cmeerw

joined 2 years ago
sorted by: new top controversial old
5
Dipping my toes in OpenBSD, in Amsterdam - ewintr.nl (ewintr.nl)
11
How to Secure Existing C and C++ Software without Memory Safety (arxiv.org)
 

The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for most bugs in memory-safe software—just a few

9
Crate-training Tiamat, un-calling Cthulhu:Taming the UB monsters in C++ (herbsutter.com)
 

This is a status update on improvements currently in progress for hardening and securing our C++ software.

5
OSDay 2025 - Why Choose to Use the BSDs in 2025 (it-notes.dragas.net)
8
The Defer Technical Specification: It Is Time (thephd.dev)
 

For the big brain 10,000 meter view, defer ⸺ and the forthcoming TS 25755 ⸺ is a general-purpose block/scope-based “undo” mechanism that allows you to ensure that no matter what happens a set of behavior (statements) are run.

37
C++ creator calls for action to address 'serious attacks' (www.theregister.com)
 

Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.

9
Emacs 30.1 released (lists.gnu.org)
 

Emacs 30.1 includes security fixes for a shell injection vulnerability in man.el (CVE-2025-1244), and for arbitrary code execution with flymake (CVE-2024-53920). We recommend upgrading immediately.

4
Time to make C the COBOL of this century (The Register - Opinion) (www.theregister.com)
 

There's no perhaps about the FBI and CISA getting snippy at buffer overflows. These people worry about exploits that threaten car-crash incidents in enterprise IT, and they've seen enough to get angry. It's not that making mistakes is a crime when writing code. No human endeavor worth doing is without error. It's more that this class of bug is avoidable, and has been for decades, yet it pours out of big tech like woodworm from a church pew. Enough already, they say. They are right.

Trip report: February 2025 ISO C++ standards meeting (Hagenberg, Austria) in c/[email protected]
[–] [email protected] 2 points 1 month ago (1 children)

see https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2024/p3471r2.html#enabling-hardening

Much like a freestanding implementation, the way to request a hardened implementation is left for the implementation to define. For example, similarly to -ffreestanding, we expect that most toolchains would provide a compiler flag like -fhardened, but other alternatives like a -D_LIBCPP_HARDENING_MODE= macro would also be conforming.

8
Trip report: February 2025 ISO C++ standards meeting (Hagenberg, Austria) (herbsutter.com)
 

On Saturday, the ISO C++ committee completed the second-last design meeting of C++26, held in Hagenberg, Austria. There is just one meeting left before the C++26 feature set is finalized in June 2025 and draft C++26 is sent out for its international comment ballot (aka “Committee Draft” or “CD”), and C++26 is on track to be technically finalized two more meetings after that in early 2026.

7
21st Century C++ – Communications of the ACM (cacm.acm.org)
 

It is now 45+ years since C++ was first conceived. As planned, it evolved to meet challenges, but many developers use C++ as if it was still the previous millennium. This is suboptimal from the perspective of ease of expressing ideas, performance, reliability, and maintainability. Here, I present the key concepts on which performant, type safe, and flexible C++ software can be built: resource management, life-time management, error-handling, modularity, and generic programming. At the end, I present ways to ensure that code is contemporary, rather than relying on outdated, unsafe, and hard-to-maintain techniques: guidelines and profiles.

Are there any tools counting lines of code AND what those lines are doing? in c/[email protected]
[–] [email protected] 3 points 2 months ago

I wonder if it would be possible to build such a tool on top of tree-sitter (although not sure tree-sitter's C++ grammar can handle modules yet)

9
Contracts for C++ explained in 5 minutes (timur.audio)
 

With P2900, we propose to add contract assertions to the C++ language. This proposal is in the final stages of wording review before being included in the draft Standard for C++26.

Can someone explain to me the advantages of using a VPN? in c/[email protected]
[–] [email protected] 9 points 3 months ago (1 children)

Isn't that mainly just torrent trackers that publish your IP address and then the ISP gets a request for who was using that particular IP address. I don't think an ISP would itself be interested in detecting whether their customers download illegal content - there is no business case for them to do that.

4
C++ Working Draft Search (wg21.cmeerw.net)
 

Full-text search engine for the C++ Working Draft (and older versions from Tim Song's repository)

Linux Mint 22 “Wilma” released! in c/[email protected]
[–] [email protected] 15 points 8 months ago

at least you could keep their reviews so users could at least know if the app can be trusted.

You mean, don't trust a flatpak uploaded by a random person, but if there are enough fake reviews, it can be trusted?

which linux distro do you NOT like, and why? in c/[email protected]
[–] [email protected] -1 points 2 years ago (1 children)

"they put ads in the terminal" isn't really accurate.

Their "ubuntu-advantage-tools" adds information to one of their other products to the output of apt. You can easily get rid of that by uninstalling/replacing "ubuntu-advantage-tools". It's definitely not like they are selling ad space in your terminal to third parties.

view more: next ›