On Fri, Sep 1, 2017 at 10:48 AM, William Cheswick <ches@cheswick.com> wrote:

I think we have 30 years’ experience that clearly shows that dangerous languages
will be misused in critical areas, even if most of us are very careful.

I think I would amend this to say something along the lines of, "we have 40+ years of experience clearly showing that dangerous languages cannot be used safely in critical areas without a disproportionate amount of care and effort, despite the best efforts and skill of our best programmers."

Marcus Ranum once wrote a one-page version of inetd that he thought was secure. He was and is as committed to security as anyone, and had long experience writing software important to the early Internet. Steve Bellovin found a security hole in that one-page program.

I am convinced that a safe language with very tiny holes allowing access to dangerous stuff (like memory management in the kernel) is simply safer. Clearly, we are no where near that right now.

Moreover, as Steve said, what we consider "programming" these days is different than it was even 20 years ago: the programs we write are largely glue tying together a dizzying array of complicated and powerful libraries. There was a time that whenever I wanted a linked list in C, well, I'd just add a 'next' pointer to a struct; if I wanted a tree, I'd add 'left' and 'right' pointers. For the *vast* majority of programmers, those days are gone but our languages don't really reflect that.

- Dan C.