[Cryptography] how reliably do audits spot backdoors?

[James A. Donald]

On 2013-12-26 17:37, ianG wrote:
> I do it all in Java.  Once, when I did a port from Java to various
> languages, it took 5 times longer to get it into C as opposed to various
> OO languages (PHP, Perl).

Transating to C, you have to add your own memory management code, which 
is a large part of any C program, hence the much longer C translation times.

Modern C++ has some tools that substantially automate memory management 
and  type management, but you still have to think about memory 
management, while Java does it all for you.

Perl, Java, and PHP are all memory managed languages, so translation 
from Java to Perl or PHP is straightforward.

PHP notoriously tends to turn into spaghetti code, people keep copying 
and pasting the code, resulting in lots of lots of code pages that are 
similar but not identical.  You are, of course, not supposed to do this, 
but, but, the boss wants this bug fixed, or this feature added, 
tomorrow.  As a result, productivity in kilolines per hour is alarmingly 
high.

Translating Java into Perl is doubtless easy, but translating from Perl 
to Java ...  Perl is a write only language.

C++ has the wonderfully powerful template system.  Unfortunately, the 
template system is apt to produce gigantic error messages whose sheer 
size makes them difficult for anyone to comprehend.  But you can do 
things with templating that you cannot do in any other language except 
lisp.  In this sense, C++ is the highest level language of them all, 
except for lisp, as well as being the lowest level language of them all.