[Cryptography] It's all K&R's fault

[Peter Fairbrother]

On 18/04/14 21:01, Jon Callas wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> And it is, too, and others have said the sorts of things I would say
> about what an abomination of a language C is. But so what? You *can*
> use it reasonably, especially with any of a number of supplemental
> libraries do things like give you reasonable strings, buffers, and so
> on. The people on the other side of the tale are also right.

No, I'd argue that you *can't* use it reasonably.

You write code, you are a genius, and your code is perfect. Then some 
non-genius comes along to maintain your code, and because you haven't 
used safe code constructs he makes a mistake.

But he's not a genius, and he isn't supposed to be one.

Assuming you had a choice of whether to use the constructs that only 
geniuses can use safely or the safer constructs which more normal coders 
can use safely, and then assuming that you knew or could presume that 
your code would be maintained by non-geniuses - then the fault would be 
yours, for choosing the wrong constructs.

Or perhaps before that, for choosing the wrong language, C.


So why didn't you, or they, object? I still don't get it.

There have been eleventy-million kinds of whining about this here, and 
twenty-leven-million mostly-non-fixes, but who has said, or better 
insisted, that eg strcpy() etc should be permanently removed from C, and 
replaced with a bounds-checking version?


Because *that* is what is needed. Nothing else will do.







-- Peter Fairbrother

ps, how about those Darkmail slides? thx.