Stefan Tilkov · Apr 9, 2014 · 4:10 PM UTC

Stefan Tilkov @stilkov

9 Apr 2014

Very good “Diagnosis of the OpenSSL Heartbleed Bug” by @ex509: blog.existentialize.com/diag… BTW: “Start writing alternatives in safer languages”

threads.net/@is_assaf · Apr 9, 2014 · 9:09 PM UTC

threads.net/@is_assaf @assaf

9 Apr 2014

@stilkov actual lesson is don’t do your own memory management; this failure transcends language

Stefan Tilkov · Apr 9, 2014 · 9:16 PM UTC

Stefan Tilkov @stilkov

9 Apr 2014

@assaf If your language doesn’t allow you to do memory management, that seems like a plus

threads.net/@is_assaf · Apr 9, 2014 · 9:18 PM UTC

threads.net/@is_assaf @assaf

9 Apr 2014

@stilkov except they all do. it's called array. reuse an array, copy data in/out, eventually data leaks out.

Stefan Tilkov · Apr 9, 2014 · 9:30 PM UTC

Stefan Tilkov @stilkov

9 Apr 2014

@assaf Of course you can do anything in any language. Doesn’t mean you actually would.

threads.net/@is_assaf · Apr 9, 2014 · 9:34 PM UTC

threads.net/@is_assaf @assaf

9 Apr 2014

@stilkov reusing objects and buffers? We used to do that all the time in Java. J2EE designed APIs around that.

Stefan Tilkov · Apr 9, 2014 · 9:38 PM UTC

Stefan Tilkov · Apr 9, 2014 · 9:38 PM UTC

Stefan Tilkov @stilkov

9 Apr 2014

Replying to @assaf

@assaf Still an exception rather than the rule.

Apr 9, 2014 · 9:38 PM UTC

threads.net/@is_assaf · Apr 9, 2014 · 10:22 PM UTC

threads.net/@is_assaf @assaf

9 Apr 2014

Replying to @stilkov

@stilkov when j2ee rolled out, every spec got some way to recycle memory because of GC. Immutable String became StringBuffer. Figuratively