[Cryptography] programming languages and the people who (don't) love them, was "NSA-linked Cisco exploit poses bigger threat than previously thought"

[John Levine]

>It was quite clever of C to make pointers and arrays and strings all the 
>same, it was efficient and elegant, but it brought dangers. Critics have 
>always been dismissed, with the implication that they are not Real 
>Programmers.
>
>   "We are adults, we program carefully, this won't be a problem."

Huh, programmers who are phenomenally overimpressed with themselves
and know no history.  I've certainly met a few.

C was designed in the 1970s.  Dennis Ritchie's PDP-11 compiler was two
phases and an optional peephole optimizer, each of which could run in
about 24K bytes of RAM. 

In that environment, the only other language to do system programming
was the machine's assembler, and C was a great improvement, since it
had structures to give names to data fields and enough of a type
structure to keep you from using a floating point value as an integer
or add two pointers together.

The reasons we're still using C are not limited to stupidity.  There
is a huge installed base, including all of the OS code in various
versions of Unix and Linux, and nothing else to date runs on as many
architectures and is as usable in spare environments like OS kernels
and embedded systems.

ObCrypto: very little of the crypto code I use has to run in the kinds
of environments where C's advantages are important, so it's a reasonable
question why application libraries like openssl are still in C.

R's,
John