Thursday, November 30, 2006

Bjarne Stroustrup interview

Something for the geeks out there: an interview with Bjarne. As Ali G might say "He's the geezer wot gave us C-plusity-plus".
Why's this article interesting? From the subtitle: "the inventor of the C++ programming language, defends his legacy and examines what's wrong with most software code."

Every few weeks there'll be a flare up of the old C/C++-vs-Managed-Code argument on the programming lists at work. It's certainly true that C and C++ both let you shoot yourself in the foot easily (and have nice exploitable security bugs in your code, such as buffer-overflows), but C++ also has the added tendency to introduce really nasty, hard-to-track-down bugs when you don't really understand what's happening under the covers. As long as you know exactly what you and the compiler, and the standard libraries (if you use them) are doing, you'll be fine.

C#/managed code generally isolate you from the nasty details of what's happening under the covers (at least, if you just use managed code and don't need to interoperate with native code). You don't need to worry about the difference between a container of objects and a container of pointers. No smart pointers to use or not use. And generally great built-in standard libraries.

Although I am not a C# and managed code expert, my take (and most other peoples) is that they're definitely a move in the right direction in terms of preventing stupid bugs from having security impacts. No more BO's and memory-management woes. Managed code is not automatically free from security bugs though...

No comments: