Another thing I forgot about Power Tools analogy. *Very* easy to understand safety guide. C expert fail internalize C safe programming rules
-
-
Replying to @elazarl @hyc_symas and
I don't think this is accurate. Most unsafe C is a consequence of breaking dead simple safety rules trying to be clever...
1 reply 0 retweets 1 like -
Replying to @RichFelker @elazarl and
...which is a lot like disabling safety mechanisms on tools for the sake of being "macho"/saving time/whatever.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @elazarl and
Unfortunately C has a huge corpus of utterly wrong examples, bad tutorials, bad teachers, etc. that new people learn to do these things from
1 reply 0 retweets 2 likes -
Replying to @RichFelker @hyc_symas and
I hate to be blunt, but this is factually incorrect. Even w/o discussing details, code bases by C experts contain UB, crypto code from GOOG>
1 reply 0 retweets 0 likes -
Replying to @elazarl @RichFelker and
>GCC code from the compiler makers. If it's so easy how come the experts keep making those misatkes, even musl;-) http://www.openwall.com/lists/oss-security/2016/10/19/1 … >
2 replies 0 retweets 0 likes -
Replying to @elazarl @hyc_symas and
Yes, experts do this because they think they're smarter than they are. You can be smart enough once or ten times, but not N times as N→∞.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @elazarl and
But it's still conscious breaking of simple rules that they (we, me included) should be following.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @elazarl and
Your musl example was bad because that was one of the few pieces of imported code, but the IPv6 & DNS parsing vulns were real examples.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @elazarl and
The latter were just me being overly clever & wrong about assuming loop invariants rather than using easily-provably-correct conditions.
1 reply 0 retweets 0 likes
Future direction for musl is to reduce cleverness, optimize for simplicity whenever there's not a demonstrable need for cleverness.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.