[TUHS] Why Pascal is Not My Favorite Programming Language - Unearthed!

Arthur Krewat krewat at kilonet.net
Sat Sep 2 01:47:56 AEST 2017


On 9/1/2017 10:48 AM, William Cheswick wrote:
> early Internet.

I had to chuckle at the above.

This was back in the day when I could telnet into almost any TOPS-20 
system using user account ANONYMOUS and a password of FTP (or something 
similar depending on the system). It wasn't more than a few minutes 
before I found an unprotected file somewhere that could be altered and 
lay in wait for someone to run it. TOPS-10 systems were even easier. VMS 
wasn't a big deal either. Even the UNIX systems at the time were never 
really secure.

I was the ARPANET's and early Internet's worst nightmare. TELENET was an 
even better source of stuff to look at. Thankfully, I was not malicious 
nor profit-driven.

I still posit that C in the hands of the right people is not prone to 
buffer overflows any more than some library issue in C++ or higher 
languages.

Higher languages that put up safeguards are only as good as the 
programmers who write the compiler/interpreter. Because deep down, the 
libraries themselves, or the kernel itself is written in something 
without hand-guards to keep you from cutting your fingers off. It's all 
machine code in the end with, for example, no limits on pointers except 
those that are constructed by more programmers or the memory protections 
built into the processor (i.e. DEP).

In other words, by using a "safe" language you are just putting your 
security in the hands of other people who may or may not be as concerned 
as you are about it.

You can only put a certain amount of bubble-wrap around a razor blade. 
In the end, there's still a razor blade under all those layers.





More information about the TUHS mailing list