| From: | Miles Elam <miles(dot)elam(at)productops(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: The tragedy of SQL |
| Date: | 2021-09-18 14:03:52 |
| Message-ID: | CAALojA-waVaV89-0Zd2xW9TwqR9bKOCL0jXcgfJ0A6x7c3FTWA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Sep 17, 2021 at 1:13 PM Benedict Holland <
benedict(dot)m(dot)holland(at)gmail(dot)com> wrote:
> I don't get why there are so many programming languages out there. C is
> virtually perfect.
>
Oh my. Even its creators didn't believe this, and that was decades ago. Use
after free. Dangling pointers. No array bounds detection. The YOLO that is
(void *).
Decades of CERT advisories tell a different story.
Don't get me wrong, I like C. It's truly a marvel that such a simple
language could be so powerful and flexible. But virtually perfect?
PostgreSQL is lauded as a great piece of C software—not just because it has
a wonderful feature set, but because large scale C development is truly a
difficult thing to get right even with the best, most dedicated developers.
See: OpenSSL.
Buffer overflows, all too common and often hard to find, are largely
impossible in some languages (Rust) and far less likely in others (Zig),
and yet they account for far too many exploits out there leading to massive
data leaks and ransomware.
We develop new languages precisely because C is not perfect. (This is not
to say any of the newer languages are, just that C should not be the end of
our search, especially in the domain-specific cases.)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tobias Meyer | 2021-09-18 15:35:45 | Remove duplicated row in pg_largeobject_metadata |
| Previous Message | Benedict Holland | 2021-09-17 20:12:22 | Re: The tragedy of SQL |