Assuming an averagely careless programmer, a language made out of shotguns will produce more errors than a language with the occasional presence of shotguns.
When simply trying to concatenate 2 strings can result in arbitrary code getting executed, memory leaks, actual data-loss or fatal program instability (or all of those), it's pretty obvious the C language itself is made out of shotguns.
Making simple things simple and safe will produce fewer errors and fewer security issues. I don't see how anyone can try to argue anything else.
C doesn't even have strings, but you would typically be using char arrays instead. All you need is a pointer to the array in order to access it.
However, if you just have the pointer then you are lacking to essential pieces of information, the length of the string and the capacity of the string.
The length of the string is however by convention determined by the first NULL byte (zero termination), so it is important that there is a NULL byte within the bounds of the allocated array.
Concatenating two "strings", is not particularily difficult, it just needs to be done with care.
If you find it complicated, then you should not use C, nor should you use it for things it's not intended for.
If you find it complicated, then you should not use C, nor should you use it for things it's not intended for.
In theory, string handling in C is straightforward enough. In practice, string handling in C is the source of a crazy number of security vulnerabilities and other bugs, even in popular and relatively well regarded software written by experts.
No-one should still need to use C in 2016. We know how to fix many of its problems and create much better programming languages now. Unfortunately, there is so much momentum behind the C ecosystem that in reality there are few practical alternatives yet, at least for low-level systems programming or high-performance number crunching work. Worse, there may not be enough commercial justification for the few organisations big enough to significantly move the industry in a better direction to actually commit the resources to do so, and this seems unlikely to change unless and until influential people start to care about the real costs of poor quality software.
Yes, I'm hoping that as Rust matures and its ecosystem grows we will start to see some improvements in the robustness of low-level software. It's one of the few alternative languages I see that seems to have significant potential in that area right now.
It's much more complicated than it seems. It's one thing to understand how to use C strings in a benign environment and quite another to be sure you don't create a security weakness with them.
> Concatenating two "strings", is not particularily difficult, it just needs to be done with care.
Driving home is not particularly difficult, it just needs to be done with care. Consequently tens of thousands die every year doing it.
Really, it's probably the case that if you find it simple, you shouldn't be using C. You will make mistakes doing that, and if you don't think so, those mistakes will be released.
Now, about things C was intended for... It was intended for everything. Nowadays we have better options for most uses, but it was indeed intended for web development.
> it's pretty obvious the language itself is made out of shotguns.
You are hitting the hammer where there is no nail! In this instance, the Dell WEBSITE was hacked which are (99% of the time) written in high-level programming languages like php, python or Java. No sane business uses C/C++ to develop a website. C/C++ is used for INTERNAL SYSTEM PROGRAMMING and those systems are already linux based and almost impossible to hack (Even in the rare instance that they DO get hacked, C/C++ has nothing to do with it).
I work with a team in India. I can assure you the Dell tech reps log into Dell's system and are not hacking via the website. This is an inside job and there are no simple ways around it. Cost benefit analysis shows Dell they can allow you to get ripped off. They are still are selling computers and saving tons of money offshoring. They have no reason to correct this problem. Glad I build my own PC's at home.
Making simple things simple and safe will produce fewer errors and fewer security issues. I don't see how anyone can try to argue anything else
Making things simple and safe is what leads an average careless programmmer to develop insecure websites. It's not simple to write a non trivial website that is safe for sensitive data. And the language is a small part of overall system security.
There are lots of alternative "safe" string libraries for C, so string handling is not a good argument against C.
When simply trying to concatenate 2 strings can result in arbitrary code getting executed, memory leaks, actual data-loss or fatal program instability (or all of those), it's pretty obvious the C language itself is made out of shotguns.
Making simple things simple and safe will produce fewer errors and fewer security issues. I don't see how anyone can try to argue anything else.