Me: OpenSSH is one of the most secure apps ever written, even in C C Haters: no it’s not! Several RCE bugs! Me: prove it. Show me a working exploit. *crickets* FUD and Security pedanticism is unbecoming of our insustry, Pals.
-
-
Replying to @DonAndrewBailey4 replies 0 retweets 7 likes
-
Replying to @andreasdotorg @DonAndrewBailey
that's actually an exploit against PAM... not openssh proper.
2 replies 0 retweets 2 likes -
Replying to @espie_openbsd @DonAndrewBailey
While technically true, I still think the shortcomings of the ecosystem count as trouble. Nobody writes C in a vacuum.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg @DonAndrewBailey
well, those shortcomings are not specific to C programs. All your shiny new languages are still using a system, with libraries, and a kernel. So basically, you're proving that C is on par with what you propose as a replacement.
1 reply 0 retweets 1 like -
Replying to @espie_openbsd @DonAndrewBailey
You have heard about the Unikernel movement? Trusted code base is something that can be measured and minimized (see MirageOS). And if it's just on the order of 20000 or so lines of code of C, even this can be verified or generated using more powerful tools (Hyper-V, HaCL).
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg @espie_openbsd
lol have you ever written a unikernel or microkernel? I have. I've even written Erlang for bare metal (on cortex-M). It's not the ecosystem silver bullet you think it is. In some cases, it's worse.
2 replies 0 retweets 0 likes
Sure, wrote a realtime control software for an atomic force microscope on a DSP. Also fixed bugs in the network stack on a Symbolics Lisp machine. Pretty much seen the spectrum. Also found a bug in the MirageOS TLS stack before they put up the Piñata. But no one got the 10BTC.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.