The US government's view on memory safe code is not the whole story

There’s a lot of noise about how “Joe Biden’s government wants you to move away from using C++”. This is as a result of the US government releasing a report, Back to the building blocks: A path toward secure and measurable software which suggests: Uncle Sam says "no!" “Memory safety vulnerabilities are a class of vulnerability affecting how memory can be accessed, written, allocated, or deallocated in unintended ways. Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.

MiniDumpWriteDump now mostly useless for in process use

I’ve been using the MiniDumpWriteDump() API from DbgHelp.dll for 20 years or so. It has proven to be a useful diagnostic tool, and I use it in all manner of places, including many where others may simply use an assert(). It’s a heavy-weight debugging tool, but it has proved useful over the years; rather than just throwing an exception because things that shouldn’t happen have happened, I often also generate a dump file so that I can get far more data than you could ever log or report in another way.

Old and cranky me from 20 years ago

Back in 2004 I wrote this, I wonder why I used to make some people unhappy… I’m starting to believe that, at 37, I must now be old and cranky because to be quite honest with you; if you’re not writing code in such a way that you define concepts and abstractions in such a way that the actual main line business logic code that you write is clear and easy to understand then you’re just not doing it right.

Adventures with \Device\Afd - a simple server

The only difference between a client and a server is the way in which the connection is established. For a client, you create a socket and call “connect” on it. For a server, we have a socket that is “listening” for connections “accepts” new incoming connections and returns a socket that is then indistinguishable from a client connection. In the past, I’ve created bad abstractions at this point. A socket connection and a listening socket are both represented by the operating system API as the same type, and the only differences are the calls that you make on the type.

Adventures with \Device\Afd - a simple client

Now that I have a reasonably easy to use event-driven socket class I can start to use it. The first thing to build is a simple client. This will connect to a server and expect that server to echo anything that is sent to it. The client will send data and read it back and compare it with what it sent. A simple, single-threaded, client Last time, I put together a tcp_socket object that made it easier to work with the \Device\Afd interface that I’ve been playing with.

Adventures with \Device\Afd - test driven design

I’ve been investigating the ‘sparsely documented’ \Device\Afd interface that lies below the Winsock2 layer. Today I use a test-driven method for building some code to make using this API a little easier. Using the API In my previous posts on the \Device\Afd interface I focused on exploring and understanding the API itself. Since it’s ‘sparsely documented’ I used unit tests to explore and record my findings. This has left me with some code that is easy to come back to and pick up, which is lucky since it’s been quite a while since I last had some time to tinker with it.

Merging L'Hexapod's content...

Back in 2009 I started playing around with embedded assembly language on simple hardware with the intention of building a robot spider. This was hosted on a separate website, L’Hexapod.com It was a lot of fun but once my children came along the project took up too much time for me to focus on it. Back in 2010 I thought that the birth of my first son, Scott, would be just a small blip in my journey into robotics but, looking back, it seems to have been the end of that chapter.

JetByte News: 2024

2023 was a good year. We finished off a project for our Industrial Control Client and everyone seems happy, which is always nice. Our work with the secretive Online Gaming Company is taking up most of our time as we continue to enhance the cloud gaming server that we wrote for them. They continue to go from strength to strength, which is good. We have been rolling out a series of changes into their live environment and increasing test coverage and our ability to test and debug using light-weight journals of communication sessions.

JetByte News: Long distance debugging

We’ve now reached the end of the recent embedded development project for our Industrial Control Client. The final phase was made more complicated by the difficulty in debugging the changes. The embedded hardware had no screen, and the network debug facility that it supported was unreliable; it sometimes just lost messages. So the first step was to work around this issue with some debug messages in-line with the normal TCP/IP data channel from the hardware.