Journal RailGunner's Journal: Technical Stupidity 3
Link to i-Programmer
Wow, talk about a trollbait article.
The author attempts to make a case for managed code because of the "saving graces" of the runtime, but what, pray tell, was the runtime written in?
If a bug similar to Heartbleed was found in .NET or the JVM, for example, it arguably would have had an even greater impact.
To be 100% clear Heartbleed happened not because a programmer screwed up, but because the language was too primitive to know better.
Wow, that's a money quote for trolling.
This statement is ludicrous. It was because a developer screwed up. When a person gets shot, do we blame the gun or the shooter? Exactly, we blame the shooter. The fault never lies with the tool, it lies with the user of the tool. If you don't know how to use the tool correctly, don't fucking use the tool.
For example: Let's say there's an idiot -- there's enough around here to pick from -- who improperly uses a table saw and slices off a finger. Do we blame the table saw or the sloppy idiot?
Blaming C/C++ for Heartbleed is just as stupid.
Quite frankly, I'm surprised i-programmer posted such a trolling, flamebait rant and called it an article. I'd expect that sort of lame-ass shit from Slashdot...
Wow, talk about a trollbait article.
The author attempts to make a case for managed code because of the "saving graces" of the runtime, but what, pray tell, was the runtime written in?
If a bug similar to Heartbleed was found in
To be 100% clear Heartbleed happened not because a programmer screwed up, but because the language was too primitive to know better.
Wow, that's a money quote for trolling.
This statement is ludicrous. It was because a developer screwed up. When a person gets shot, do we blame the gun or the shooter? Exactly, we blame the shooter. The fault never lies with the tool, it lies with the user of the tool. If you don't know how to use the tool correctly, don't fucking use the tool.
For example: Let's say there's an idiot -- there's enough around here to pick from -- who improperly uses a table saw and slices off a finger. Do we blame the table saw or the sloppy idiot?
Blaming C/C++ for Heartbleed is just as stupid.
Quite frankly, I'm surprised i-programmer posted such a trolling, flamebait rant and called it an article. I'd expect that sort of lame-ass shit from Slashdot...
I do find it odd though (Score:2)
That in this day and age, after 30 years of warning every bloody CS student about the danger of buffer overruns, that he Heartbleed bug is basically a buffer overrun.
I say that even though last week, I found a SQL injection bug in my own code during integration testing and had to quickly release a patch.
Re: (Score:1)
And yet, in this industry, I've dealt with "programmers" with music degrees, English degrees, etc.
Plus, a CS degree is not required to contribute to Open Source. It's a double-edged sword -- "Anyone can contribute to Open Source" means sometimes, people who are grossly unqualified will contribute.
I've been coding, designing, and managing developers for over 20 years. I have not once been bitten in my own code by a buffer overflow. I have, however, f
bad example in article (Score:1)
TFAuthor seems to think that "not doing bounds checks on array access is [...] the assured way to make it exploitable". When I used to do C++, I noticed one time a coworker looping through a std::vector, accessing each element with at(). And he wondered why the total code for his piece wasn't running faster.
Dude, I sez, that function does bounds checking, which means each and every call. But if you're getting the upper bound up front and constraining the loop to that, you might as well just use operator[