Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> You'll also find that the Win32 API has a lot of replacements for what's in the C standard library. If you really want to try and get the executable size down, see if you can write your app using only <Windows.h> and no cstdlib. Instead of memset() you've got ZeroMemory(), instead of memcpy() you've got CopyMemory().

I see he's also using fopen/fread/fclose rather than CreateFile/ReadFile/WriteFile/etc.



> I see he's also using fopen/fread/fclose rather than CreateFile/ReadFile/WriteFile/etc.

It's a todo list, not a network service. So what if it's using unbounded strcpy's all over the place? It has basically no attack surface. He wrote it for himself, not for criticism from the HN hoi polloi.

For once maybe take someone's work at face value instead of critiquing every mundane detail in order to feel like the smartest person in the room.

Computers are tools to get stuff done. Sometimes those tools are not pretty.

I place much of the criticism being levied here in the same category as the "we must rewrite 'ls' in Rust for security" nonsense that is regularly praised here.


So what if it's using unbounded strcpy's all over the place? It has basically no attack surface. He wrote it for himself, not for criticism from the HN hoi polloi

I didn't point that out so I could be the smartest person in the room and I certainly don't subscribe to the whole rewrite-the-world in rust.

The sheer amount of time I spent debugging problems caused by buffer overruns and other daft problems is immense. It's literal days of my life that could have been saved had safer APIs been created in the first place.

It's a cool toy program and I encourage the learning but maybe let's try and avoid unnecessary problems.


>I certainly don't subscribe to the whole rewrite-the-world in rust.

Good because those Rust people get really upset when you point out that Rust mostly seems to exist for people to "Rewrite X in Rust".


To be fair, CreateFile etc are a lot more verbose than fopen.


Oh yes, all those parameters are absolutely a pain to work with. But it can still be good to have an understanding of what options are abstracted away by fopen etc. Trying to write an app only using <Windows.h> can be a good learning exercise if you want to understand the fundamentals of the OS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: