The Lessons of Software Monoculture

SPONSORED LINKS

the predominance of C++ in application development stands in no proportion to its suitability for most high-level problems.

I fail to see a character string issue that cannot be solved with a wrapper class or a smart pointer.

GREAT, so people will write insecure code in C until some day they are experienced enough to use it safely!

Exactly. And until they have demonstrated their competency, their code should not be used in security-critical environments.

*whuppdidu*. so you NEVER allocated a string one short, i assume. maybe you are even infallible!

Of course I have, and I also don't place non-debugged and/or unaudited code into a production environment. I guess others have lower standards, but they get what's coming to them. You can make very insidious mistakes in high level languages too.

the point of high-level programming languages is to reduce the binding between your machine and your programs and to offer a sane standard library which will allow you to write acceptable code with a few months!

Quite. However, "high-level programming" is all relative. C is high-level compared to assembly. The C standard library provides functions such as snprintf, fgets, and strncpy which are usually suitably safe. If those functions cramp your style, use something like glib instead.

it takes you such a long time to learn all its hidden traps

Please elaborate. Perhaps instead of traps, you meant unfamiliar nuances. That's not a euphemism unless you regard the language as hostile, which is a ludicrous notion. C just exists. You either know how to use it or you don't. Petulance and indignation do not substitute for learning.

that I don't see it as the suitable standard language for your average problem.

Right. So who was claiming that C was the right tool for the average problem? The frequent ill-informed argument from CS 101 types is that C is the wrong tool for any problem and that {Java|PHP|Python} is the universally correct tool.

how can you be so arrogant?? "beyond my capability"!!!

You used a specious argument to support your general claim that C is useless because there is no native string type. I supposed that this was something that you had encountered, and instead of learning something from your mistake, decided to bash the language; that is a common reaction by frustrated people new to C.

but i don't even think that you never made a mistake using them, so you better show some humility!

Exactly how am I displaying arrogance? Of course I have made mistakes with pointers as I learned the language. I don't make them any more, and that's because I recognized their utility and learned how to use them properly rather than blaming the language.

to avoid all the syscalls involving C char pointers! (for example: using ostream::write will require you to use char pointers!

And what would be your solution to this? Introduce an opaque string type into the kernel interface alongside the existing read/write functions?

please be a little humbler before accusing others of being incapable of using some arcane and dangerous technique

I think you are reading emotions into my words that are not there. I find nothing arcane or dangerous about C strings at the hands of a competent programmer, no more than I find a loaded gun in the hands of a responsible and trained person dangerous.

There is a rather salient argument against people new and inexperienced with C writing code that is accessible from outside a particular machine, so let's leave the conclusion at that: C newbies should not be writing networked code; and not try to extend that conclusion to say that C is invariably a munition waiting to explode no matter who is writing the code.

Score:2