[Cryptography] It's all K&R's fault
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Apr 18 16:54:02 EDT 2014
On 18/04/14 21:01, Jon Callas wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> And it is, too, and others have said the sorts of things I would say
> about what an abomination of a language C is. But so what? You *can*
> use it reasonably, especially with any of a number of supplemental
> libraries do things like give you reasonable strings, buffers, and so
> on. The people on the other side of the tale are also right.
No, I'd argue that you *can't* use it reasonably.
You write code, you are a genius, and your code is perfect. Then some
non-genius comes along to maintain your code, and because you haven't
used safe code constructs he makes a mistake.
But he's not a genius, and he isn't supposed to be one.
Assuming you had a choice of whether to use the constructs that only
geniuses can use safely or the safer constructs which more normal coders
can use safely, and then assuming that you knew or could presume that
your code would be maintained by non-geniuses - then the fault would be
yours, for choosing the wrong constructs.
Or perhaps before that, for choosing the wrong language, C.
So why didn't you, or they, object? I still don't get it.
There have been eleventy-million kinds of whining about this here, and
twenty-leven-million mostly-non-fixes, but who has said, or better
insisted, that eg strcpy() etc should be permanently removed from C, and
replaced with a bounds-checking version?
Because *that* is what is needed. Nothing else will do.
-- Peter Fairbrother
ps, how about those Darkmail slides? thx.
More information about the cryptography
mailing list