The US government asks not to use C/C++ due to memory vulnerabilities.
What does this imply for the future of C/C++ and purebasic?
sources :
https://blog.stackademic.com/u-s-govern ... 74f8e6c46b
https://www.tribuneindia.com/news/scien ... age-450295
The US government asks not to use C/C++ due to memory vulnerabilities.
-
skinkairewalker
- Enthusiast
- Posts: 782
- Joined: Fri Dec 04, 2015 9:26 pm
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
The amount of C++ code out there that's doing things only C++ can do is insane. The pushback from any sort of legislation due to this kind of thing would be absolutely destroyed.
That said, if it simply encourages safer programming (e.g. by using smart pointers or higher level languages when possible), I see nothing wrong with it.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Nope.
Governmental opinions are extremely short-sighted and prone to hysterical conclusions from lobbied interests.
Global warming, global cooling, global sniffles, global migration and still no global peace?
Now they want to do computer science?
Governmental opinions are extremely short-sighted and prone to hysterical conclusions from lobbied interests.
Global warming, global cooling, global sniffles, global migration and still no global peace?
Now they want to do computer science?
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
It is a question of programming and not of the language.
C is 'low level'. the programmer has to take care about what he is doing.
Maybe the programmers get worse or lazy.
Or they use 'frameworks' which are not well done. (the fault was done by other programmers
)
To compensate that, a language was needed which tells the programmer what is safe and what is not.
It is called Rust, but that doesn't mean that other code isn't save.
And why is there a keyword 'unsafe' in Rust?
Maybe because it is needed in some cases. And then the code is 'unsafe'
So it still depends on the programmer.
Look at qmail written in 1996, ok, they found 4 possible points to break it.
But they are fixed in notqmail. Up to now there are no other 'bugs' or vulnerabilities discovered up to now.
And these bugs only occured after the 32bit code was executed or compiled on 64bit CPUs.
C is 'low level'. the programmer has to take care about what he is doing.
Maybe the programmers get worse or lazy.
Or they use 'frameworks' which are not well done. (the fault was done by other programmers
)To compensate that, a language was needed which tells the programmer what is safe and what is not.
It is called Rust, but that doesn't mean that other code isn't save.
And why is there a keyword 'unsafe' in Rust?
Maybe because it is needed in some cases. And then the code is 'unsafe'
So it still depends on the programmer.
Look at qmail written in 1996, ok, they found 4 possible points to break it.
But they are fixed in notqmail. Up to now there are no other 'bugs' or vulnerabilities discovered up to now.
And these bugs only occured after the 32bit code was executed or compiled on 64bit CPUs.
-
DarkDragon
- Addict
- Posts: 2345
- Joined: Mon Jun 02, 2003 9:16 am
- Location: Germany
- Contact:
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
There's already a topic about it here:
https://www.purebasic.fr/english/viewtopic.php?t=83696
Rust compared to C(++) is like formal verification compared to testing. So it is definitely safer than C/C++, due to its object lifetime and ownership management. If we can use it, we should, but it's not the solution to everything.
https://www.purebasic.fr/english/viewtopic.php?t=83696
Rust compared to C(++) is like formal verification compared to testing. So it is definitely safer than C/C++, due to its object lifetime and ownership management. If we can use it, we should, but it's not the solution to everything.
bye,
Daniel
Daniel
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Of course, the US government will not wish bad things on its competitors. And MS and Google products are listed as alternatives. Only the NSA can control your computer, not some hacker.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
They also asked you to wear a mask they said was unhealthy the day before
-
DarkDragon
- Addict
- Posts: 2345
- Joined: Mon Jun 02, 2003 9:16 am
- Location: Germany
- Contact:
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Memory safety is also being discussed in the C++ community, it's not the case that only the US government says that.
https://www.youtube.com/watch?v=I8UvQKvOSSw
https://herbsutter.com/2024/03/11/safety-in-context/
There has always been the difference between business critical, mission critical and safety critical applications, however if we can easily broaden the safety into other areas we should do it. I don't know any person writing ASIL-D applications in C++, they're all in MISRA-C, also in medical technology and avionics.
https://www.youtube.com/watch?v=I8UvQKvOSSw
https://herbsutter.com/2024/03/11/safety-in-context/
There has always been the difference between business critical, mission critical and safety critical applications, however if we can easily broaden the safety into other areas we should do it. I don't know any person writing ASIL-D applications in C++, they're all in MISRA-C, also in medical technology and avionics.
I'm still wearing my mask in public. If a doctor with asthma can do it throughout the whole day until the end of his life, I can do it for some hours, too.Piero wrote: Sun Mar 17, 2024 4:07 pm They also asked you to wear a mask they said was unhealthy the day before
bye,
Daniel
Daniel
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Yes, no complaints from me if masks are voluntary. I cannot wear them due to oxygen deprivation. My body needs more O2 than most. I get headaches wearing masks.
Memory safe programming is absolutely possible with good programmers in any language. Maybe the problem is when very large projects demand all contributors not create issues in shared libs.
Memory safe programming is absolutely possible with good programmers in any language. Maybe the problem is when very large projects demand all contributors not create issues in shared libs.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Sounds like the perfect marketing opportunity for Fred: praise the benefits of coding in BASIC instead of C/C++, because he can truthfully advertise that BASIC isn't part of the US government's concerns! Always a silver lining.
Always a silver lining.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Prob. just want people to use new tech with embedded backdoors instead.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Isn't that's the role of the operating system?Mijikai wrote: Mon Mar 18, 2024 12:39 pm Prob. just want people to use new tech with embedded backdoors instead.
-
the.weavster
- Addict
- Posts: 1577
- Joined: Thu Jul 03, 2003 6:53 pm
- Location: England
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
It's not just the USA's government, this guidance has been published across all the Five Eyes.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Meanwhile in java land where logging classes allow remote code execution...
▓▓▓▓▓▒▒▒▒▒░░░░░