The Dogma of C

Today we have Heartbleed, tomorrow nothing happens.

You have heard about the recent flaw on the internet named Heartbleed even if you’re not that interested in computer security. It has been all over the news and you are probably wondering whether to change all of your passwords or maybe the whole thing was a just a bit inflated by the press. You decide. I will rather write about how such a fault was possible in the first place.

We all make mistakes. And when you are designing and programming a complex piece of software, you’re bound to make them as well. With software controling more and more of not only cute gadgets but also serious machines (such as cars, railroads, medical equipment, power plants and military drones), bugs can have serious consequences. That is why you have various techniques at your disposal to reduce their number. And there are whole languages designed with the intent to make mistakes harder to make and fail more or less gracefully when they happen. But most developers still prefer to use the complete opposite of that: the C programming language.

C is important: many operating systems are written in it as it enables you to stay close to the machine. But it provides almost no safeguards for the programmer and it’s easy to shoot yourself in the foot. Pointer arithmetic, absence of bounds checking, universal type-casting and variable assignments in conditional statements give you all the amunition you need. And people realized this was a problem back in 1972, but as the past two decades have shown, we keep making same mistakes over and over again. Why?

I guess one reason is plain resistance to change. It is in human nature to prefer status quo, they say. Maybe it has to do with laziness too as C enables you to quickly achieve results. Being a low-level programming language (in the sense of allowing direct memory access and having a small footprint) it is the language of choice for most embedded systems. Then there is also the feeling you get how some programmers think so highly of themselves that they are proud to operate with no harness because they think they make no mistakes. But more importantly, with its legacy C is simply “too big to fail”. So often if you want to contribute to one of those great open-source projects, chance is you will do it in C. This problem will spread into the internet of things and our lives will be even more exposed to software bugs.

So when you do change those passwords because of Heartbleed, it’s quite possible that you have to go to the trouble because that’s more efficient (and easier on average) than writing software that is more secure. At least from somebody else’s perspective.

In 1968 the famous computer scientist Edsged W. Dijkstra published the article “Go To Statement Considered Harmful”. OpenSSL source contains over 7200 goto statements.