|
If you're looking at technical issues leading to security issues, then null-terminated buffers are the number one problem, followed by use after free and then reading uninitialized buffers.
If you're looking at all sources of security issues, people are by far the number one cause of security incidents.
|
|
|
|
|
Here is a different view:
Ever since programming began, defeating compiler-enforced typed safety became an obsession of many programmers. And IMO pointers were their main tool as it gave the programming arena a natural layer-of-indirection. Be that as it may, thankfully, there is a great movement in C++ from programming with pointers, pointer semantics, to value semantics. With that, C++ "is like a different language" paraphrasing Bjarne. Value semantic programming gets really difficult, but that laudable goal is the re-assertion of compiler-enforced type safety without man-in-the-middle pointers. And compiler-enforced type safety was the original goal of C++ which Bjarne has single-handedly urged the C++ maintainers to adhere to over the years. IMO this will separate the programming sheep (get it done fast) from the goats in the future.
Just saying.
|
|
|
|
|
Sticking to software development, pointers are obviously not a problem, bad programmers are a problem (cretins disguised as geniuses often are a very big problem). Bad management (forcing people to cut corners) is also to blame. And sometimes there are royal mess-ups in initial design.
Of course the golden rule of any organization is to blame anyone and anything for your mess, but not admit your own fault, and pointers are a bit like quantum superposition, everyone heard of it, few understand it, so it is a perfect scapegoat.
|
|
|
|
|
It depends on what they are pointing to …(?)
I had just switched companies. I was about a year and a half out of school with pretty solid C skills. A senior programmer at the new company who was new to C asked me to review a C module he was implementing.
All of the code looked pretty solid. The module used a fairly large struct for tracking its data. Every method in the module accepted a pointer to the struct type or else used a global pointer (too long ago).
After reviewing the code, I asked him “Where is the memory allocated to actually hold the struct data?”. Huh?
We added a global variable declaration of his struct type and initialized the global pointer with its address and everything worked fine.
My tenets when dealing with pointers:
1. When declaring the pointer, the * is part of the type.
int* justAPlainOldVariableOfTypeIntPointer;
int** justAPlainOldVariableOfTypeIntPointerPointer;
- A pointer is a leash
- A pointer is NOT the dog!(or cat but who leashes their cat, it is undignified)
- When writing or reading code with the dereference operator *, say “dereference “ out loud.
4a. Understand the difference between * as declaration, * as dereference unary operator and * as multiple binary operator or do not try to use them! - Same for addressOf & operator. (as well as assignment operator, comparison operator, etc)
- The compiler enforces type safety. Let it do its job! Unless you are dealing directly with hardware or doing low level memory tricks, you should not need to recast something.
|
|
|
|
|
I was writing a lounge entry and the front door got slammed on me.
I tried getting to CP from two different networks so I'm pretty sure it weren't just me.
Ya'all saw that too, right?
I took a snapshot of it.
Here's what I saw[^] and it was instant.
I guess them hamsters is angry.
|
|
|
|
|
Wow, not even the stylized 404 error page. Something really choked. I didn't see anything, FWIW
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
When did you see that ?
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
I believe it was around 5:45pm Eastern Standard Time on thursday, June 13.
I tried to ping the site to and couldn't get anything -- and it was such a huge disconnect that I thought it looked like a DNS issue.
I remoted to my work computer -- in a geographically different location (another city from me) and on an entirely different ISP and I got the same error from browser : 404.
|
|
|
|
|
I saw that. I guess a 404 is just enough to tell Down Detector and other such sites that "something" is coming back, so they all claimed it was up...
|
|
|
|
|
That's interesting, because for me it was instaneous and quite harsh: I mean I couldn't even ping codeproject.com at that time. It was literally like someone slammed the door on me.
I tried from an entirely different network and got the same thing.
Glad someone else confirmed seeing it to.
|
|
|
|
|
Oh it was instantaneous, nothing spent any time trying to resolve anything and then timing out. The 404 response was pretty much immediate.
I'd be curious to read any post-portem Chris would be willing to share.
|
|
|
|
|
Here's an additionally interesting thing: Today my work's ISP is having major issues.
Can't even ping our web site at this time.
Here at home and other coworkers spread through-out cities are working fine but none of us can get to our work machines via RDP and our company is virtually cut off from Internet.
I pinged our web site and got: Temporary failure in name resolution.
Oh, and we can't get to our company outlook, but we can all still chat via MS Teams.
|
|
|
|
|
Woke at 04:00, shower, coffee, toast, emails.
Then the ironing to get out of the way before dropping the car off for a service and have new brake disks fitted all round - I've got 20 mins before Timbo is due to pick me up, so I'll do a quick supermarket run to get mouthwash (since I opened the last new bottle just before bed last night) and a few odds and ends.
Walk out of the supermarket and the phone goes - Rich needs a favour. Sure, what do you need? "Can you drive me to A&E, I think I've broken my foot." Ah. No car - have you still got Gills car key (his wife went on holiday in sunny climes yesterday)? Yes. OK, I'll be home ASAP and get you off down there. Ring Timbo to see if I can hurry him up, and the first thing he says is "Can you do me a favour?"
His neighbour (a drug addict) has had a stroke, so his (psycho) wife is down at the local A&E with him, and he's babysitting the two girls* but Timbo's wife is due at physiotherapy at 11, could I take her? Explain the car problem, the Rich problem but say I'll do what I can. Finally he turns up and I get home, grab Rich, he grabs his fishing gear so he can tie some flies while he's waiting to be seen because he's going on a three day fishing trip tomorrow, I suggest his phone and charger and off we go - to a further away hospital than the addict because his wife's daughter is a doctor and they have a shorter waiting list.
Surprisingly quickly "how to drive a manual" comes back to me - it's been nearly two years since I switched to auto - and I drop him off, get back home to look after their dogs just in time to swap to Timbo's car and load up Eryl for her physio and off we go. I wait outside, listening to an audiobook and then take her home. As I'm reversing into their drive (which is a complicated job in an unfamiliar car) the phone rings - it's Rich who has been processed, could I collect him? Swap back to Gill's Fiat (a willing little hybrid, but the second slowest car I've ever driven and with the build quality you expect from Italian cars) and drive back to the hospital to collect Rich who has indeed broken his foot and has a large boot on which means he can't go fishing tomorrow. He's not a happy bunny.
Finally get home and the cat is furious because it's been eight hours since he ate his breakfast and I should know better than that ...
And one of my jobs today was to set up a new set of cat food for him as he's a picky little toad and I have to feed him different meat / manufacturer for each meal or he goes off them and will never eat them again. So I've got to do that before I can feed him which isn't his idea at all.
Busy day. And it's not over yet.
* And Timbo's as good with kids as Josef Fritzl but that's their problem**
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Quote: Rich, he grabs his fishing gear so he can tie some flies while he's waiting to be seen because he's going on a three day fishing trip tomorrow I like this guy!
Quote: has indeed broken his foot and has a large boot on which means he can't go fishing tomorrow. He's not a happy bunny. Bummer.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
I'm worn out from just reading about your movements of the day.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
Wow, that is a busy day. You've done more in less than a day than I've accomplished all week. I've been diligently working to refine my talents in the art of procrastination lately. The more I practice, the better I get.
There's no procrastination technique that is too petty for me to engage in. There's a moth that's been flying around my living room for several days now. I sprayed it with bug spray several times, and it just keeps flying around. Sometimes I sit and watch it flutter about the room. I have my television on and it's streaming CBS News. I'm not watching it because I'm more interested in watching the moth.
Anyway, don't overdo it. Be sure to take time out for yourself, too.
|
|
|
|
|
OriginalGriff wrote: Woke at 04:00
Well there's your problem right there!
But OTOH, I suspect if you got up later, you'd just get less time to get the same amount done...
But seriously, as I was reading through, I thought I was gonna need a diagram.
|
|
|
|
|
A conspicuous number of events, for a such a small country
"In testa che avete, Signor di Ceprano?"
-- Rigoletto
|
|
|
|
|
|
Greetings Kind Regards I've been watching "Sneaky Pete" of late. Sounds like one of the episodes.
|
|
|
|
|
<fx:four yorkshiremen="">
You were lucky, lad ...
|
|
|
|
|
I changed ISPs back in January, and it just so happens I started running into problems, roughly at the same time, with the Debian VM I had running Pi-Hole. Eventually I just shut it down, and I hadn't tried to recreate it until recently.
I quickly realized that nothing was going through Pi-Hole anymore (reinstalled from scratch, including the OS). Total Queries and Queries Blocked figures remained at 0. As I used to, I provided Pi-Hole's (static) IP as my primary DNS on a few systems (also all using static IPs), followed by my DC's IP, and finally my router's (192.168.1.1) - in that order.
Unlike the router I was previously using, my (new) ISP's router does NOT present any option to specify any DNS server. I've gone through every page, including settings hiding under Advanced buttons. Nothing about DNS.
I know very little about DNS, but searching through articles discussing problems with Pi-Hole, I did find something that also adds domain controllers to the mix.
I do have a domain controller, which is set up with its own DNS service. I launched its DNS Manager, selected my domain, selected Forwarders, right-click, Properties, then added Pi-Hole's static IP as the first entry (the only other one being my router, which - after this change - is now the second in the list).
Bingo - suddenly the Request and Blocked figures immediately shot up, and pages that used to be riddled with ads now show blank spaces where ads used to be. Bonus, since all my systems already have my DC's IP for their primary DNS, I don't have to add Pi-Hole's IP anywhere (but as a forwarder on the DC itself, which is a one-time operation).
But a question remains. If I had a system that had its preferred DNS set up as this (in this order):
a) Pi-Hole
b) The DC
c) The router
...why would the queries not go to Pi-Hole first and foremost? Now my configuration is:
a) The DC (with Pi-Hole's IP under Forwarders)
b) The router
...and it all works.
Why?
Either way, I hope this helps someone.
|
|
|
|
|
In most cases, if you use the cable provider's router, you can't change the DNS settings. You MUST run your cable modem in bridge mode (if your provider will allow that), or even better (and more secure), you have to get a more decent router AND a cable modem that is just a modem. One of the reasons you don't want to use your ISP's equipment is because they can also bypass your admin password and perform unwanted updates that could further restrict your access to certain settings in the router.
This is what I had to do, because I am on Comcast and their modem/router was the same way. I have two Raspberry Pi's running Pi-Hole and serving as primary and secondary DNS servers and I couldn't use them because of the ISP's router. If you're interested, I can provide manufacturer/model names of the modem/router I use when I get home from work today.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
My switchover was rather nightmarish, it was supposed to be quite literally replace the previous ISP's modem with the new router, plug my router into theirs, and call it a day.
But due to complications I won't get into, I had to simplify, simplify, and then simplify again to get things working, to the extent that I just removed my own router from the equation. The intent has always been to reintroduce my router, place theirs in bridge mode, and slowly re-add my own customizations one at a time (Pi-Hole being one of them--which I've now managed to do without reintroducing my router first).
But since the ISP switch, I've always been left with this nasty, dirty feeling, knowing my ISP probably has more control over my setup than I'd like.
I will get back to it, but I'll wait until I'm on vacation to do so - working from home, I can't risk going without internet for any sort of prolonged duration. Originally, I had started my migration on a Friday evening, and by late Sunday afternoon, I just ripped out my old router and reluctantly let "theirs" take over. To make a long story short, I was trying to replace too many moving parts all at once.
And FWIW, it's a 5G router - specifically, Nokia's "FastMile 5G Gateway 3.2". The web admin UI is a lot nicer than most ISP's own routers, but exactly as you said, if you can't change something as basic as a DNS, it needs to be turned into a dumb connection device and hand over the real work to something else * I * can control.
The one thing I miss the most is the page from my older router showing, in real-time, the WAN bandwidth usage. I have an old ancient Android tablet I repurposed just to show that page 24/7. If something unexpectedly started chewing bandwidth, I knew immediately. These days I'm left guessing.
|
|
|
|
|
What I did was to setup yet another RPi in front of ISP router as my own router and of course the other as DNS/PiHole.
So basically I had my other local network that was having my RPi as a gateway to "ISP local network" that had gateway to the internet.
It is complicated setup so only if someone really really wants to shield yourself from ISP and has enough time to set it up, for me it was easy because I am quite into networking, but I can imagine for someone not so much into it, can take quite some time.
|
|
|
|
|