Posts by fg_swe

You

...are way too reasonable. Next thing you will require individually locked office doors in government agencies !

"Expensive"

The most expensive thing that can happen to a government agency is to lose sensitive data to a competing government.

For details, you can ask Karl Dönitz and Isoroku Yamamoto.

Windows must be banned from processing any secret government information, as they are at least 20 years behind the state of the art.

Really Hard ?

I am using Windows at work and Linux and Apple at home. If you are open-minded, it is not hard to switch away from Windows.

The fearmongering is MSFT S.O.P. to keep the sheeple inside of their semi-golden(below 0,01mm gold it is made out of steel) cage.

FALSE

So in your mind it is "marketing driven" to be careful about UI changes ? I guess you never heard of ergonomics.

Apple understands that computers must be secure and usable. Also, they understand people want nicely looking design. Not these ugly black Wintel contraptions.

Indeed

VBA is more than good enough to encrypt your files, alter your files or send them directly to the attacker.

Also, it can connect to any ODBC database and mess with your databases, too.

VBA security is more than 20 years behind the state of the art(sandboxing).

Linux Support

Let me repeat this: there are probably tens of thousands of highly experienced Linux software engineers in the U.S. alone. Some of them work for the big Linux companies such as Redhat, Oracle, HPE. Many more work for smaller consultancies and many are self-employed.

A lot of them have all the clearances the government needs. Many more are eligible. Your fear-spreading about this aspect is baseless.

The government are idiots when they give more than 30% of their business to a single supplier. Instead, they should have serious Apple, Google Chrome and Linux seat populations. The data center should be a healthy mix of LInux, BSDs, commercial Unix, Windows Server and mainframes.

I have seen the internals of Deutsche Börse, which can easily compete with most government agencies in terms of computing power. Their Linux based trading system works very nicely. So does Google Chrome, Google Search, Facebook and many other large scale cloud systems.

Sure

F.U.D.

Standard Dollarsoft tactic.

The truth is, Microsoft products should be banned from processing secret government information. As detailed, MSFT is 20 years behind the state of the art in information security.

Showing Your Hand

You are simply a paid MSFT propagandist. I can see that from all the talking points you bring up.

Let me shatter just one argument: IBM/Redhat surely has a sufficient number of employees with government/DOD clearance. The cleared ones can reach out to many top class kernel engineers inside Redhat to fix any issue.

POSIX

A "clean" posix-based program from the 90s will nicely compile and run on any Linux or BSD in 2024, too.

Valgrind runs in 2024 might expose serious memory errors in that program, though.

FALSE / Linux, Open Source Support Contractors

https://ubuntu.com/support

https://www.suse.com/solutions/business-critical-linux/

https://www.credativ.de/open-source-support-center/

https://www.postgresql.org/support/professional_support/europe/

There are plenty of commercial support companies around. Thousands of highly skilled Linux consultants in addition to that.

No, there is a different reason for the lack of love of open source software. It does not look as polished as Windows and Office. Looks are completely deceiving though, almost inversely proportional to actual security.

Like

"Make Calcutta great again" ?

Yay

"if only software engineers had magically-perfect abilities, they would not produce these CVE bugs"

and

"if reality does not fit my designs, even worse for reality" (Uljanov ?)

Generation ABC nonsense

You definitely read too many newspapers with their sociology babble of "generation Z", "generation Baby Boomer" etc.

Suckers are born every day and always have been. But then and now, at a constant rate, Musks and Gausses are born.

Just read the NYT as the Russians read PRAWDA and after some time you can find a little bit of genius in your own honest thoughts.

Been there, done that.

Well Defined Core File

If you think about it, the damage done by a nicely debuggable core file is much less than undetected memory cancer. Or Undetected Program Subversion By Cybernetic Attacker.

In some applications such as realtime control of cars, airplanes, rockets a software crash might be fatal. But even in those cases, a memory safe language will stop your system inside the V-Shaped development methodology. If you have sufficient test cases, that is. Plus you will use various static test techniques (e.g. PC Lint or SPARK Ada) to find as many bugs as possible early. In some cases, even more static checking is required.

The key point is that memory safety will find the bug when it occurs, instead of silenty soldiering on and then Failing Mysteriously three minutes later.

Nope

I did a randomized analysis of CVE bugs and I can confirm Google's and Microsoft's finding that approx. 70% of these bugs are related to a lack of C and C++ memory safety. You can easily do this yourself in three hours time.

Evolution ?

If each of these new languages contribute one novel safety, security or productivity feature, that's great.

Innovation comes first and foremost from independent thinkers and less so from the C++ (or other) standards committee.

For Various Definitions of "Good"

See http://sappeur.di-fg.de/WhyCandCppCannotBeMemorySafe.html

"Testing Code"

In any non-trivial system, there is No Such Thing As Exhaustive Testing.

An attacker will analyse your code and find an "evil test case" which you have not yet in your test battery. He will proceed to develop the programming error into an exploit. Memory safe, strongly typed languages neuter 70% of CVE bugs. Those who are related to undefined memory errors in C and C++ programs.

Re: Yep new languages are always hailed

There exist many industrial-strength, high quality Java based systems. Heavily used in finance, accounting, logistics, airlines and other commercial data processing.#

Also, lots of C and C++ developers use the Java-based Eclipse IDE. It's almost the standard in C++ development on Linux. Not perfect, but the others are worse.

False

Even the most experienced developers with the nicest requirements documents, the nicest design documents etc will produce implementation errors then and now. 70% of those errors can be caught by Memory Safe Languages. That means 70% of exploits do not work.

See http://sappeur.di-fg.de/Sappeur_Cyber_Security.pdf

No

All large scale C++ projects use bandaids such as valgrind, purify and pc lint.

Because memory bugs occur in the best families.

Re: Have to wonder....

In memory management you confuse Java and Rust.

Re: Where is team C++ ?

Mr Stroustrup already made some incorrect claims. Unfortunately he wants to portray C++ as both super high runtime-efficient and memory safe at the same time.

It is easy to demonstrate why this is almost impossible.

He would have a greater posture if he claimed just the first property.

Typically 1% or less of code in real world systems in unsafe or inline_cpp.

Much better than C or C++ with 100% memory unsafe, potential memory cancer, code.

See this web server as an example: gauss.di-fg.de. Very reliable in my experience.

Re: Quelle surprise!

Even those small in number C++ heroes have a bad day, one beer too much the day before, a dealine to meet or a dispute.

All of these things can easily lead to a bug.

Re: Lars Bergstrom, director of engineering at Google

You repeat the True, perfect Software Engineer myth.

Tons of CVEs in industry leading systems from Linux kernel to VxWorks prove you wrong.

AI Converter: Dont !

Cobol programs perform tax, banking, accounting and other critical stuff. Stuff that affects millions of people.

We do not want a 99,9%( due to AI phantasizing) correct version of these programs. Rather, we want a 100% correct translation using proven, robust compiler technology. The translated programs will look quite cobolish, but all new code can be rust-style, go-style, sappeur-style etc.

Strong Typing

Strong typing will aid the software engineer to weed out lots of bugs at compile time.

Even multithreaded race conditions can be avoided by a proper type system plus automatic locking.

See http://sappeur.di-fg.de

Good Developer / True Scotsman

Even highly experienced, intelligent and cunning software engineers will have bugs in their code then and now. Valgrind and checkers such as PC Lint are demonstrating this. So do plenty of CVE exploits in Linux, Windows, Apache or VxWorks.

Memory Safety is an additional layer of safety and security. Just like ABS brakes help even the most experienced drivers.

Composite Words

Composite words are much more efficient than using a latin or greek one.

Also, they can be very precise.

KinderGarten

SchubKarre

MähDrescher (CutThresher)

FlugZeug (FlyThing)

FahrZeug (DriveThing)

AusPuff (where the Puff comes out of the car)

Of course the technique can be abused and perverted. The goal should be three or two words concatenated.

SpreizSpektrumFunkGerät is already questionable.