On 9 April 2014 17:19, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > Only the other day I was thinking similarly: That almost every exploit > that I read about, over the last umpteen years, was a buffer overflow; > and why is it so? Are programmers such morons that they accept all data > without care, rather than only accept what you actually expect? No. It's because the entire world of modern computing is built on C, a programming language that is a sort of portable assembly-language but with pointer arithmetic, a language so brain-dead that it lets you assign element 31 in an array of 30 elements, or write to the 42nd character of a 40-character string. And which encourages programmers to arithmetically manipulate pointers to data in memory directly, which compels programmers to do their own memory-management manually. All more mature, reliable languages have features that check accesses and disallow direct pointer manipulation. And once, there were programming languages whose basic features were atoms and lists, not bits and bytes, and they ran on chips that natively understood atoms and lists and where things like memory overruns and underruns were therefore unheard-of. Unfortunately, in the 1980s, when chips and RAM were really expensive, what succeeded commercially were really simple, fast languages (like C) and really simple, fast chips (like x86 and RISC) and all the better, more powerful chips and languages disappeared or were marginalised. So now, what we have are the cheap'n'nasty machines and software of the 1970s and 1980s, but vastly upgraded in speed and capacity, and the /good/ computers and software, the ones that enabled people to be tens to hundreds of times more productive, are all gone. I was just ranting about this /right before/ the Heartbleed thing became public: -- Liam Proven * Profile: http://lproven.livejournal.com/profile Email: lproven@xxxxxxxxx * GMail/G+/Twitter/Flickr/Facebook: lproven MSN: lproven@xxxxxxxxxxx * Skype/AIM/Yahoo/LinkedIn: liamproven Tel: +44 20-8685-0498 * Cell: +44 7939-087884 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
