1 Sep
2017
1 Sep
'17
6:34 p.m.
On Fri, Sep 1, 2017 at 10:48 AM, William Cheswick <ches(a)cheswick.com> wrote:
I think we have 30 years’ experience that clearly
shows that dangerous
languages
will be misused in critical areas, even if most of us are very careful.
I think I would amend this to say something along the lines of, "we have
40+ years of experience clearly showing that dangerous languages cannot be
used safely in critical areas without a disproportionate amount of care and
effort, despite the best efforts and skill of our best programmers."
Marcus Ranum once wrote a one-page version of inetd that he thought was
secure. He was and is as committed to security as
anyone, and had long
experience writing software important to the early Internet. Steve
Bellovin found a security hole in that one-page program.
I am convinced that a safe language with very tiny holes allowing access
to dangerous stuff (like memory management in the kernel) is simply safer.
Clearly, we are no where near that right now.
Moreover, as Steve said, what we consider "programming" these days is
different than it was even 20 years ago: the programs we write are largely
glue tying together a dizzying array of complicated and powerful libraries.
There was a time that whenever I wanted a linked list in C, well, I'd just
add a 'next' pointer to a struct; if I wanted a tree, I'd add
'left' and
'right' pointers. For the *vast* majority of programmers, those days are
gone but our languages don't really reflect that.
- Dan C.