Conversation

Notices

1. Embed this notice
   snacks (snacks@netzsphaere.xyz)'s status on Thursday, 28-Mar-2024 18:02:26 JST snacks
   Please don't write 10 line lambda expressions in c#, can't step through that shit
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 18:02:25 JST 翠星石

     in reply to
     @snacks *Please don't write C#
     Write GNU C instead of that proprietary language.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:07:28 JST 翠星石

     in reply to

     • Reid :ablobcatattention:
     @Reiddragon >pointer black magic doesn't count
     The ability to do pointer black magic instead of "noooooo, you can't do that" is what makes C great.
     
     As long as the black magic is performed correctly, the program or library turns out great and very performant.
   • Embed this notice
     Reid :ablobcatattention: (reiddragon@fedi.reimu.info)'s status on Thursday, 28-Mar-2024 20:07:29 JST Reid :ablobcatattention:

     in reply to

     • 翠星石
     @Suiseiseki @snacks even if it wasn't for Microsoft controlling C# and dotnet with an iron fist, it's still a garbage ecosystem to work with
     
     C has its issues but C devs tend to make far saner tools and APIs (pointer black magic doesn't count)
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:16:08 JST 翠星石

     in reply to

     • Reid :ablobcatattention:
     @Reiddragon I'm not a C arch-mage and I can read black magic C just fine, as C is a simple language after all.
   • Embed this notice
     Reid :ablobcatattention: (reiddragon@fedi.reimu.info)'s status on Thursday, 28-Mar-2024 20:16:09 JST Reid :ablobcatattention:

     in reply to

     • 翠星石
     @Suiseiseki that's not to say it's very readable for anyone but C arch-mages tho
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:19:21 JST 翠星石

     in reply to

     • 翠星石
     • Reid :ablobcatattention:
     @Reiddragon ytdl://youtube.com/watch?v=tas0O586t80
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:39:39 JST 翠星石

     in reply to

     • Iska
     @iska The current state of C# is proprietary.
     
     It's impossible to get a working C# compiler from source code (or get it working at all from the alleged source on GNU as I found out). Instead, you'll need mystery meat binaries from microsoft, which are clearly proprietary.
     
     Most binaries for C# software for GNU/Linux seem to be compiled with visual studio on windows, which can output GNU/Linux binaries and definitely doesn't add an extra something (malware) to the binaries.
     
     There was previously one free C# implementation - DotGNU, but that was incomplete at the time and isn't useful anymore.
     
     GNOME released this and made their own C#-like language - Vala.
   • Embed this notice
     Iska (iska@catposter.club)'s status on Thursday, 28-Mar-2024 20:39:42 JST Iska

     in reply to

     • 翠星石

     @Suiseiseki@freesoftwareextremist.com @snacks@netzsphaere.xyz C# isn't proprietary? :looks_inside:

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:41:06 JST 翠星石

     in reply to
     @snacks Would you please be so kind to link to which parts aren't under a free license, for further interjectory use?
     
     Also, btw, GNU/Jihad against "FOSS"!!!!
   • Embed this notice
     snacks (snacks@netzsphaere.xyz)'s status on Thursday, 28-Mar-2024 20:41:08 JST snacks

     in reply to

     • 翠星石
     • Iska
     @iska @Suiseiseki iirc parts aren't under a proper foss license
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 28-Mar-2024 20:42:46 JST 翠星石

     in reply to
     @snacks It really doesn't matter if you make a mistake, as when someone runs it the mistake, it gets reported and then fixed in the next update.
   • Embed this notice
     snacks (snacks@netzsphaere.xyz)'s status on Thursday, 28-Mar-2024 20:42:48 JST snacks

     in reply to

     • 翠星石
     • Reid :ablobcatattention:
     @Suiseiseki @Reiddragon classic cnile. Just never make a mistake, it's that easy!
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Saturday, 30-Mar-2024 12:10:44 JST 翠星石

     in reply to

     • LisPi
     @lispi314 >and the critical vulnerability it enabled only gets fixed decades later.
     Please describe examples of this?
     
     I haven't heard any cases of such happening.
     
     The most popular cited example of heartbleed wasn't that bad of an exploit (it was a information-leak vulnerability and any decently programmed software that handles sensitive encryption keys overwrites them in memory once done) and it was discovered and fixed in less than a decade.
     
     Most exploits only work in standard configurations as well - often you're safe in a non-standard configuration.
     
     Generally once glowies start to utilize exploits, it's only a matter of time before they're discovered and corrected.
   • Embed this notice
     LisPi (lispi314@udongein.xyz)'s status on Saturday, 30-Mar-2024 12:10:45 JST LisPi

     in reply to

     • 翠星石
     @Suiseiseki @snacks Or it is noticed at some unknown point by glowies, and the critical vulnerability it enabled only gets fixed decades later.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Saturday, 30-Mar-2024 13:03:23 JST 翠星石

     in reply to

     • LisPi
     @lispi314 >path-based execution vulnerability in Emacs for decades at some point, iirc
     Bad, but fixed now and generally I don't go browsing alleged source code from glowies without many people checking it before.
     
     >Lzo bug
     Bad, but fixed now and seems to be primarily a DoS attack that needs to be tailored to each of the many different configurations, with RCE only practical on certain configurations (with 64bit processors typically impractical), with specific tailoring required for each config.
     
     
     The rest seem to be typical bugs found in proprietary software and it's unclear if such software was written in C, or sepples, or something else.
   • Embed this notice
     LisPi (lispi314@udongein.xyz)'s status on Saturday, 30-Mar-2024 13:03:24 JST LisPi

     in reply to

     • 翠星石
     @Suiseiseki There was a path-based execution vulnerability in Emacs for decades at some point, iirc. https://nvd.nist.gov/vuln/detail/CVE-2022-45939
     
     https://www.technadu.com/dell-releases-fix-decades-old-vulnerability-affecting-100-million-pcs/272220/
     
     First result on a search.
     
     Neither of these compromised the functionality of the program noticeably to the users in the overwhelming majority of circumstances.
     
     https://windowsreport.com/outlooks-decades-old-vulnerability-allowed-for-catastrophic-attacks-without-any-user-interaction/
     
     And then there's this one. For what was once perceived as a flagship product (not some neglected thing everyone ignores).
     
     http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
     
     Versatile.
     
     So yeah, it is definitely a risk and the popularity of the project doesn't seem to prevent it from happening.