@wrv Based. I'm once again vindicated for deriding the writing of complex codecs in unsafe #C instead of something sane like #Ada or #CommonLisp

#Security #LanguageBasedSecurity

@GossiTheDog @fellows lol, yet another #RCE that'd have been prevented by the most basic of #LanguageBasedSecurity.

Microsoft knows this too (https://en.wikipedia.org/wiki/Singularity_(operating_system)), why do they keep ignoring their own knowledge?

#Security

@rysiek Ah so it is. https://github.com/XKCP/XKCP

Perhaps rewriting that in #Ada or #Rust might be advisable (or maybe #FStar)?

(Most probably Ada if it needs fancy time guarantees.)

#LanguageBasedSecurity #Security

@rysiek So... is this yet another case of #C implementations leading to consequences that'd be easily prevented by use of #LanguageBasedSecurity?

From the sound of it, it's a vulnerable library being integrated.

Nothing implemented in pure Python or PHP should even be able to segfault.

@nixfreak @theruran I miss the aborted future where #LispMachines & #Smalltalk systems are the norm.

It's a much nicer timeline.

Still, maybe this will finally reverse steam on the proliferation of unsafe languages? The disastrous disregard for #LanguageBasedSecurity and the inevitable #security consequences finally having reached the point where they cannot be ignored.

#Lisp

@briankrebs And yet again I'm vindicated in thinking that implementing #media codecs in #unsafe languages is absolutely idiotic and insecure.

#Decoder #Codec #MediaCodec #LanguageBasedSecurity #Security