nixCraft 🐧

Every time someone claims they've written a "bulletproof" app, I roll my eyes so hard I can practically see my brain. History's not on their side, and in this endless cat-and-mouse game between developers and hackers, it never will be. 😜

This is for you, my friend. I know you follow me here, so consider this a friendly reminder from, well, nobody. πŸ˜‰

Nov 8, 2024 at 1:40pmWeb
Show threadnixCraft 🐧Nov 8, 2024
You know, they say the only way to write a truly secure app is to create an empty file or repo. But even then, some JabaScript-powered IDE will probably crash trying to open it, and boom! You've got a security vulnerability. πŸ˜‚
Show threadAndrey {.ru account};Nov 8, 2024

@nixCraft

It's literally nocode!

GitHub - kelseyhightower/nocode: The best way to write secure and reliable applications. Write nothing; deploy nowhere.

The best way to write secure and reliable applications. Write nothing; deploy nowhere. - kelseyhightower/nocode

GitHub
Show threadSouthFreshNov 8, 2024
@nixCraft
Show threadGoatsLiveNov 8, 2024
@nixCraft It's easy, for a truly secure app, simply have no internet connection or external port connection to the machine! 😁
Show threadjackNov 8, 2024
@nixCraft you literally cannot destroy my app with bullets, unless you brought enough to shut down the whole of github
Show threadRadio AzureusNov 8, 2024

@nixCraft any program with more than four lines of code can be hacked

#InfoSec #programming #Linux #freeBSD #netBSD #openBSD #OpenSource #POSIX

Show threadLaux Myth (aka Martin)Nov 8, 2024
@RadioAzureus @nixCraft
But only some programs with 2 lines of code can be hacked.
Show threadSrobNov 8, 2024
@nixCraft I know an actually unhackable software, and it is open source : https://github.com/kelseyhightower/nocode
GitHub - kelseyhightower/nocode: The best way to write secure and reliable applications. Write nothing; deploy nowhere.

The best way to write secure and reliable applications. Write nothing; deploy nowhere. - kelseyhightower/nocode

GitHub
Show threadWayne WernerNov 8, 2024

@nixCraft here's the entire source code for my bulletproof app:

can't hack what isn't there! Checkmate!

Show threadLaux Myth (aka Martin)Nov 8, 2024
@nixCraft
β€œThis lock cannot be picked.” The hardware translation.
Show threadval = int(1)Nov 8, 2024
@nixCraft Sorry but you're wrong, as you can see here it's actually very easy to write a bulletproof app
Show threadZimmieNov 8, 2024

@nixCraft Not really. seL4 is an L4-based microkernel with mathematical proof it exactly meets its specification, with no missing behaviors and no undefined behaviors. For any reasonable definition of β€œbug”, this is proof the software is bug-free. The specification can still have issues, but those aren’t bugs in the software.

It takes a *lot* of discipline to write code to this level of assurance, but it *is* possible.

Show threadSean Eric FaganNov 9, 2024

@nixCraft Oh yeah?

int
main(int ac, char **av) {
return 0;
}

Show threadChris BohnNov 9, 2024
@kithrup @nixCraft Whoah! You're just one line away from a major security vulnerability! If you were to accidentally type
`gets(av[0]);` then who knows what chaos would ensue?
Show threadSean Eric FaganNov 9, 2024
@DocBohn @nixCraft Yes, I carefully whittled away everything that was insecure.