@nixCraft@mastodon.socialEvery time someone claims they've written a "bulletproof" app, I roll my eyes so hard I can practically see my brain. History's not on their side, and in this endless cat-and-mouse game between developers and hackers, it never will be. 
This is for you, my friend. I know you follow me here, so consider this a friendly reminder from, well, nobody. 
You know, they say the only way to write a truly secure app is to create an empty file or repo. But even then, some JabaScript-powered IDE will probably crash trying to open it, and boom! You've got a security vulnerability. 
@nixCraft you literally cannot destroy my app with bullets, unless you brought enough to shut down the whole of github
@nixCraft hackers? Beware of users. Regular, harmless, decent users, just a little creative, are enough of a threat for any app. 
@nixCraft any program with more than four lines of code can be hacked
@RadioAzureus @nixCraft
But only some programs with 2 lines of code can be hacked.
@nixCraft It's easy, for a truly secure app, simply have no internet connection or external port connection to the machine! 
@nixCraft I know an actually unhackable software, and it is open source : https://github.com/kelseyhightower/nocode
@nixCraft here's the entire source code for my bulletproof app:
can't hack what isn't there! Checkmate!
@nixCraft
“This lock cannot be picked.” The hardware translation.
@nixCraft Sorry but you're wrong, as you can see here it's actually very easy to write a bulletproof app
@nixCraft Not really. seL4 is an L4-based microkernel with mathematical proof it exactly meets its specification, with no missing behaviors and no undefined behaviors. For any reasonable definition of “bug”, this is proof the software is bug-free. The specification can still have issues, but those aren’t bugs in the software.
It takes a *lot* of discipline to write code to this level of assurance, but it *is* possible.
@nixCraft Oh yeah?
int
main(int ac, char **av) {
return 0;
}
