[ / / / / / / / / / / / / / ] [ dir / dempart / doomer / ebon / jenny / mde / pdfs / vore / zoo ]

/tech/ - Technology

Scheduled downtime for server maintenance:
April 25 at 12:00 noon PST

March 2019 - 8chan Transparency Report
Comment *
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Show oekaki applet
(replaces files and can be used instead)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File: 48b0afc106822e1⋯.jpg (17.05 KB, 248x189, 248:189, 7a4b230d24ae4092d9e74d3b90….jpg)


>C takes safety and places it into the programmer's hands.

>If there's a problem with a program, it's because the programmer fucked up in one instance.




itt. assblasted rustfags


Imagine being Rustfag who gets THIS asshurt when someone says bad things about his language




>damage control

sage negated btw :^^^)



> a bunch of obscure libraries that no one uses have vulnerabilities

Literally so what? Shit thread tbh.


File: db31b58d954bfcc⋯.jpeg (50.56 KB, 474x562, 237:281, report.jpeg)




>cnile LARPer

sage negated btw


>op "negates" sages by bumping his own thread

What a fucking nigger



So only game devs are affected? Coolio, dudeman.





>only game devs use compression or images

spotted the LARPer


>title implies C has vulns

>post links to vulns in libraries written in C

Kill yourself


File: 1e2b2c34bf74e4c⋯.webm (1.92 MB, 1280x720, 16:9, mark mmmmmmmmmmmmmmmmmmmm….webm)



File: 51d25482232dcd0⋯.png (60.58 KB, 217x293, 217:293, Screenshot at 2019-02-04 1….png)

OP is so gay that he bought whole pallet of pic related.


File: b9f1435e8c34999⋯.jpg (39.03 KB, 500x534, 250:267, not an argument.jpg)


anti saged


>this whole thread



File: 6e180018581030c⋯.gif (1.97 MB, 380x285, 4:3, yikes.gif)





You don't understand what sage is for, faggot



sage = downboat

anti sage = upboat



>An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.




whataboutism is the true mark of the weenie


File: 5b68b2248fbe264⋯.png (14.93 KB, 472x287, 472:287, Screenshot at 2019-02-04 1….png)


>thinking rewriting it in rust would solve anything



thanks for spreading the word that C/C++ is harmful



Call me back when your project gets 20+ years of real world use.



You mean 20+ years worth of buffer overflows, right?




>can't respond to an argument

>call it a bad name

>not a weenie


File: 4c22531c73898bb⋯.png (64.17 KB, 1645x323, 1645:323, Screenshot at 2019-02-04 1….png)



>2 buffer overflows in 2018 in standard library

>barley anyone uses it

>supposedly prevents buffer overflows by use of safety magic



>2 buffer overflows in 2018



>7 buffer overflows in 2018 in standard library

>everybody uses it

>supposedly prevents buffer overflows because programmer are perfect



>language prevents buffer overflows

>programmer are perfect

nobody makes this argument though.

in a world of swordsmen, you're comparing a single knight order (the knights of "let's be really disciplined and not make mistakes in the first place") with some nunchuck advocates who argue that a non-edged weapon can completely prevent accidental cuts.



>nobody makes this argument though.

LARPers on /tech/ make this argument everytime this topic comes up. see >>1026759



no, literally nobody on /tech/ has ever said that programmers


perfect or that C++


buffer overflows. People argue all the time that pursuing perfect gets you there faster than pursuing a tool.



>no, literally nobody on /tech/ has ever said that programmers are perfect

Yes they have. If you weren't a newfag you would know this.



>C 13.337% market share

>C++ 8.158% market share

>21.5% total, 7 overflows in std lib - OVF/% = 0.326

>rust 0.360%, 2 overflows in std lib - OVF/% = 5.556

Keep shilling your meme language. Even COBOL has more users than Rust in 2019.



nah you're just stupid. Next time you encounter what you think is "programmers are perfect", ask it if pajeets are prefect, too. Or if Rust should have a zero buffer overflow record because Rust programmers are also perfect.



>nah you're just stupid


>Next time you encounter what you think is "programmers are perfect", ask it if pajeets are prefect, too.

I did. The LARPers replied that pajeets aren't real programmers.



But that's accurate friendo.



sage negated



The whole point of a language is to be tool to make something, if you fuck up that's on you.

C/C++ are like a screwdriver, if you stick it into a electric outlet no shit you are gonna get burned, Rust is like a screwdriver that snaps in half no matter what you do. Having the language itself make your programs unsafe while claiming to do the opposite is completely unacceptable.



>this is what cniles actually believe

thanks for not saging btw.



> while claiming to do the opposite

Exactly, and that's after contorting your algorithm to comply with Rust's strict type checking. All that effort, for nothing.



>type checking is bad



>Rust shillfags shilling their slave mentality language ITT

If you can't design your software to not have buffer overflows, you're a fucking pajeet, full stop. Learn how a fucking computer works so you can write good code that is designed to run on a computer. You Rustfags are going to turn programming into a sandbox where only (((they))) have access to instructions you're not even aware exists because they're (((undocumented))). Oh wait, we already have this shit because so many of you fags just couldn't code to save your lives so you need (((safety))) (gatekeeping) language features.




hello friend. Do you agree that programmers are perfect?

Do you think that C++ prevents buffer overflows?



Of course, fellow cnile!



>thinking you have to be perfect to not write programs with glaring holes like buffer overflows

Why is the concept of loop invariants so hard for pajeets to understand?



spotted the LARPer




What's so hard to understand about terminating a loop over a fixed-size buffer?



Sorry, I'm not a perfect programmer. Please explain it to me, oh all-knowing cnile.



It's not a trick question. How do you terminate a loop over a fixed-size buffer? Let me make this easier for you:

char buf[50];
for (int i = 0; ... ; ++i)
// Copy to buf[i]...

What goes into the middle field of the for loop statement to ensure that a buffer overflow does not happen?

Many pajeets fail at this point of the interview. Will you be one of them?



>Sorry, I'm not a perfect programmer.

You're not even a decent one, as you don't know what a loop invariant is.


this is a troll thread



>I was just pretending to be retarded



char buf[50];
for (int i = 0; i <= 50; ++i)
// Copy to buf[i]...

Thanks C/C++ for not bounds checking.



>he can't write a simple for loop

The average numale programmer, everybody.



>cnile is unable realize he is being mocked

LARPing is a form of braindamage


File: 4ead23589b5d741⋯.jpg (45.03 KB, 640x451, 640:451, 4ead23589b5d741a91fdc01148….jpg)


Then sage you nigger



The cnile guy is the LARP spammer. It's like pottery.



Check yourself before you wreck yourself.


OP finds out again that everything in IT is vulnerable

If you want to be safe, just don't use any computer at all



>the absolute retard thinks this is a big revelation



You sound like a very high level C programmer. What work do you do?



>he thinks the LARPer knows how to program



No, Rust's type checking is bad.






char buf[50];

int main () {

for (int i = 0; i <= 50; i++) {
buf[i] = 0xFE;

return 0;
$ cppcheck test.c 
Checking test.c ...
[test.c:9]: (error) Array 'buf[50]' accessed at index 50, which is out of bounds.

>not using cppcheck

>not using -fsanitize=address for dynamic memory



>>C takes safety and places it into the programmer's hands.

This phrase is sufficient. It illustrates that the two involved parties understand very different things under "safety".

Hence the backing for rust/nu-fox/whatever tranny crusade.



>1337 marketshare



Can you read? These are vulnerabilities with programmers implementations. Not the C language.


File: fb2a117ef79cdbb⋯.png (299.56 KB, 1242x1290, 207:215, typicalRustEvangelist.png)


It was posted by a Rust brainlet, of course they can't read



>hur hur I was pretending

Being wrong "on purpose" is still being wrong, retard.



C answer: easily put bugs in your software, and then habitually use tools to notice them and dig them back out.

Modern language (and also Ada) answer: make it harder to put bugs in your software.

In C++ you can use a range template that involves a trillion lines of library code and takes three centuries to compile or something. Ada:

with Ada.Text_IO; use Ada.Text_IO;

procedure Bounds is
Buffer : String (1 .. 50);
for J in Buffer'Range loop
Buffer (J) := Character'Val (J);
end loop;
Put_Line (Buffer);
end Bounds;
as used:
$ ./bounds|od -c
0000000 001 002 003 004 005 006 \a \b \t \n \v \f \r 016 017 020
0000020 021 022 023 024 025 026 027 030 031 032 033 034 035 036 037
0000040 ! " # $ % & ' ( ) * + , - . / 0
0000060 1 2 \n
Types have lots of attributes and one of the attributes of array types is all of the valid indexes over the type. This is true regardless of the actual indexes of the type: it could be 1 thru 50 as in this example; it could be 0 thru 49; it could be Monday thru Sunday.



That programming language looks niggerlicious.



it scores a solid 15/10 for readability. Nothing else comes close. And you can avoid formatting idiosyncrasies with pretty-printed code ala gofmt.

You probably just wallow in stupid shit like using the comma operator to not have to put an assignment on its own line.




see >>1027138



>ada shill LARPing his irrelevant language in a C/C++ thread


>You probably just wallow in stupid shit like using the comma operator



to be fair, everything has vulnerabilities

Java: insecure deserialization

PHP: file upload, file inclusion, PHP injection, PHP 5 still in use despite no security updates

C++: easy to write code vulnerable to buffer overflow attacks, pointer issues, etc.

Python: 2.7 no longer gets security updates for things like urllib

JavaScript: frameworks come and go in 6 months, and XSS is super common

HTML5: browser lockers abuse HTML features (along with JS)

XML: XXE attacks (XML External Entities)

show me a programming language or piece of software and I will show you a CVE for it

you must be REALLY new to tech if you think something having a vulnerability means it's an outlier




You're joking? It looks like shit. Like all old languages using the being/end, it's verbose/hard to see blocks and those apostrophes look very out of place.

Look at TCL/Rebol if you want reabable.



Begin/end is verbose more than readable



Because C is a very modern language amirite.




Spark or a lisp dialect? I'm just curious.




No. Use Ada for a bit and it's impossible to notice how much more readable it is.

>languages using the being/end

like Ruby? You get a 'begin' with a function, procedure, or declare; mostly you have 'end'. loop ... end loop, for example. end is three letters and the one-byte alternative gets a whole line to its own anyway.

When Ada was introduced in the 80s, it was remarkably verbose compared to other languages. It's not remarkably verbose now. The C++ range template shit is a whole lot more verbose than a 'Range attribute

>apostrophes look very out of place

because of the prevalence shitty languages that use ' for string literals, any kind of default syntax highlighting won't be kind to Ada.

That's not what you'll be looking at normally, dude.


now this ain't serious.



>It's not remarkably verbose now.

It is. Stop shilling your shit in a C/C++ thread. Make an Ada thread.



this is actually a Rust thread.

Which is why it's an Ada thread.



sage negated



checked and kek'd



>like Ruby? You get a 'begin' with a function, procedure, or declare; mostly you have 'end'. loop ... end loop, for example. end is three letters and the one-byte alternative gets a whole line to its own anyway.

How does being a brainlet feels like? Because if you think that the difference between begin/end and braces is the number of chars, you must know.


>now this ain't serious.

1) This was about the syntax.

2) Bloatmasters who think that "one PL to rule them all" is better than a high level and low level combination with easy interfacing are just niggers.



based and anti saged



and now it's anchored.


>this thing is more verbose than that thing

>but it's not because it's literally longer or anything

>bytes don't matter to the length of a string

because it's vertical space that matters? I feel like someone other than you just finished making that point...

yeah whatever. Ada's amazingly readable and 'end' doesn't contribute to its verbosity at all, and 'begin' is frequently occupying what would be an empty line anyway in another language. Ada as a whole is pretty tolerable; begin/end is just something obvious and easy for you to focus on, since you don't know anything and can't just compare your own code that you've written in one language vs. another.



My point is that it's easy to separate actual content from syntax noise when you don't use words for both. That's why sane syntaxes use punctuation for that.


>C/C++ thread gets bumplocked

>Rust thread doesn't

Is varg a Rustfag????



What is the "C/C++" language? I've never heard of it.



Please, be bait.



Nope. That is pure C/C++ retardation.


File: b6ff9fa7433c2e2⋯.jpg (21.64 KB, 249x189, 83:63, pepe_onion.jpg)

i fixed your picture for you 100 percent original


File: b1790889617c1a1⋯.jpg (464.86 KB, 1280x720, 16:9, chainsawhonkmasacre.jpg)

Secure coding is in the back of the book.

I cruise this site for new RCE exploits. https://www.exploit-db.com/

pic not related

[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[ / / / / / / / / / / / / / ] [ dir / dempart / doomer / ebon / jenny / mde / pdfs / vore / zoo ]