[Byzantine]

What makes the main developer, irungentoo, qualified to write the Tox core?

[sitkack]

Starting a new, blue water distributed encryption system in a non-safe language is odd at this point. The protocol is being _noodled_ through and the code is in C.

This is the coding style

https://github.com/irungentoo/toxcore/commit/84c28337d248bad...

this is openssl all over again

https://github.com/irungentoo/toxcore/commit/1d6c3934736c369...

[ge0rg]

From a short look, I tend to agree with you.

> memcpy(packet + 1, &con->ping_request_id, sizeof(uint64_t));

Copying multi-byte values into a network packet is a typical error made by novice developers - this will bite you hard as soon as somebody compiles the code on a Big Endian machine. Even if you might get away with this on opaque elements like a ping ID, the general approach should not be followed.

[irungentoo]

endianess doesn't matter when you all you do with it is store it and check if it's equal to another.

In all cases where it does matter, the values are converted.

Tox has been confirmed working on big endian machines by many people.

[Ridley]

C is far from a non-safe language; it's the language of choice for NASA systems that lives depend on after all.

I'm not sure what you're trying to point out with those links. How is this related to openssl?

[sitkack]

Because NASA has used C means this guy writes code for the shuttle?

Read the code. Dig through the commit logs. This is the wrong choice on about every level. The best encryption won't save you when you have code like this.

What did we not learn about OpenSSL?

[Ridley]

You're talking complete nonsense. Constructive criticism please.

[nobotty]

the only thing I'm seeing from your posts is "I'm a fucking idiot who doesn't understand that C is safer than any interpreted pretend-you're-safe language"

[iopq]

When have you heard of a JavaScript dangling pointer problem? Buffer overrun? Segfault?

[sitkack]

The only hope to make Tox less insecure would be to run it under emscripten or http://zerovm.org/

[Ridley]

Comparing C to Javascript makes no sense, and Javascript is NOT a safe language. Those issues you mentioned are due to programmer incompetence. Bad programmers will make bad code no matter what language they program in. Security should not rely on a language hand-holding bad programmers.

[xorcist]

I don't know what cargo cult coding style you want adhere to, but there is nothing wrong with the linked diff's.

It's quite readable and has yet to tangle itself in the ifdef mess that is openssl.

[laikaa]

He has the time to do it.

[sitkack]

We don't want the guy with the most "free time" doing the work.

[iopq]

You're right. Make a better program. I'll be anticipating it, I really want a Skype replacement I can get behind.

[sitkack]

So do I, but Tox isn't it.

They should have made the protocol, vetted the protocol and made a PoC implementation in a safe language.

Cryptographers and secure protocol designers can't help out if they are noodling along banging out the implementation while designing it.