Actually for all I care, those obscenely rich people can be treated as wild beasts or cattle. We have nothing in common with them, they treat everyone as prey, so there is no good reason why anyone should defend their interests. If someone does, it only happens because American society is insane and delusional.
My own education, obtained for free in USSR, is the primary reason why I am one of the people who keep US electronics industry from collapsing. If we weren't in your stupid country, you would have total economy collapse long ago (and you still will, but not yet).
But if they do, those societies will defeat Windows, as they would end up with actual progress in technology instead of porn-and-military innovation practiced in US.
I can certainly give all money I have away if it would force richest few top percents to lose all theirs (I don't even care how). I earn my living by doing productive work, so I can live even without any "savings" I have, however they have literally nothing to themselves but their money.
My "little" programs are embedded Linux systems. Most of system software written for Linux is actually very reliable -- as opposed to desktop Windows crap that you seem to hold as a standard of reliability.
strncat(), when applied to unexpectedly long string, unpredictably alters the data the program processes. Formally, that's just as insecure as running arbitrary code -- it just happens that for some software standards are so low, altering the data (producing garbage) is "more acceptable". The only thing this condition describes is the sorry state of software industry.
As for programmers making mistakes, the rate of mistakes made by every programmer at his skills level is constant and unalterable by his tools. If he isn't given an opportunity to miscalculate a buffer size, he will fill his quota by making a more fundamental error with just as disastrous consequences but without a "recipe" to fix. The only way to improve is to constantly pay attention.
If you don't understand the fundamental differences between working with software and working with physical objects, then you must not be much of a software developer.
I am an embedded systems developer, and this is why I have to avoid using software you and other "developers" of your kind make.
As I recommended to other crap writers in this thread, go fuck yourself.
I'll tell you what, just to be an ass I'm going to start setuid root'ing all my programs whether they need it or not. What kind of incompetent programmer can't properly secure a program such that it can run setuid root, I ask you?
If program has to run in a non-MMU environment, this is exactly the case, as protections won't work there.
Other than that, programmer SHOULD always write software in a manner as if it will be safe to run setuid root. It should not actually be setuid root just in case that programmer might be wrong in some nontrivial manner -- there are plenty of ways to mess up security, and buffer overflow is only one of them, and easiest to avoid.
However if programmer can't calculate the size of his buffers, he is fundamentally incapable of writing any software that deals with buffers, and particular functions have nothing to do with it.
Suddenly everyone else in the world is using strncpy() and you're using strcpy() just to be an ass, and you've got code with different conventions, one of which is just wrong (yours).
If someone can't use strcpy(), he should not program in C. Avoiding "dangerous" functions will not make his code better, it will just wrong in some other manner because.
Please, please tell me you've coded something in the open source world so I can look at your code for 5 minutes, find an error, and laugh at you. Pretty please?
Current uClibc MicroBlaze port and various Linux drivers. Now go, fuck yourself.
If those are unsafe, then dereferencing a pointer or using an array is unsafe, too -- and that means, a programmer is unable to write safe code no matter what.
People do manage to make asses of themselves even with so-called 'safe' string APIs, but there's no good reason to not use them.
What?
The only kind of "safe" strings handling that I am aware of, is operations on strings that are combined with allocation (in object-oriented or almost-object-oriented way). Their purpose is to simplify common operations, any "safety" is at best a side effect that shouldn't matter if programmer is not a moron in the first place.
Strcpy()
strcpy()
Case-sensitive names should be written as they are defined, no matter where they are in a sentence.
or strcat() have pitfalls that are really esoteric, and if you keep using them you'll eventually make a mistake and end up with some absolute motherfucker of a bug with security ramifications you wouldn't even have imagined.
I repeat -- if you can mess up strcpy(), you can mess up anything, and should not be allowed to write any code to begin with. It does not matter how many opportunities you are given to jump in front of a bus or a train -- what is important is that you should not do it.
and any programmer will be guilty of most of them if put under sufficient time pressure.
"Any programmer" can mess up implementation if he is in a hurry. Bad design is a sign of stupidity and ignorance.
Also, as a wise man observed, housebreaking a pet by killing the puppy the first time it pees on the rug is a bit inefficient.
There are huge organizations called "schools" made specifically for the purpose of educating people. Once someone works as a programmer, it's too late to tolerate idiotic crap from him.
What made you think that they know how to do that? Or that it's possible at all? The whole point of those schemes is to mess up the system in a weird, convoluted way that most likely goes terribly wrong if you don't have exactly the same architecture that developers expected.
I often deliberately choose a string manipulation that involves strcpy() and even strcat(), just to make a point that those are perfectly valid and useful functions, despite some morons writing insecure code with them.
The only common mistake I see is not firing the programmer who makes any of those "common" mistakes. There is absolutely no reason for any of this shit to be "common" unless "programmers" who make them are uneducated dumbasses who should never be allowed anywhere near software development.
Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.
Right to guaranteed flow of money into those people's pockets, and right to have power over other people are, without any doubt, among those God-given rights.
So he will be included in the number of American deaths in a war, thus discouraging further recruitment -- perfectly reasonable tactic when you are trying to get an aggressor off your soil. No one in US, certainly not public, seems to be aware of the number of wounded.
It's been said that one of the (many) reasons the Soviet Union collapsed was because of the spending on military hardware to keep up with the US - their economy just couldn't support it.
And it is pure bullshit because Soviet Union did not have companies. Government would not be able to "spend" anything even if it wanted to because it owned all industry, and would end up paying itself. It also had no unemployment and very little income disparity, so everyone who could be paid a salary, already was paid that, regardless of where he worked.
"Collapse" of economy only started after politicians convinced each other to bring USSR/Russia equivalent of Libertarians into power.
As usual, Americans project their own economic system's deficiencies onto their "enemies".
Actually for all I care, those obscenely rich people can be treated as wild beasts or cattle. We have nothing in common with them, they treat everyone as prey, so there is no good reason why anyone should defend their interests. If someone does, it only happens because American society is insane and delusional.
And forced redistribution of wealth is?
Yes.
My own education, obtained for free in USSR, is the primary reason why I am one of the people who keep US electronics industry from collapsing. If we weren't in your stupid country, you would have total economy collapse long ago (and you still will, but not yet).
But if they do, those societies will defeat Windows, as they would end up with actual progress in technology instead of porn-and-military innovation practiced in US.
I can certainly give all money I have away if it would force richest few top percents to lose all theirs (I don't even care how). I earn my living by doing productive work, so I can live even without any "savings" I have, however they have literally nothing to themselves but their money.
My "little" programs are embedded Linux systems. Most of system software written for Linux is actually very reliable -- as opposed to desktop Windows crap that you seem to hold as a standard of reliability.
strncat(), when applied to unexpectedly long string, unpredictably alters the data the program processes. Formally, that's just as insecure as running arbitrary code -- it just happens that for some software standards are so low, altering the data (producing garbage) is "more acceptable". The only thing this condition describes is the sorry state of software industry.
As for programmers making mistakes, the rate of mistakes made by every programmer at his skills level is constant and unalterable by his tools. If he isn't given an opportunity to miscalculate a buffer size, he will fill his quota by making a more fundamental error with just as disastrous consequences but without a "recipe" to fix. The only way to improve is to constantly pay attention.
If you don't understand the fundamental differences between working with software and working with physical objects, then you must not be much of a software developer.
I am an embedded systems developer, and this is why I have to avoid using software you and other "developers" of your kind make.
As I recommended to other crap writers in this thread, go fuck yourself.
I'll tell you what, just to be an ass I'm going to start setuid root'ing all my programs whether they need it or not. What kind of incompetent programmer can't properly secure a program such that it can run setuid root, I ask you?
If program has to run in a non-MMU environment, this is exactly the case, as protections won't work there.
Other than that, programmer SHOULD always write software in a manner as if it will be safe to run setuid root. It should not actually be setuid root just in case that programmer might be wrong in some nontrivial manner -- there are plenty of ways to mess up security, and buffer overflow is only one of them, and easiest to avoid.
However if programmer can't calculate the size of his buffers, he is fundamentally incapable of writing any software that deals with buffers, and particular functions have nothing to do with it.
Suddenly everyone else in the world is using strncpy() and you're using strcpy() just to be an ass, and you've got code with different conventions, one of which is just wrong (yours).
If someone can't use strcpy(), he should not program in C. Avoiding "dangerous" functions will not make his code better, it will just wrong in some other manner because.
Please, please tell me you've coded something in the open source world so I can look at your code for 5 minutes, find an error, and laugh at you. Pretty please?
Current uClibc MicroBlaze port and various Linux drivers. Now go, fuck yourself.
These are violently unsafe functions.
If those are unsafe, then dereferencing a pointer or using an array is unsafe, too -- and that means, a programmer is unable to write safe code no matter what.
People do manage to make asses of themselves even with so-called 'safe' string APIs, but there's no good reason to not use them.
What?
The only kind of "safe" strings handling that I am aware of, is operations on strings that are combined with allocation (in object-oriented or almost-object-oriented way). Their purpose is to simplify common operations, any "safety" is at best a side effect that shouldn't matter if programmer is not a moron in the first place.
Strcpy()
strcpy()
Case-sensitive names should be written as they are defined, no matter where they are in a sentence.
or strcat() have pitfalls that are really esoteric, and if you keep using them you'll eventually make a mistake and end up with some absolute motherfucker of a bug with security ramifications you wouldn't even have imagined.
I repeat -- if you can mess up strcpy(), you can mess up anything, and should not be allowed to write any code to begin with. It does not matter how many opportunities you are given to jump in front of a bus or a train -- what is important is that you should not do it.
Most of these 'mistakes' are judgment calls,
Everything a programmer does is a judgment call.
and any programmer will be guilty of most of them if put under sufficient time pressure.
"Any programmer" can mess up implementation if he is in a hurry. Bad design is a sign of stupidity and ignorance.
Also, as a wise man observed, housebreaking a pet by killing the puppy the first time it pees on the rug is a bit inefficient.
There are huge organizations called "schools" made specifically for the purpose of educating people. Once someone works as a programmer, it's too late to tolerate idiotic crap from him.
What made you think that they know how to do that? Or that it's possible at all? The whole point of those schemes is to mess up the system in a weird, convoluted way that most likely goes terribly wrong if you don't have exactly the same architecture that developers expected.
It's not about "too much" or "too little", it's about decisions that make absolutely no sense.
I often deliberately choose a string manipulation that involves strcpy() and even strcat(), just to make a point that those are perfectly valid and useful functions, despite some morons writing insecure code with them.
The only really unsafe function is gets().
Anything as long as it's consistent.
And "fixing invalid values" is a completely retarded idea to begin with.
People DO THAT???
The only common mistake I see is not firing the programmer who makes any of those "common" mistakes. There is absolutely no reason for any of this shit to be "common" unless "programmers" who make them are uneducated dumbasses who should never be allowed anywhere near software development.
Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.
Right to guaranteed flow of money into those people's pockets, and right to have power over other people are, without any doubt, among those God-given rights.
Fuck you and fuck your disgusting ideology.
Exactly.
Also it's not a crime outside US to do anything at all with US government's secrets.
Any activity is evil if you can accomplish the same thing by killing yourself.
If Tandberg fraudulently applied for a patent, what stops it from claiming this?
So he will be included in the number of American deaths in a war, thus discouraging further recruitment -- perfectly reasonable tactic when you are trying to get an aggressor off your soil. No one in US, certainly not public, seems to be aware of the number of wounded.
Seriously, what the Hell?
If you were thinking about buying either a netbook or a tablet
Then you are an idiot, because tablets are suboptimal for all kinds of use except as book/movie players.
It's been said that one of the (many) reasons the Soviet Union collapsed was because of the spending on military hardware to keep up with the US - their economy just couldn't support it.
And it is pure bullshit because Soviet Union did not have companies. Government would not be able to "spend" anything even if it wanted to because it owned all industry, and would end up paying itself. It also had no unemployment and very little income disparity, so everyone who could be paid a salary, already was paid that, regardless of where he worked.
"Collapse" of economy only started after politicians convinced each other to bring USSR/Russia equivalent of Libertarians into power.
As usual, Americans project their own economic system's deficiencies onto their "enemies".