What Would Dennis Ritchie Say About the "Memory-Safe" Hype (or Cargo Cult)?
Sebastian Hetze, Linus Torvalds, and Dennis MacAlistair Ritchie having a conversation at the USENIX Annual Technical Conference in January 1997
"Old" does not mean bad. Old can be worse, but it can also be better or equally good.
AS a C programmer myself (since a relatively young age), I'm not too impressed by the Rust hype which I deem a threat to Linux (I explained why in 2022; I had commented in that in prior years too). I'm no stranger to C++ either, but I only started dabbling in C++ relatively late - in my early 20s. In my experience, C++ leads to a higher level of complexity for programs; in some cases, this unnecessarily complicates things for everybody involved.
Based on some shallow - albeit essential - online research, Dennis Ritchie (C and UNIX creator/pioneer/inventor) did in fact meet Linus Torvalds (creator of Linux), shown in the center (photograph above) and the epic/eminent colleague Ken Thompson (nice person, music lover, and UNIX co-creator) said he was moving to GNU/Linux a couple of years ago. Thompson's mind seems very sharp and he can explain technical concepts quickly and fluently despite his age.
There has been some discussion about C++ in recent days because of future plans. "Conflicting interests, differing priorities and lack of participation has stymied the passing of memory safety proposals for C++," Agam Shah wrote 2 days ago. Shah used to write a lot about GNU/Linux, ARM, OLPC etc. so we have a high opinion of him and his work.
The bottom line is, this whole "memory safety" cargo cult has gotten quite loud. A lot of the corporate media got paid to play along with a GAFAM narrative (even RMS swallowed some of that, based on a conversation we had years ago). It's a bit of a distraction, as I'll explain a little later.
The programming languages (or frameworks) are sometimes being blamed for shoddy coding practices. That's like blaming a fall on a lack of safety rails where none are truly needed. That's not to say that coding can be done perfectly, but many times it boils down to developers with a poor grasp of networking (or computing in general) opening up too many sockets, files, or elevating permissions/scope where it's not necessary at all. In other words, fundamental errors can be traced back to misunderstanding of fundamentals. Ask Microsoft why it's alarming developers right now to "patch" .NET crapware; turns out that some domain expiring suddenly became a massive security threat. Whose idea was it to make programs dependent on DNS (and on whoever happens to have some domain registered at the time those programs are run)??? This is terrible design, akin to asking people to just download some program from some random domain (no matter who controls it) rather than some trusted source, which may be physical media, verified at a store or before shipping.
Not knowing much about Ritchie (except he was in poor health because of his lifestyle, or so goes the rumour), there's this meme about his death on the left. As Andy recently pointed out in his long article, Ritchie died at almost the same time as Steve Jobs, but the media only mentioned the latter and still mentions the latter (as if he only died a year ago or last week). Fame and recognition aren't earned in proportion to achievement, contribution etc. Get used to it.
In discussions about the photo above [1, 2], one person wrote: "Dennis Ritchie, who passed away the same week as Steve Jobs, made contributions to computing that are even more foundational. As the creator of the C programming language and co-developer of the UNIX operating system, his work underpins nearly all modern technology. While Jobs revolutionized consumer products, Dennis innovations built the core infrastructure of computing, enabling the digital world as we know it. RIP Dennis."
At the time the photo was taken he would be about 56 (born 1941) and already well aware of C++ and Java catching on. Many of the important programs were still written in C, not PHP of Python or any of the fancy "Web" things we now have (Ruby on Rails to name one). JavaScript was still relatively new and wasn't yet misused as bloatware for spying.
One reason why safety of C wasn't "all the rage" at the time was, people were working on computers offline or temporarily online (over dial-up/ISDN). Some places were connected over Ethernet that formed LANs (universities and offices), but the connected peers were mostly trusted and not some APT halfway across the globe.
That brings us to the motivations behind Rust and the role of the Linux Foundation, a Microsoft-dominated front group. The GAFAM think tanks (e.g. OpenSSF at the Linux Foundation) want to distract us from their back doors (i.e. intentional security problems), so they look for some scapegoat or a blame-shifting opportunity. If GitHub gets cracked or a project there loses control, they'd blame everything but Microsoft. They'd rather name "Linux" as a culprit than focus on back doors that enable the biggest and worst intrusions, including that of the US Treasury - it boiled down to Microsoft Windows again.
Don't let all the noise and the hype mislead you. The real security culprit is governments (and their pet corporations) wanting security holes to exist. The genuinely accidental holes are nowhere as bad, on average. They're typically hard to exploit remotely.
What would Dennis Ritchie say about all this? Well, late in his life he received awards and recognition in exchange for photo ops with the same political leaders who later demanded back doors or had already implemented them. To what extent was he aware that about a decade after his death the US administration would speak of C as if it was flaky piece of trash that must be avoided by programmers in the name of "security"? Even a kitchen knife can be used as a fatal weapon; yet we don't ban kitchen knives. More than 99% of people use these responsibly (care) and only inside the kitchen (scope) █