right from the start. One of the most obvious consequences of that is not to use functions like sprintf at all, but use substitutes that allow and in fact demand proper length checking.

My $0.05: Of course managers never see a business case for adding security checking later. There is no obvious way it will make the company more money, so something "more important" will take precedent. But on the other hand, not writing secure code right from the start also means the programmer is not making a habit of writing good code. It shows a serious problem with their attitude toward their own work. That is not to say that there won't still be mistakes made, but a lot of them can be prevented right from the start.

This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...

Working...