That Pretty Much Wraps it Up for C

I love C. So damn much. I enjoy writing straight C.

I love having some memory and some abstractions and the flexibility to do whatever I want. I love that it imposes a discipline that prevents me from using that flexibility in stupid ways.

But between goto fail and the Heartbleed bug I have to wonder if my beloved language should be retired — at least for everything that could be a security issue. (Which is potentially everything, I suppose.)

There are two things that make other languages better for these things: 1) in many languages these particular bugs are impossible, and 2) there are often better static analysis tools that can prove that those particular flaws don’t exist in a chunk of code.

The Heartbleed bug is a major hassle. What worries me is that the next time something else might happen — maybe the power grid goes down or ATMs stop working. (Or worse.)

If we’re serious about protecting ourselves from the NSA and other malevolent entities, maybe we have to move away from C.

(I suggest this with great reluctance. And a realization that the cost of this would be huge.)