The impracticality of c & projects - Programming On Unix
pranomostro
(01-09-2015, 02:02 PM)vypr Wrote: Stuff like that is human error when they develop the application. Programming languages aren't made with security in mind (besides any runtime-based languages, such as Java and the HotSpot VM). Anyone can make an insecure program in any language.

That may be true, but C makes it easier to do these mistakes. It is easier to not null-terminate a string in C, in another language this has been done reliably by the person creating the language (most of the time). There is a single point of failure and not thousands of them like in C. And there are many more examples for this. I don't want to say that C is totally not suited for security stuff, but it is much easier to make critical mistakes (buffer overflows, not-terminated strings, gets() and much more) than in other memory-safe languages.
vypr
(01-09-2015, 04:29 PM)pranomostro Wrote: but C makes it easier to do these mistakes

C wasn't made to prevent the programmer to do various things. That doesn't make C an insecure language, that means the programmer needs to pick up a book on making secure applications in C.
Code:
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G d s+:++ a--- C++ UB P+ L+ !E !W+++ !N !o K--? w++ !O M++ !V PS+++ PE-- Y++ PGP+ !t !5 !X !R tv b+ DI D++ G e- h r y--
------END GEEK CODE BLOCK------

buddhist ~ esperantisto ~ communist
z3bra
(02-09-2015, 10:23 AM)vypr Wrote: the programmer needs to pick up a book on making secure applications in C.

This is not as simple as that. C is a language that doesn't even try to fix runtime errors.
Out-of-boundaries arrays, random memory reads, unterminated strings, ... Some languages actually provide checks for these, and thus prevent leaks and exploits based on this (remember heartbleed?).
Sure, this would have been prevented if the devs didn't make such an error in the first place. But hey, if people didn't make any error, we wouldn't even be discussing this.
Everyone makes errors, this was true in the past, this will be true in the future. And C will always let you make such errors, while other languages don't.
If you think your application is a bit "risky", and your codebase starts to be hard to review, then C might not be the best language.
pranomostro
>C wasn't made to prevent the programmer to do various things. That doesn't make C an insecure language, that means the
>programmer needs to pick up a book on making secure applications in C.
Don't get me wrong, I am a very strong advocate of C, and I am completely against banning it. But as z3bra already said,
even if you would want to make secure applications in C, it wouldn't be that easy. Preventing the programmer from doing things he does not want to do (overwriting protected memory) is actually a good thing imho.
Pr0Wolf29
C is not impractical. I could do everything I do in C++ in C, but I figure most of C++ is just abstractions on top of C I'd have to write anyways. Performance losses are fairly negligible too.
ninjacharlie
Along with what everyone else has said about the unsafe aspects of C, I wanted to throw in my two cents.

First, the Xorg API is a mess. It's not fun to write and is poorly documented. I wouldn't recommend jumping right into that immediately.

Secondly, here's a list of a few interesting C projects I've come across while surfing GitHub daily for ~a year.

1) DOOM (https://github.com/id-Software/DOOM), the classic first person shooter. It's code is great and is completely written in C. It make take a little work to get it running, but just looking through the code is worthwhile.
2) Vis (https://github.com/martanne/vis) a vim clone. Associated with the suckless.org projects :)
3) Any suckless.org project
4) C4 (https://github.com/rswier/c4) a C compiler in 4 functions. It's a little dense, but it's a fascinating project.
5) Corange (https://github.com/orangeduck/Corange), a 3D game engine in C. Most 3D game engines are written in C++, and this is one of the few exceptions I've found. Check out SDL, if you want to write graphics stuff in 2D.

Bonus: Build Your Own Lisp (http://www.buildyourownlisp.com/), learn to write a simple Lisp compiler in C. Teaches some basic C concepts too, if you need a little extra practice with the foundational concepts.
apk
*COUGH* ADA *COUGH*
vypr
(10-09-2015, 05:18 PM)dsplayer14 Wrote: *COUGH* ADA *COUGH*

have you even poked Ada with a stick?
Code:
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G d s+:++ a--- C++ UB P+ L+ !E !W+++ !N !o K--? w++ !O M++ !V PS+++ PE-- Y++ PGP+ !t !5 !X !R tv b+ DI D++ G e- h r y--
------END GEEK CODE BLOCK------

buddhist ~ esperantisto ~ communist
apk
(10-09-2015, 08:10 PM)vypr Wrote: have you even poked Ada with a stick?
nah man she died in 1852
dtnt
Which would be the perfect opportunity since she can't defend herself anymore.




Members  |  Stats  |  Night Mode  |  Help