digitalmars.D - Chrome: 70% of all security related bugs are memory issues
- aberba (2/2) May 23 2020 Yeah,
- welkam (2/4) May 23 2020 Thats the reason why mozila invented Rust programming language.
- Walter Bright (2/8) May 24 2020 Which is why D has invented @live functions.
- Adam D. Ruppe (4/6) May 23 2020 Garbage collection and array bounds checks fixes the majority of
- aberba (4/10) May 24 2020 D is currently, as I understand it, merging the good parts of
- H. S. Teoh (9/15) May 24 2020 Notable from the article is that both Microsoft and Google are seriously
- dangbinghoo (4/20) May 24 2020 no, C,C++ will exist if general D can not be used for MCU, rust
- Paulo Pinto (5/21) May 24 2020 It will still take ages, Google and Microsoft are also
- H. S. Teoh (13/27) May 25 2020 [...]
- Paulo Pinto (13/41) May 25 2020 Sure, for example Rust had four sessions at Build 2020, and has
- Walter Bright (2/9) May 24 2020 It doesn't fix use-after-free. Enter @live functions.
- Adam D. Ruppe (6/9) May 24 2020 With garbage collection, references have infinite lifetime, so
Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
May 23 2020
On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Thats the reason why mozila invented Rust programming language.
May 23 2020
On 5/23/2020 10:41 AM, welkam wrote:On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Which is why D has invented live functions.Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-m mory-safety-issues/Thats the reason why mozila invented Rust programming language.
May 24 2020
On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 23 2020
On Saturday, 23 May 2020 at 18:33:31 UTC, Adam D. Ruppe wrote:On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:D is currently, as I understand it, merging the good parts of rust with everything great about D. Makes it compelling...as long these goodies become well know.Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 24 2020
On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via Digitalmars-d wrote:On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... T -- No! I'm not in denial!Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 24 2020
On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via Digitalmars-d wrote:no, C,C++ will exist if general D can not be used for MCU, rust is trying to do these things, but it seems even rust is too heavy(both the syntax and footprint).On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... TYeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 24 2020
On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via Digitalmars-d wrote:It will still take ages, Google and Microsoft are also heavyweights on ISO C++, and collaborating on C++ lifetime analysis and C++ Core Guidelines. Hence Project Verona and Checked C from Microsoft as well.On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... TYeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 24 2020
On Mon, May 25, 2020 at 05:48:59AM +0000, Paulo Pinto via Digitalmars-d wrote:On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:[...][...]On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/[...]Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history...It will still take ages, Google and Microsoft are also heavyweights on ISO C++, and collaborating on C++ lifetime analysis and C++ Core Guidelines. Hence Project Verona and Checked C from Microsoft as well.Well OK, maybe 20-30 years is a bit optimistic. But I think this is the start of a general trend to gradually move away from C/C++ towards safer and less painful languages to work with. The other big user of C++ I know of is the game industry, and AFAICT the sentiment there is also that C++ is merely a necessary evil, but they'd jump ship in a heartbeat if a viable competitor comes along. T -- The diminished 7th chord is the most flexible and fear-instilling chord. Use it often, use it unsparingly, to subdue your listeners into submission!
May 25 2020
On Monday, 25 May 2020 at 17:38:13 UTC, H. S. Teoh wrote:On Mon, May 25, 2020 at 05:48:59AM +0000, Paulo Pinto via Digitalmars-d wrote:Sure, for example Rust had four sessions at Build 2020, and has now official support for WinUI/UWP going forward with Project Reunion (reunification of Wi32/UWP worlds). Midori learning and collaboration with Unity, CryEngine and Godot. D got have had this spot, but somehow the opportunity it had was lost. In any case, we are now finally at the beginning of the mentality shift that these kind of unsafe programming doesn't scale, which is why I think it will still take more than our lifetimes. Hopefully others will carry on pushing for safer systems.On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:[...][...]On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/[...]Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history...It will still take ages, Google and Microsoft are also heavyweights on ISO C++, and collaborating on C++ lifetime analysis and C++ Core Guidelines. Hence Project Verona and Checked C from Microsoft as well.Well OK, maybe 20-30 years is a bit optimistic. But I think this is the start of a general trend to gradually move away from C/C++ towards safer and less painful languages to work with. The other big user of C++ I know of is the game industry, and AFAICT the sentiment there is also that C++ is merely a necessary evil, but they'd jump ship in a heartbeat if a viable competitor comes along. T
May 25 2020
On 5/23/2020 11:33 AM, Adam D. Ruppe wrote:On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:It doesn't fix use-after-free. Enter live functions.Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-m mory-safety-issues/Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 24 2020
On Monday, 25 May 2020 at 01:35:07 UTC, Walter Bright wrote:On 5/23/2020 11:33 AM, Adam D. Ruppe wrote:With garbage collection, references have infinite lifetime, so use after free is impossible. D doesn't GC everything though, since it has pointers to stack objects and C things, but when you DO use the GC, use-after-free is not a worry.Garbage collectionIt doesn't fix use-after-free. Enter live functions.
May 24 2020