Hacker News new | ask | show | jobs
by vox_mollis 3713 days ago
[WARNING, RANTY]

This is a blue-sky project. Completely new, with no legacy dependencies.

AND YET THE DEVELOPER CHOSE TO WRITE IT IN C. WHY FOR THE LOVE OF GOD, WHY?

Could someone explain this to me? Is it developer hubris, believing in one's own infallibility that a single exploitable stack frame or buffer overflow couldn't possibly happen "on my watch"?

If you need a native binary, your options are endless. Rust, Go, Haskell, hell, even C++ with smart pointers and runtime bounds-checking would be a step up.

Please, someone educate me on why people still choose to write inevitably-vulnerable software in 2016, when there is no legacy reason to do so.
2 comments
leephillips 3712 days ago
Do you think it's a bad idea that git and the Linux kernel are written in C? Is the possibility of a buffer overflow important in a program that's not processing input from random people on the internet?
link
vox_mollis 3712 days ago
No, because they are both legacy software. I understand momentum in codebases - that's why I'm reserving my vitriol for fresh bluesky projects like this one.

As for exploitability, privilege escalation and shellcode injection is still very much a thing, internet-facing or not.

link
leephillips 3712 days ago
Git started in 2005. I'm sure Torvalds knew all about buffer overflows then, but decided to use C. You seem to think this is a crazy decision.
link
codygman 3712 days ago
> Git started in 2005. I'm sure Torvalds knew all about buffer overflows then, but decided to use C. You seem to think this is a crazy decision.

Well is it? Will it be if Linus isn't maintaining it?

link
leephillips 3712 days ago
Linus Torvalds has not been the git maintainer for years.
link
codygman 3712 days ago
I wonder if git would be better served by a more modern language.
link
typon 3712 days ago
I'm sure you've heard of the Shellshock bug.
link
leephillips 3712 days ago
Shellshock is a flaw in bash parsing and has nothing to do with that fact that bash happens to be written in C. Also, it's only a problem for untrusted input sent to bash. Typically, from the internet.
link
ilyash 3712 days ago
See the full answer here: https://github.com/ilyash/ngs/issues/3
link