11

For those of you who still refuse to accept that safety features in languages are useful and important:

https://daniel.haxx.se/blog/2023/...

The author of curl himself admits that this security flaw could have been prevented if he had used a memory safe language.

I‘m not blaming the author for making this mistake and I‘m not saying that curl should be rewritten in another language.

I just want to rub this in the faces of people who argue that "bugs are always the developer’s fault, therefore it’s perfectly fine to keep using unsafe languages"

Comments
  • 2
    Ummm, that bug is his fault though. He made the wrong choice in the presence of faulty data input. If I am reading this right maybe he should have used a static boolean? If he had used a memory safe language maybe he would have never noticed the bug?
  • 4
    @Demolishun he states that it is in fact his fault and I respect that. He also states that this exact mistake would have been prevented if he had used a safe language.
    And that is the point.
    Devs are people and we make mistakes. No amount of overestimation of oneself will prevent mistakes.
    And that is the reason why we should use safe languages.

    It’s the same reason why construction workers wear helmets. Sure, if something falls on their head you could say it’s their own fault because they weren’t careful enough and didn’t look up all the time. But it’s still better to wear a helmet to prevent major head injury.
  • 0
    @Lensflare Maybe we need some new features in C to help with this. I don't expect C to go anywhere.
  • 1
    @Demolishun no. C is inherently unsafe and it can’t be fixed by adding features. Fixing it would mean to break backwards compatibility and that won’t happen.

    The only choice is to make a new language that is as low level as C and make it safe by design. Rust is an obvious example.
Add Comment