On 1 Sep 2016, at 10:17, Norman Wilson <norman(a)oclsc.org> wrote:
Flon's
Axiom, for 35 years my favourite one-liner about
programming and languages:
There does not now, nor will there ever, exist a
programming language in which it is the least bit
hard to write bad programs.
I think this is almost trivially true (in the same sense that, say, general relativity is
almost trivially true once you see it): if there are complicated problems to solve, then
programming languages are either powerful enough to represent the solution or they
can't solve the problem. If they are powerful enough then that power can be used to
write horrid programs, if they're not then they die out, at least as general-purpose
languages.
To turn my earlier comment around, Lisp is a fantastic example of this: modern Lisps
(really, Scheme) mandate tail-call elimination as part of the language, which is clearly
this lovely pure thing to do which can only make programs better. Well, in a language
with tail-call elimination, some (but, of course, not all) function calls can be treated
as gotos which pass arguments, and isn't goto meant to be bad? So now add full
continuations and any half-educated person like me can write the sort of tiny opaque
horror which it would take someone really deep understanding to write in C, say.
That being said (and note I *like* C, a lot), what proportion of security problems are
undetected buffer overflows? Less than it used to be, I hope.