Sweet, sweet schadenfreude

I don't think you ever programmed a lot. In the times of C programming with naked access to pointers, everybody who programmed lots of code introduced buffer overrun bugs every now and then. Unix had numerous amounts of them, and actually had a bad reputation as far as security was concerned ("finger" anyone?). One of the first internet worms was written for Unix, and exploited a buffer overrun. Somehow, Unix got a strong reputation afterwards, but I don't think that's really deserved.

Apple has had their share of buffer overrun bugs as well. Recently, there was a famous one in Quicktime. In fact, There are plenty of OSX bugs causing vulnerability that show up regularly (just recently: that really serious issue with root escalation through applescript)

Interestingly, Vista introduced a shield against buffer overruns (ASLR) before OSX

 

For several years, programming was my hobby and my main leisure time activity. I was never a professional, but I considered myself a reasonably competent amateur. Starting with CP/M and then moving on to DOS, I eventually quit programming when I got my first Windows machine, as programming for Windows was so tedious it was no longer fun. I wrote several articles which were commissioned by and published in the magazine/newsletter of the C User's Group. I was their unofficial but de facto "expert" on programming the black-and-white Hercules graphics card. They actually paid me for the articles they commissioned from me. So yes, I did program "a lot." And I learned pretty quickly to check buffers and arrays for over-runs.

I even had Microport Unix on the hard drive of my 80286 PC-AT, and for really stubborn pointer bugs I'd boot into Unix, port my program over, and de-bug it there. I loved Unix. Unlike Microsoft's crap DOS, Unix would not crash when a program had a bug. Unix would kill the program and write a core file, which its debugger could read. Or if a program went into a continuous loop, Unix (unlike crap DOS) would let me kill the program. I loved Unix and would have used it exclusively, except that I wanted to give my programs to friends, all of whom ran DOS, of course.

I didn't like vi at all, though, and the first program I wrote in Unix was my own full-screen text editor, which used Wordstar keyboard commands. From then on I used my editor program when I wrote programs in unix, and even ported it back to DOS for fun, though in DOS I used Wordstar.

When I first learned that OS X was actually Unix, I knew it was time to switch to Apple, and I've never regretted it. FREE AT LAST! FREE AT LAST! THANK GAWDALMITIE I'M FREE OF BILL AT LAST!!!

P.S. I'm off today for my summer hiking. I'll be reachable via PM, but probably will not be reading PriusChat for the next couple of months. Have a fun summer everybody.

 

Programming a lot for me means writing millions of lines of code. If you did that in C (or even a fraction of that), and you never introduced a buffer overrun bug, it simply means that you must have supernatural power that goes beyond human.
It also means you never ever used a lot of stdio functions (such as any variant of scanf), because they were intrinsically vulnerable.

That in fact tells a lot about where we come from: even standard C functions were not buffer overrun safe! But, of course, C was closely tied to Unix, and shared a lot of that typical sloppyness that was a sign of software design that time. Unix was also the OS that sent passwords as plain text over the network.

Enjoy your hiking!