Linked by Thom Holwerda on Thu 23rd May 2013 23:22 UTC
X11, Window Managers "Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues."
Thread beginning with comment 562603
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Overflowing
by moondevil on Fri 24th May 2013 11:53 UTC in reply to "RE[6]: Overflowing"
moondevil
Member since:
2005-07-08

std::array


Sure. I only place C++ in the same league as C due to its C foundation and it being unsafe by default.

Truth is, that C++ standard library offers ways to do safe programming and modern C++ is quite good, but there are still many companies out there that forbid modern C++ practices. ;)

I only touched C one year long back in 1993/4, then jumped straight into C++, only using C when required to do so in university assignments and a project back in 2000.

I felt more at home in C++ as a Object Pascal refugee than with C.

Reply Parent Score: 2

RE[8]: Overflowing
by sakeniwefu on Fri 24th May 2013 15:00 in reply to "RE[7]: Overflowing"
sakeniwefu Member since:
2008-02-26


Truth is, that C++ standard library offers ways to do safe programming and modern C++ is quite good, but there are still many companies out there that forbid modern C++ practices. ;)

At that point can you really say use this or that language to solve your problems?
The main thing I have learnt from the C programming language is that I could be doing the same things as the last language of the week, only in a more regular and deterministic way - and if I am not, its probably for a good reason.
C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior.
You can pass messages and duck-type in C89. You can have as many first-class functions as you wish. You can bound-check, garbage-collect, auto-release, and optimize your tails.
On the other hand, you can't do any of what C is good at in "first-class function" or "OOP" languages.
Frankly, I don't think any language could do better than C, given that users of other languages consider security to equal buffer overflow prevention.
Most web site defacements involve password files stored in plain text and accessible from Google.

Reply Parent Score: 2

RE[9]: Overflowing
by Alfman on Fri 24th May 2013 15:35 in reply to "RE[8]: Overflowing"
Alfman Member since:
2011-01-28

sakeniwefu,

"C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior."

I'm very interested in seeing how your going to go about proving it ;)


"Frankly, I don't think any language could do better than C, given that users of other languages consider security to equal buffer overflow prevention."

Buffer overflows are such a serious problem with C code that we've had to invent hacks like ASLR just to try to limit the circumstances in which the buffer overflow bugs are exploitable.


"Most web site defacements involve password files stored in plain text and accessible from Google."


Do you have examples of plain text password files accessible from google? If you had asked me, I would have said XSS and SQL injection. ... If websites were programmed in C, buffer overflows would be right at the top ;)

Edited 2013-05-24 15:39 UTC

Reply Parent Score: 2

RE[9]: Overflowing
by moondevil on Fri 24th May 2013 17:02 in reply to "RE[8]: Overflowing"
moondevil Member since:
2005-07-08

C is not perfect(as of C11 threading solutions still suck), but all other languages are substantially and provably inferior.
You can pass messages and duck-type in C89. You can have as many first-class functions as you wish. You can bound-check, garbage-collect, auto-release, and optimize your tails.


In which ANSI/ISO paragraphs are those features defined?

Reply Parent Score: 2

RE[8]: Overflowing
by Neolander on Fri 24th May 2013 18:02 in reply to "RE[7]: Overflowing"
Neolander Member since:
2010-03-08

Okay, here's where I ask another question.

Most C++ courses that are easily available online or in print here tend to treat C++ as a "better C", basically a variant of C with extra features added to accomodate for newer programming practices.

However, people debating here about language merits seem to imply that to the contrary, C++11, together with the STL and/or Boost, is capable of a lot more than just being C with templates and classes.

So can someone of that latter opinion point me towards pedagogical resources that actually try to teach C++ with the latter line of thought, just to see how much of a difference in language usage patterns that can make?

Reply Parent Score: 1

RE[9]: Overflowing
by kwan_e on Sat 25th May 2013 02:47 in reply to "RE[8]: Overflowing"
kwan_e Member since:
2007-02-18

However, people debating here about language merits seem to imply that to the contrary, C++11, together with the STL and/or Boost, is capable of a lot more than just being C with templates and classes.


Well, now the most important addition is lambda functions, which far removes C++11 from anything C is capable of. Also a natural for/each syntax. And initializing things from lists, which also work with for/each, so you don't have to shove them into a container first.

So can someone of that latter opinion point me towards pedagogical resources that actually try to teach C++ with the latter line of thought, just to see how much of a difference in language usage patterns that can make?


Strangely enough, I find that Python is a good way to learn what's possible with C++11 + STL/Boost. Python is a lot cleaner, but the translation of the concepts for Python lists/sets/maps/iterators is straightforward in most cases. With the new auto type specifier, C++11 is actually almost as clean as Python now, actually.

No more "typename std::list<T>::iterator i = alist.begin()", just "auto i = alist.begin()".

for( auto name : { "Alice", "Bob", "Carol", "David", "Enid",
           "Fr an", "Gunther", "Harold", "Iris", "Jen" } )
{
  std::async( std::launch::async, [name]()
  {
    std::vector<int> numbers { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
    std::random_shuffle( std::begin(numbers), std::end(numbers) );
    for( auto number : numbers )
    {
      std::cout << name << " says: " << number << std::endl;
    }
  });
}

Reply Parent Score: 2