technology

23218 readers

1 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

Jadzia_Dax@hexbear.net

blashork@hexbear.net

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

"No way to prevent this" say users of only language where this regularly happens | Xe Iaso (xeiaso.net)

submitted 1 year ago* (last edited 1 year ago) by wopazoo@hexbear.net to c/technology@hexbear.net

1 comments fedilink hide all child comments

"No way to prevent this" say users of only language where this regularly happens

In the hours following the release of CVE-2024-22252 for the project VMWare ESXi, site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix a vulnerability that allows someone with root access to a guest domain to execute arbitrary code as the VMX host process. This is due to the affected components being written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes these things just happen and there's nothing anyone can do to stop them," said programmer Lady Lurline Schuster, echoing statements expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless."

top 1 comments

sorted by: hot top controversial new old

[–] demesisx 2 points 1 year ago* (last edited 1 year ago)

no way to prevent this

The answer for new code bases may be to use Rust where possible but IMO, C doesn’t need to go away. It just needs to be properly verified before being released. Perhaps they can go back through old C codebases to try and remove the offending unsafe code? This feels almost trivial since C is such a known quantity now.

https://github.com/runtimeverification/k