Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal RailGunner's Journal: Technical Stupidity 3

Link to i-Programmer

Wow, talk about a trollbait article.

The author attempts to make a case for managed code because of the "saving graces" of the runtime, but what, pray tell, was the runtime written in?

If a bug similar to Heartbleed was found in .NET or the JVM, for example, it arguably would have had an even greater impact.

To be 100% clear Heartbleed happened not because a programmer screwed up, but because the language was too primitive to know better.

Wow, that's a money quote for trolling.

This statement is ludicrous. It was because a developer screwed up. When a person gets shot, do we blame the gun or the shooter? Exactly, we blame the shooter. The fault never lies with the tool, it lies with the user of the tool. If you don't know how to use the tool correctly, don't fucking use the tool.

For example: Let's say there's an idiot -- there's enough around here to pick from -- who improperly uses a table saw and slices off a finger. Do we blame the table saw or the sloppy idiot?

Blaming C/C++ for Heartbleed is just as stupid.

Quite frankly, I'm surprised i-programmer posted such a trolling, flamebait rant and called it an article. I'd expect that sort of lame-ass shit from Slashdot...
This discussion was created by RailGunner (554645) for no Foes, but now has been archived. No new comments can be posted.

Technical Stupidity

Comments Filter:
  • That in this day and age, after 30 years of warning every bloody CS student about the danger of buffer overruns, that he Heartbleed bug is basically a buffer overrun.

    I say that even though last week, I found a SQL injection bug in my own code during integration testing and had to quickly release a patch.

    • after 30 years of warning every bloody CS student

      And yet, in this industry, I've dealt with "programmers" with music degrees, English degrees, etc.

      Plus, a CS degree is not required to contribute to Open Source. It's a double-edged sword -- "Anyone can contribute to Open Source" means sometimes, people who are grossly unqualified will contribute.

      I've been coding, designing, and managing developers for over 20 years. I have not once been bitten in my own code by a buffer overflow. I have, however, f
  • TFAuthor seems to think that "not doing bounds checks on array access is [...] the assured way to make it exploitable". When I used to do C++, I noticed one time a coworker looping through a std::vector, accessing each element with at(). And he wondered why the total code for his piece wasn't running faster.

    Dude, I sez, that function does bounds checking, which means each and every call. But if you're getting the upper bound up front and constraining the loop to that, you might as well just use operator[

My sister opened a computer store in Hawaii. She sells C shells down by the seashore.