Gosling Claims Huge Security Hole in .NET

← Back to Stories (view on slashdot.org)

Gosling Claims Huge Security Hole in .NET

Posted by CowboyNeal on Friday February 4, 2005 @12:48PM from the throwing-stones dept.

renai42 writes "Java creator James Gosling this week called Microsoft's decision to support C and C++ in the common language runtime in .NET one of the 'biggest and most offensive mistakes that they could have made.' Gosling further commented that by including the two languages into Microsoft's software development platform, the company 'has left open a security hole large enough to drive many, many large trucks through.'" Note that this isn't a particular vulnerability, just a system of typing that makes it easy to introduce vulnerabilities, which last time I checked, all C programmers deal with.

17 of 687 comments (clear)

Phew! by rackhamh · 2005-02-04 12:50 · Score: 5, Funny

Good thing Linux isn't written in...

Oh. Never mind!
1. Re:Phew! by Anonymous Coward · 2005-02-04 13:14 · Score: 2, Funny
  
  How exactly would you program an operating system that runs behind a virtual machine? And it what language would the virtual machine be programmed?
  
  C and C++ are necessary for systems programming. Java, C#, and VB (.net version) are only useful for applications programming since they run behind a virtual machine.
  
  Oh, by the way, assembly language is a necessary evil as well. While some microprocessors may be developed that can directly read the bytecode, they still won't have a virtual machine running (just a real one).
2. Re:Phew! by Lord+Kano · 2005-02-04 13:41 · Score: 2, Funny
  
  Good thing Linux isn't written in...
  
  What Visual Studio .NET? Yep. Good thing it isn't.
  
  LK
  
  --
  "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
3. Re:Phew! by That's+Unpossible! · 2005-02-04 15:09 · Score: 2, Funny
  
  No offense, but give a fool a hammer and he'll crack his skull.
  
  Give a man a gun, and he can kill many people with it.
  
  Give that same man a pencil and... eh, not so much.
  
  --
  Ironically, the word ironically is often used incorrectly.
4. Re:Phew! by dasunt · 2005-02-04 17:11 · Score: 2, Funny
  
  Just imagine how secure the world would be if we wrote everything in PHP! :)
5. Re:Phew! by Anonymous Coward · 2005-02-04 22:08 · Score: 1, Funny
  
  most of today's OS's
  
  "OSes".
  
  mind boggling in it's ineptness
  under it's own user account
  
  "its".
  
  absolutely retarded setup's
  
  "setups".
Woah by pHatidic · 2005-02-04 12:51 · Score: 5, Funny

CowboyNeal is defending Microsoft. Someone take a screengrab, Slashdot's been hacked!
A truck, eh? by Faust7 · 2005-02-04 12:53 · Score: 5, Funny

the company 'has left open a security hole large enough to drive many, many large trucks through.'"

Like, say, a truck about the size of Sun's Java runtime environment.

--
The coolest voice ever.
Re:Advertisement? by Anonymous Coward · 2005-02-04 13:06 · Score: 1, Funny

> A hunting rifle can be used to kill people.

Well, Visual Basic won't kill people, but it surely can drive them insane!

> Does that mean the trigger should only work after inserting a valid and current hunting license?

You usually need a license to instal VB.NET ...
Homeowners!! Beware! by Stevyn · 2005-02-04 13:10 · Score: 4, Funny

No longer should homes be built using nails. All new homes should be built with really strong glue. Even though nails are faster and easier to work with, a carpenter might accidentally smash his thumb with a hammer. Plus, nails contain metal which may warp your home in the event a huge magnet is placed near the house.

--The Elmer's Glue Foundation for Strength and Security
Gosling vs. Kernighan Cage Match!! by Anonymous Coward · 2005-02-04 13:13 · Score: 1, Funny

Sunday! Sunday! Sunday!
I believe Gosling is wrong by frovingslosh · 2005-02-04 13:33 · Score: 5, Funny

James Gosling this week called Microsoft's decision to support C and C++ in the common language runtime in .NET one of the 'biggest and most offensive mistakes that they could have made.'
Gosling is dead wrong. I believe that Microsoft will soon prove they are capable of even bigger and more offensive security mistakes.
Also, the choice to actually use .NET is at least as big of a security error.

--
I'm an American. I love this country and the freedoms that we used to have.
lost my faith by phek · 2005-02-04 13:54 · Score: 2, Funny

After reading the comments to this post, I have finally lost my faith in the industry... C was around before your 'secure' languages, and C will be around long after your 'secure' languages become outdated/obsolete.
Re:Advertisement? by clem.dickey · 2005-02-04 13:56 · Score: 2, Funny

A few years ago a non-techie friend mentioned that he had read an interviewer with the creator of Java.

Me: "Oh, that would be, umm, James Gosling."

He: "No, that's not the name. It was a lady. Let me check ... Gina Centoni."

Me "Who?"

A web search revealed that Ms. Centoni's position was "Director of Java Marketing." Out of the mouths of babes come all wise sayings.
Give a crook a hammer, and he'll break *Windows* by Anonymous Coward · 2005-02-04 15:12 · Score: 1, Funny

Duh, I missed the obvious pun.
pots and kettles, you know... by 1nv4d3r · 2005-02-04 17:04 · Score: 3, Funny

I guess that's why there's no java native interf...

oh. nevermind.
Gosling Emacs security holes + spyware + malware! by SimHacker · 2005-02-04 18:09 · Score: 3, Funny

Gosling Emacs (written by none other than James Gosling) has many HUGE security holes that you can pilot an aircraft carrier through.

Emacs has a notorious "shell" facility that can actually run a shell and send it arbitrary commands!!!

In fact, there's even a built-in scripting langauge called "Mocklisp" that enables hackers and viruses to totally reprogram the behavior of the editor (and it looks like Lisp, but without any of those confusing lexical closures and list processing functions).

Gosling Emacs is actually spyware, because it has a hidden "keyboard macro" facility that can spy on every character you type! Emacs is also malware, because at any point it can instantly undo any editing changes you've made!

One of the biggest most offensive mistakes is that James Gosling has not fixed these huge security holes in Emacs, after all these years. In fact, many of the security holes have been reimplemented in another notorious piece of communist spyware called Gnu Emacs!

All Emacs should be banned!!!

-Don

--
Take a look and feel free: http://www.PieMenu.com