PaX [comrade/them, they/them]

  • 0 Posts
  • 5 Comments
Joined 2 years ago
cake
Cake day: July 15th, 2022

help-circle
  • Programmers can trust language security features too much…

    Of course, they’re nice to have and really can make things easier to implement securely but it’s still very easy to introduce security problems or bugs into any code. This is just an unsolvable problem of writing imperative code. All imperative code will reliably have memory leaks (even in Java!) and security holes because no compiler can check to see if you thought of everything.

    And large and complex compilers/interpreters with these security features can end up introducing their own security problems or bugs in the process of implementing them.

    I’m just tired of people entirely dismissing languages like C because they don’t have these features. Especially when the operating systems their code runs on and their languages may even be implemented in C!




  • Sorry, I should have been more clear. I agree with you. I’m not talking about text-based interfaces and commands. I just mean the way Unix/POSIX handles “terminals” (devices that accept streams of characters according to a protocol established in the 70s) is an antiquated way of handling simple plain text streams. It made sense back then when there was a need to send commands to dumb terminals in-band with the plaintext but this doesn’t really make sense these days when your “terminal” is actually just a program pretending to be a dumb terminal running inside a window. When was the last time you used job control instead of opening another window?