Why isn't it a firable offense to choose to use C in a security sensitive setting? Hint: about any setting is security sensitive these days.https://twitter.com/Ngnghm/status/688950737624260609 …
-
-
Not using C is not an option, even if you think you're actually programming in Go or Rust or Swift.
1 reply 0 retweets 0 likes -
You could similarly say not using assembly isn't an option, or not using quantum physics. Use a safe abstraction.
1 reply 0 retweets 2 likes -
Indeed, which is why rowhammer works... even from 'safe' languages.
1 reply 0 retweets 1 like -
Don't execute untrusted code in a leaky sandbox. And unless you're building the sandbox, still don't use C, or be fired.
1 reply 0 retweets 0 likes -
All sandboxes are leaky, and you can't trust code unless you wrote the code and the compiler too.
1 reply 0 retweets 0 likes -
Still not an argument for using C except when patching sandboxes. Also I don't trust code I write more than a specialist's.
1 reply 0 retweets 0 likes -
Why do you think I was making an argument for using C?
2 replies 0 retweets 0 likes -
And why do you trust the specialist?
1 reply 0 retweets 0 likes
A general theory of the games people play around trust is off-topic, but division of labor also applies to cognitive tasks.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Read my blog!