← Back to context

Comment by staticassertion

4 years ago

> 1. Blaming the language instead of the programmer will not lead to improved program quality.

I disagree. Blaming the language is critically important. Tony Hoare (holds a turing aware, is a genius) puts it well.

> a programming language designer should be responsible for the mistakes that are made by the programmers using the language. [...]

> It's very easy to persuade the customers of your language that everything that goes wrong is their fault and not yours. I rejected that...

[0]

> Users will still be write programs in C for their own personal use that are smaller and faster than ones written in memory-safe. languages

Users will always write C. No they won't always be smaller and faster.

> 3. Those in the future who are practiced in C will have a siginificant advantange in being able to leverage an enormous body of legacy code

Much to society's loss, I'm sure.

> and may in fact be taught to fear it

Cool. Same way we teach people to not roll their own crypto. This is a good thing. Please be more afraid.

> There is a tremendous amount of C code that DOES NOT contain buffer overflows or use-after-free errors.

No one cares. Not only is that not provably the case, nor is it likely the case, but it's also irrelevant when I'm typing on a computer with a C kernel, numerous C libraries, in a C++ browser, or texting someone via a C++ app that has to parse arbitrary text, emojis, videos, etc.

> Find me a buffer overflow or use-after-free in one of djb's programs.

No, that's a stupid waste of my time. Thankfully, others seem more willing to do so[1] - I hate to even entertain such an arbitrary, fallacious benchmark, but it's funny so I'll do it just this once.

[0] http://blog.mattcallanan.net/2010/09/tony-hoare-billion-doll...

[1] http://www.guninski.com/where_do_you_want_billg_to_go_today_...

9 comments

staticassertion

Reply
o8r3oFTZPE  4 years ago

Guess who is "rolling your crypto" for you. The same guy who is the subject of your "fallacious benchmark". He writes in C. The problem with software is not the languages (seems a new one is created every month), it is a lack of competence in using them. (Over)Confidence is very commmon, competence not so much. I am thankful that Dennis Ritchie created C; I appreciated his humility and I do not blame him for others' mistakes.

  • PeterisP  4 years ago

    It's not a lack of competence because evidence shows that even the most competent C programmers can't write C without security issues - literally every nontrivial security-relevant product that has been written by great C programmers has had them, their competence apparently was not sufficient. I'd argue that nobody, including Dennis Ritchie, is "competent enough" to write secure C - even the best people slip sometimes in ways that (in C!) cause exploitable holes.

    "The same guy who is the subject of your fallacious benchmark. He writes in C" and that crypto code, which we used was more secure than rolling our own, but it still is riddled with security bugs because he writes in C (e.g. Heartbleed) - and despite the fact that those particular bugs have been fixed, that code still isn't trustworthy enough just because it's written in C, likely has more issues undetected and needs to be rewritten and replaced eventually with some not-C solution that can remove a whole class of bugs accidentally causing arbitrary code execution. Sure, you'll still have logic bugs - but a logic bug in iMessage image parsing has much lower consequences than a memory safety issue in that same image parsing.

    • o8r3oFTZPE  4 years ago

      I think you are misattributing the source of Heartbleed. Can you point out the security issues in NaCl. It is written in C. According to this "no one can write C" logic, there must be bugs because "no one can write C". https://nacl.cace-project.eu/

      The other bizarre aspect of this logic is that not only is the author of the code irrelevant but apparently the task is, too. It would appear to apply to, e.g., even the most simple programs. The only factor that matters is "written in C". I use sed every day. It's written in C. Show me the bugs. I will probably be dead before someone finds them. Will I be using a "memory-safe" sed before then.

      6 replies →