Seriously, Heartbleed was entirely caused by pointers being dangerous. This is not hard - we should get rid of general purpose pointers.
1
Replying to @frabcus
@frabcus The danger in languages like C come from their power. If you remove the danger you remove the power. Sometimes power is needed.

Jan 19, 2015 ยท 10:24 AM UTC

5
1
Replying to @dsilverstone
@dsilverstone @frabcus also, C *lacks* power in critical ways (builtin string support is terrible in almost every way)
2
@eyebrowsofpower @frabcus I don't consider the wealth of string-related libraries a problem. Builtins are not the be-all-and-end-all.
Replying to @dsilverstone
@dsilverstone @frabcus heartbleed happened because pointers were used where there was no need for them. To me that's weakness not power
2
@fjmd1 @frabcus Idiots exist in all spheres. Mistakes happen. The true failing here was a lack of review on critical code.
Replying to @dsilverstone
@dsilverstone that's the point though, pretty well all uses of C/C++ don't need that power. e.g. Gecko didn't, c.f. Servo. What uses do?
1
@frabcus Also, you're still assuming that the compiler is good and that the author understands the chip in question.
1
more replies
Replying to @dsilverstone
@dsilverstone @frabcus I'm not convinced this is true; it's the "seatbelts make people drive more dangerously" argument for coders