Page 1 of 2
The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 5:19 am
by skinkairewalker
The US government asks not to use C/C++ due to memory vulnerabilities.
What does this imply for the future of C/C++ and purebasic?
sources :
https://blog.stackademic.com/u-s-govern ... 74f8e6c46b
https://www.tribuneindia.com/news/scien ... age-450295
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 5:28 am
by Quin
The amount of C++ code out there that's doing things only C++ can do is insane. The pushback from any sort of legislation due to this kind of thing would be absolutely destroyed.
That said, if it simply encourages safer programming (e.g. by using smart pointers or higher level languages when possible), I see nothing wrong with it.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 6:12 am
by skywalk
Nope.
Governmental opinions are extremely short-sighted and prone to hysterical conclusions from lobbied interests.
Global warming, global cooling, global sniffles, global migration and still no global peace?
Now they want to do computer science?
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 10:30 am
by infratec
It is a question of programming and not of the language.
C is 'low level'. the programmer has to take care about what he is doing.
Maybe the programmers get worse or lazy.
Or they use 'frameworks' which are not well done. (the fault was done by other programmers
)
To compensate that, a language was needed which tells the programmer what is safe and what is not.
It is called Rust, but that doesn't mean that other code isn't save.
And why is there a keyword 'unsafe' in Rust?
Maybe because it is needed in some cases. And then the code is 'unsafe'
So it still depends on the programmer.
Look at qmail written in 1996, ok, they found 4 possible points to break it.
But they are fixed in notqmail. Up to now there are no other 'bugs' or vulnerabilities discovered up to now.
And these bugs only occured after the 32bit code was executed or compiled on 64bit CPUs.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 11:04 am
by DarkDragon
There's already a topic about it here:
https://www.purebasic.fr/english/viewtopic.php?t=83696
Rust compared to C(++) is like formal verification compared to testing. So it is definitely safer than C/C++, due to its object lifetime and ownership management. If we can use it, we should, but it's not the solution to everything.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 1:13 pm
by AZJIO
Of course, the US government will not wish bad things on its competitors. And MS and Google products are listed as alternatives. Only the NSA can control your computer, not some hacker.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 4:07 pm
by Piero
They also asked you to wear a mask they said was unhealthy the day before
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Sun Mar 17, 2024 6:17 pm
by DarkDragon
Memory safety is also being discussed in the C++ community, it's not the case that only the US government says that.
https://www.youtube.com/watch?v=I8UvQKvOSSw
https://herbsutter.com/2024/03/11/safety-in-context/
There has always been the difference between business critical, mission critical and safety critical applications, however if we can easily broaden the safety into other areas we should do it. I don't know any person writing ASIL-D applications in C++, they're all in MISRA-C, also in medical technology and avionics.
Piero wrote: Sun Mar 17, 2024 4:07 pm
They also asked you to wear a mask they said was unhealthy the day before
I'm still wearing my mask in public. If a doctor with asthma can do it throughout the whole day until the end of his life, I can do it for some hours, too.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Mon Mar 18, 2024 12:29 am
by skywalk
Yes, no complaints from me if masks are voluntary. I cannot wear them due to oxygen deprivation. My body needs more O2 than most. I get headaches wearing masks.
Memory safe programming is absolutely possible with good programmers in any language. Maybe the problem is when very large projects demand all contributors not create issues in shared libs.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Mon Mar 18, 2024 2:51 am
by BarryG
Sounds like the perfect marketing opportunity for Fred: praise the benefits of coding in BASIC instead of C/C++, because he can truthfully advertise that BASIC isn't part of the US government's concerns!
Always a silver lining.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Mon Mar 18, 2024 12:39 pm
by Mijikai
Prob. just want people to use new tech with embedded backdoors instead.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Fri Mar 22, 2024 5:18 am
by idle
Mijikai wrote: Mon Mar 18, 2024 12:39 pm
Prob. just want people to use new tech with embedded backdoors instead.
Isn't that's the role of the operating system?
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Fri Mar 22, 2024 3:19 pm
by the.weavster
It's not just the USA's government, this guidance has been published across all the
Five Eyes.
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Thu Mar 28, 2024 2:39 pm
by Piero
idle wrote: Fri Mar 22, 2024 5:18 am
Mijikai wrote: Mon Mar 18, 2024 12:39 pm
Prob. just want people to use new tech with embedded backdoors instead.
Isn't that's the role of the operating system?
Also of the """hacked""" firmware of your toys
Re: The US government asks not to use C/C++ due to memory vulnerabilities.
Posted: Thu Mar 28, 2024 3:26 pm
by Nituvious
Meanwhile in java land where logging classes allow remote code execution...