Programmers can trust language security features too much…
Of course, they’re nice to have and really can make things easier to implement securely but it’s still very easy to introduce security problems or bugs into any code. This is just an unsolvable problem of writing imperative code. All imperative code will reliably have memory leaks (even in Java!) and security holes because no compiler can check to see if you thought of everything.
And large and complex compilers/interpreters with these security features can end up introducing their own security problems or bugs in the process of implementing them.
I’m just tired of people entirely dismissing languages like C because they don’t have these features. Especially when the operating systems their code runs on and their languages may even be implemented in C!
Buffer overflows were last seen on the OWASP top 10 list in 2004. Favoring of anything else over C for most things is a pretty obvious reason why. A language change destroyed an entire class of bugs.
It’s a “tool for the job” game. I don’t trust a junior developer to write a login system. I’ve found security flaws in login systems written by senior developers who “know what they’re doing TM”. Unless I’m the expert in a given domain, it’s better to trust something written by those experts.
For the record (since it’s fixed anyway), I discovered a common login timing vulnerability on one of our production systems that had been in place for nearly 15 years. Luckily we didn’t have enough traffic for anyone to notice it before me.
I think it’s definitely a dig at windows, because that used to be the primary issue with c#, you could only really target windows and you could only write it using windows. You could run .net framework applications on Linux, but it was a lot of work and it really underperformed (which would fit the timeline of 2015, when this comic was first posted). Now with .net core you can make a self contained executable that can run on anything.
The M1 Garand is known for having a problem during reloading where you have to stick your thumb in a slot that’s about to shut very hard. There are techniques to avoid getting pinched, but “Garand thumb” is a well-known phrase among vintage rifle enthusiasts.
C is very reliable. It works almost everywhere with very little resources or overhead and many of the most fundamental parts of our systems (that have to work reliably) are written in C. Many of the languages in that image are even implemented in C.
If you want to write portable, fast, and simple code C can help you with that if you use it in the right way.
C++ and ruby are weird, especially since C is somehow considered a reliable rifle. Rust betrays it’s age
C is reliable in the sense that your C program reliably has memory leaks and security holes.
Unlike your Java program amirite.
The benefit of java is that you didn’t write the security holes in your software.
Programmers can trust language security features too much…
Of course, they’re nice to have and really can make things easier to implement securely but it’s still very easy to introduce security problems or bugs into any code. This is just an unsolvable problem of writing imperative code. All imperative code will reliably have memory leaks (even in Java!) and security holes because no compiler can check to see if you thought of everything.
And large and complex compilers/interpreters with these security features can end up introducing their own security problems or bugs in the process of implementing them.
I’m just tired of people entirely dismissing languages like C because they don’t have these features. Especially when the operating systems their code runs on and their languages may even be implemented in C!
Buffer overflows were last seen on the OWASP top 10 list in 2004. Favoring of anything else over C for most things is a pretty obvious reason why. A language change destroyed an entire class of bugs.
It’s a “tool for the job” game. I don’t trust a junior developer to write a login system. I’ve found security flaws in login systems written by senior developers who “know what they’re doing TM”. Unless I’m the expert in a given domain, it’s better to trust something written by those experts.
For the record (since it’s fixed anyway), I discovered a common login timing vulnerability on one of our production systems that had been in place for nearly 15 years. Luckily we didn’t have enough traffic for anyone to notice it before me.
I don’t trust Masterlock, so I’m gonna make my own lock out of duct tape, then tape scissors to the door to use as the key.
As does C#. The Windows-specific parts are not the parts most developers will use these days.
I took it as the donkey being .NET
C# is .Net though. It’s only syntax without it.
I think it’s definitely a dig at windows, because that used to be the primary issue with c#, you could only really target windows and you could only write it using windows. You could run .net framework applications on Linux, but it was a lot of work and it really underperformed (which would fit the timeline of 2015, when this comic was first posted). Now with .net core you can make a self contained executable that can run on anything.
You can even compile to a native executable these days I believe so you don’t have to have the .net runtime installed or bundled.
2015? I’m sure last time I saw this it was way before 2015
Agree. That one didn’t age well…
The M1 Garand is known for having a problem during reloading where you have to stick your thumb in a slot that’s about to shut very hard. There are techniques to avoid getting pinched, but “Garand thumb” is a well-known phrase among vintage rifle enthusiasts.
This fits C very well.
And does anything require Python v2 anymore? I work almost exclusively in Python and haven’t run into that in many years.
Python v2 was sunset in 2020. So only legacy software.
Someone should tell Ubuntu (or Debian, I’m guessing).
C is very reliable. It works almost everywhere with very little resources or overhead and many of the most fundamental parts of our systems (that have to work reliably) are written in C. Many of the languages in that image are even implemented in C.
If you want to write portable, fast, and simple code C can help you with that if you use it in the right way.
C is a knife. The basic thing you can build weapons (programming languages) with.
Or a screwdriver?
It’s a screwdriver without a head because you have to build it yourself
Yes. Knives can also be used as screwdrivers for fasteners with a “blade” or “flat” head.