[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A bit further toward the flamewar

From: Linas Vepstas
Subject: Re: A bit further toward the flamewar
Date: Thu, 13 Oct 2011 11:30:32 -0500

On 13 October 2011 10:20, Andy Wingo <address@hidden> wrote:
> On Thu 13 Oct 2011 16:26, address@hidden (Ludovic Courtès) writes:
> Anyway this second, proof side of types, is the side that Scheme does
> not have.  C has a stronger story in that regard.

Lack of types in scheme has made me day-dream about learning
ocaml or haskell.  My pet peeve about scheme is that, when
maintaining old code, its very very hard to just "know" what type
some lambda is expecting.  And, to me, this makes scheme
sometimes very hard to read.

very-hard-to-read == bug-prone

> This is what I meant when I said that C was dangerous.  Programs in
> Guile have meanings, even seemingly ill-formed programs like
>  ((lambda () x))
> Because what happens here?  You get an exception.  What happens in C if
> you invoke puts without its argument?  You might get a warning, but it
> will compile, and at runtime /anything can happen/.
> All programs of a sufficient size have bugs.  The question is, what
> happens when there is a bug?  In Scheme, the answer isn't usually "the
> Chinese/American/German government gets to read your email".  With C it
> is.  That is why programming in C is dangerous.

If you remember java in 1993-1995, people kept saying that it was safe
because impossible to break out of a java "sandbox".  Of course, that was
wrong: turned out the java sandbox sometimes just had to make library
calls/system calls, and when there were incorrectly implemented, then one
could break out of the sandbox.  I don't see how *any* language can avoid
the same security pitfalls that the java "sandbox" suffered from.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]