[yesthatjallen]

In 2019, Microsoft security engineers reported that around 70% of security vulnerabilities were caused by memory safety issues. Google reported the same figure in 2020, this time for bugs found in the Chromium browser.

The same Chromium browser Google has been forcing on us.

[Tell It Right]

Biden wasted all those coal miners’ time when he told them to “learn to code” without first telling them which languages to code in.

[aynrandfreak]

Use C and C++

Got it!

[plain talk]

OK ... but can they have Joe Biden hold a press conference with Q&A and explain all this?

[chajin]

America, America,
God shed His grace on thee,
And crown thy good with brotherhood
From C to ++C.

[njslim]

I Know FORTRAN ,,,,!!

[pierrem15]

LOL As if any of the corrupt morons in the “Biden” junta know anything about software.

[fretzer]

>In 2019, Microsoft security engineers reported that around 70% of security vulnerabilities were caused by memory safety issues.

Sh!tty programmers, poor coding standards. Code bloat. Poor specifications. Improper memory management. Lack of proper testing. etc, etc, etc.

[voicereason]

If Pascal is making a comeback, I’m interested.

[Army Air Corps]

Ping.

[ProtectOurFreedom]

Why am I not surprised that Biden is telling developers how to avoid memory leaks? After all, he’s an authority on that.

[CodeToad]

Government involved with commerce is always a stupid thing.

[ganeemead]

Java is an interpreted language. That has its own set of problems, including performance.

[Augie]

The same Chromium browser Google has been forcing on us.

The Microsoft Edge browser is Chromium with a different wrapper. If you don't want a Chromium browser use something else. There are plenty to choose from.

[Fresh Wind]

How much were they paid to do this?

[fuzzylogic]

For the most critical systems, being safety critical embedded systems that require certification, they’re ALL based on C/C++ - you can’t use Java.

What does the WH recommend?

[gitmo]

I guess it’s back to assembler code.

[ConservativeMind]

I like C. It gets the job done.

[StormEye]

"However, C and C++ both allow arbitrary pointer
arithmetic with direct memory addresses and no bounds
checking."

Anyone who has learned to properly code in C and C++
knows to check for array bounds, dangling pointers and
to use garbage cleanup routines when writing procedures that
allocate memory.

[BereanBrain]

Let me translate this, since I have been programming since 1978.

When you see a painting that is a work of art, and one that looks like a child’s doodle, they have one thing in common - the paintbrush. Don’t blame the paintbrush.

[Myrddin]

I was about the 10th user world wide of a tool called Purify in 1991. It instruments and detects memory issues including write beyond the end of an array, using uninitialized data (reads), freeing a pointer to memory that has already been freed. My co-workers were dumping core almost daily in their X Windows C code. Applying Purify stomped those bugs out fast. Later, I used similar products from other vendors for Windows platforms. Same good results. For the typical Linux user, the "valgrind" tool does a very good job of dynamic memory defect detection. I use the open source "cppcheck" for initial static analysis and write code with SonarLint extensions for Visual Studio Code. It is hard to beat C/C++ for performance. A little care and you can have the performance without the bugs.

I have had some interest in "rust", "D" and clojure as "safe" languages. The problem is that none of the customer code is written in those languages. The real world stuff is C, C++, Java, FORTRAN and Ada. The Ada stuff comes from an attempt by DoD to push for Ada development. The FORTRAN stuff remains due to stable implementations of compute intensive algorithms that just "work" and can leverage a vectorized processor like a Cray.