Re: Coding Practice [was Re: Serious OpenSSL vulnerability]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Quoting Tim <ignored_mailbox@xxxxxxxxxxxx>:


Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:

It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening for this
security breach, along with so many others.  And why is the code run
on hardware that provides no such checks?  There have been languages
and system that check for overflow available for 40 years.  Why
doesn't anyone use them?


Only the other day I was thinking similarly:  That almost every exploit
that I read about, over the last umpteen years, was a buffer overflow;
and why is it so?  Are programmers such morons that they accept all data
without care, rather than only accept what you actually expect?
I would say they're badly trained. The cost/benefir ration between hardware and programmer time has changed drastically to the point where hardware is practically free but programmer time, notwithstanding offshoring, is expensive. The institutional inertia is so large that education consists largely of teaching the students to do well what their instructors would like to have been taught. Not a viable way forward. 

Dave



--
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org





--

I and the public know
What all schoolchildren learn,
Those to whom evil is done
Do evil in return.
 -- W. H. Auden






--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux