SoylentNews is people
SoylentNews
https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.
[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
(Score: 3, Informative) by Subsentient on Tuesday April 10 2018, @01:15AM (2 children)
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by DannyB on Tuesday April 10 2018, @01:26PM
First, I think we live in different worlds. You are thinking close to the hardware. I'm thinking in terms of higher and higher level abstractions away from the hardware.
Your argument seems to be that Java is limited in capability. And that if people work hard enough they can learn to use C++ safely. That simply repeats the ancient Assembly language vs FORTRAN debates of decades ago, and we know how the high level language vs Assembly turned out in favor of high level languages despite their inefficiency.
My argument was that you should not be able to shoot yourself in the foot unless you go out of your way to do so. It should not be possible to accidentally shoot yourself in the foot.
As for limited in capability, I'll grant you that Java is definitely not a language for writing an OS, device drivers, and microcontroller code. I think I already made that abundantly clear. But for a language of "limited capability", it has libraries to do everything, and has been the #1 language on TIOBE and other language indexes for jobs for years and years now. Java is used in banks, even for high speed trading.
The fact that Java is so widely used must mean that it has something going for it. You might not recognize that that is, nor even like it. But it is very real. If there were one perfect programming language, everyone would be using it already.
I already mentioned that when arguing about runtime costs, you should be optimizing for dollars. For more memory and CPU, I get amazing runtime monitoring, dynamic class reloading, garbage collection, highly optimized compilation to native code -- for the SPECIFIC processor that we're running on at runtime, not just some generic ahead-of-time compilation to generic amd64 that will run on all processors. In short, for those machine costs you are so concerned with, I get huge business and productivity benefits. More memory and CPU is a cheap price to pay. You're thinking too low level -- for application code. But again, C / C++ are great for low level code. Just not for applications.
The lower I set my standards the more accomplishments I have.
(Score: 2) by DannyB on Friday April 13 2018, @04:45PM
I just want to point out:
https://www.technotification.com/2018/04/highly-demanded-programming-languages.html [technotification.com]
I see these from time to time. Just happened to stumble into one right now. As usual, Java is the number one language in demand.
I'm not saying anything bad or negative about other languages. My only point here is that if Java is in such demand, there must be some reason for that. Some perfectly valid dollars-and-sense reason.
As I said in my very first sentence earlier, all languages have a place. If there were a perfect language, we would ALL already be using it. Java has its warts like all others.
The lower I set my standards the more accomplishments I have.