1. 3

    It means you don’t write the kind of code that appears in the hero image of the article.

    1. 6

      It’s been over a decade since I’ve programmed in C. I read through the source code for this project and now I remember what I hated about C.

      There’s a ton of laziness in this code about checking types. It’s not self-documenting at all. There’s a lot of if (!timeout), if (!ptr), if (!...) where that ... could be an int, a pointer, a char, or any number of other things. Then you see a lot of commits trying to fix bad assumptions that those values would be 0. For example, in the timeout case the code initially only checked whether it was 0 or nonzero. Then later there was a commit to take into account the fact that the timeout could be negative.

      I have no idea what this function does but in any sane modern language that function would return a type that you could switch over if the expected behaviors are for timeout < 0, timeout == 0, and timeout > 0.

      The commit that changed

      else if('\\' == *ptr) {
      

      to this

      else if('\\' == *ptr && ptr[1]) {
      

      is only because of C’s uniquely bad string type

      There are literally hundreds of commits fixing memory leaks.

      My bet is that if you were to re-write curl in a newer language, you might miss out on some functionality but you wouldn’t have nearly as many security holes.

      1. -4

        Give me examples of similarly usable software written in some better language.

        1. 10

          I’m super curious where you thought you were going with this? Some weird form of “since theres no alternative, (this is the best way|stop bitching about it)”? Or maybe “well if it’s so bad, then you get in there and fix it!”?

          Are we not allowed to comment on bad source code simply because its widely used or that we haven’t written a similarly popular library? Objectively bad source code can and does exist. This code wasn’t written by just one person, it was written by many.

          Maybe you were genuinely asking for examples on other software. If so, you should know that your demand for examples comes off as vaguely hostile. And then to ask everyone who doesn’t understand you to “grow up” reinforces the perceived hostility in your original comment.

          My apologies if you’re already aware of all this, the last thing I want is a confrontation.

          1. 1

            I read an airy

            My bet is that if you were to re-write curl in a newer language, you might miss out on some functionality but you wouldn’t have nearly as many security holes.

            and I asked for for backup on the implied comparison. It’s easy to assert that something that works is terrible compared to what you imagine it should be, but there are actual engineering reasons why such a high percentage of the internet machinery is written in C/C++ or Java and not in some “newer language”. What are the examples of solid, widely used, systems components written in something newer or better and what does the CVE track of those examples look like. If you have them, that would be interesting. If you don’t then the critique is lacking traction.

          2. -4

            How obnoxious to claim this question is “troll”. Grow up.

        1. 19

          This is petty and poorly thought out.

          1. 6

            I don’t think it is petty to criticize the tools we use, they’re not all created equal. In Go’s case, it might be beating a dead horse, though.

            1. 8

              I definitely agree with you. Being critical of your tools is how you get better tools.

              For this though, to take a bunch of subjective articles wholesale and glue them together as a affirmation that something is bad shows a lack of willingness to consider why that something was ever brought into existence. It’s just bad form.

            2. 0

              i read it as a pretty hilarious sendup of the entire thicket of go criticism blogposts