[ back to Tom 7 Radar ]

p
e
r
s
o
n
a
l
Slashdot gets it?! (15 Sep 2003 at 11:17)
This article over at slashdot about "secure programming" gives me hope about the future. Most of the time when some security bug comes up I go there and rant about how C and C++ are actually the source of most of our security woes. But this time, there are loads of people making that argument (and well, for the most part) for me. Even the authors of the web page (devoted to secure programming in C and C++) have now put up a page responding to all those comments. (Their conclusion: C has 5x as many security holes per source line, but other languages have the potential for security holes, too.) For my perspective, see my posts: [1, 2, 3, 4, 5, 6]

The hive mind of slashdot is not something to brush off lightly. Hopefully*, modern languages are finally making headway into the mainstream... Just wait 'til they find out that you don't need to run in a VM to get safety and garbage collection!

* The usage panel overwhelmingly rejects this use of "hopefully," but, I don't care.


c
o
m
m
e
n
t
Tom 7 (gs82.sp.cs.cmu.edu) – 09.16.03 12:07:20
Case in point: there is now a new sshd exploit, as of today. I did a "zero-hour" patch on my machine, and even remembered to schedule sshd to start up again so that when I did "killall sshd" (destroying my connections) I wouldn't be left with an unreachable machine!
c
o
m
m
e
n
t
Tom 7 (gs82.sp.cs.cmu.edu) – 09.17.03 11:22:51
And today, another remote hole in sendmail.
p
o
s
t

a

c
o
m
m
e
n
t
[ Tom 7 Radar  •  Tom 7 on Google+  •  on Twitter  •  on Facebook ]