Skip to main content

Death to C, ++





The C programming language is terrible. I mean, magnificent, too. Much of the world in which we live was built atop C. It is foundational to almost all computer programming, both historically and practically; there’s a reason that the curriculum for Xavier Niel’s revolutionary “42” schools begins with students learning how to rewrite standard C library functions from scratch. But C is no longer suitable for this world which C has built.

I mean “terrible” in the “awe-inspiring dread” sense more than the “bad” sense. C has become a monster. It gives its users far too much artillery with which to shoot their feet off. Copious experience has taught us all, the hard way, that it is very difficult, verging on “basically impossible,” to write extensive amounts of C code that is not riddled with security holes. As I wrote two years ago, in my first Death To C piece:


In principle, as software evolves and grows more mature, security exploits should grow ever more baroque … But this is not the case for software written in C/C++. Buffer overflows and dangling pointers lead to catastrophic security holes, again and again and again, just like yesteryear, just like all the years of yore.

We cannot afford its gargantuan, gaping security blind spots any more. It’s long past time to retire and replace it with another language. The trouble is, most modern languages don’t even try to replace C. […] They’re not good at the thing C does best: getting down to the bare metal and working at mach speed.

If you’re a developer you already know where I’m going, of course: to tout the virtues of Rust, which is, in fact, a viable C/C++ replacement. Two years ago I suggested that people start writing new low-level coding projects in Rust instead of C. The first rule of holes, after all, is to stop digging.


Today I am seriously suggesting that when engineers refactor existing C code, especially parsers and other input handlers, they replace it — slowly, bit by bit — with Rust.

We have to do something. We must make our software foundations stronger. That means fixing operating systems, drivers, libraries, command line tools, servers, everything. We might not be able to fix most of it today, or the next year, but maybe 10 years from now the situation will have improved.

Unfortunately, we cannot rewrite everything. […] What I’m advocating for is much simpler: surgically replace weaker parts but keep most of the project intact. […] You can actually take a piece of C code inside an existing project, import the C structures and functions to access them from Rust, rewrite the code in Rust, export the functions and structures from Rust, compile it and link it with the rest of the project.

Rust is no a panacea, of course, There are many other valuable approaches to improving software stability and security. (Formal verification, for instance, or the Langsec movement.) But it is a plausible and valuable iterative approach, and we are only going to dig ourselves out of our giant collective security hole iteratively, one shovelful of better code and better tooling at a time. The sooner we start digging, the sooner C will slowly oxidize away.

Source: Business Insider.

More@ https://www.technapping.com

Comments

Post a Comment

Popular posts from this blog

WTF is bitcoin cash and is it worth anything?

Early yesterday morning bitcoin’s blockchain forked — meaning a separate cryptocurrency was created called bitcoin cash . The way a fork works is instead of creating a totally new cryptocurrency (and blockchain) starting at block 0, a fork just creates a duplicate version that shares the same history. So all past transactions on bitcoin cash’s new blockchain are identical to bitcoin core’s blockchain, with future transactions and balances being totally independent from each other. For practical matters, all this really means is that everyone who owned bitcoin before the fork now has an identical amount of bitcoin cash that is recorded in bitcoin cash’s forked blockchain. But it’s not exactly this easy. If you control your own private keys, or hold your bitcoin in an exchange that said it would credit users’ balances with bitcoin cash, you’re fine and can access your newfound cryptocurrency right now. If you held your bitcoin with a provider like Coinbase, which said before the fork t...
Post a Comment
Read more

Bitcoin breaks $3,000 to reach new all-time high

Bitcoin has reached a record high valuation of $3,000 per coin to complete a rollercoaster week that begin with the long-awaited split of the cryptocurrency. A number of exchanges, including popular destinations Coinbase and Kraken , valued a single bitcoin at over $3,000, an all-time high that is up $485 on the valuation one month ago. Earlier this year, Bitcoin surged to surpass $2,000 for the first time in May going on to almost reach $3,000 in June only for the valuation to crash . Over the last twelve hours, bitcoin’s value has jumped by over 10 percent as forked currency bitcoin cash has seen its valuation crash by 30 percent. Some exchanges including China’s OkCoin even put the value of one bitcoin above $3,200 right now. Finally, the surge means that the total market cap of bitcoin is more than $50 billion — $51,737,289,581 at the time of writing according to Coinmarketcap.com . A Coinbase chart shows bitcoin’s valuation has passed $3,000 per coin One chief concern around t...
Post a Comment
Read more

Walmart expands its grocery delivery business, powered by Uber

Walmart is expanding a test of its grocery delivery service, powered by Uber, the company announced this week. The retailer is now offering grocery delivery in two new markets — Dallas and Orlando — which join Tampa and Phoenix as locations where consumers can shop online for grocery items, then opt to have them come to their home for an additional $9.95 fee. Grocery delivery has been something Walmart has experimented with for years, starting with tests in Denver and San Jose of grocery delivery using its own service and trucks. The tests involving Uber are newer, however. In June, 2016, Walmart began a trial in Phoenix, which expanded to Tampa this March. In those locations, Walmart offers grocery delivery at five local stores per market. This week’s Dallas test is larger, with 8 stores participating. In Orlando, there are four stores involved. The grocery delivery service is available via the same online grocery shopping website where customers can place their pick-up orders — a s...
Post a Comment
Read more