That was partly my point. You bring up you don't like being told what you should or shouldn't use. Yet, you use a product doing exactly that of your own free will. You probably started to after someone shared a link to affect your decision-making. So, a pointless counter in reply to up-thread recommendations.

Do we speak a different language? Because again I just do not understand how any of what you're saying follows.

Yes, I use C. Is the programming language telling me to use this or that? No, I am telling it to do this or that.

And no, I am not using it because somebody told me to. I am using it because (as I said above), I like it, I enjoy using it, I am good with it, and feel like it's a good fit for the values I hold. Opinions shared by other people may have affected my perception, but I am not using the language because somebody tells me to.

Ok. Let's assume all that in light of your previous reply. Do you like your web apps to be secure? Or do you value the personal fulfillment of using C over that? A choice between those two is likely at the bottom of this. "Avoid C if security is priority" still stands with you making a different choice for different priorities.

Yes, I like web apps to be secure, and I believe I can deliver it. Especially when I use C.

But if it really were the case that it is literally impossible to write secure code in C (you'd have to prove it), then my web application should be the least of anyone's worries. Because they are using millions of lines of kernel and library code written in C or C++ to access my web application, which again is hosted on millions of lines of kernel, daemon and library code (including all the crypto) written in C or C++.

And the hypothetical alternative language would likely be implemented in C or C++. And it would be translated to assembly or machine code, a horribly unsafe language. If bugs are inevitable, then no language is safe.

>Because they are using millions of lines of kernel and library code written in C or C++ to access my web application, which again is hosted on millions of lines of kernel, daemon and library code (including all the crypto) written in C or C++.

And which were proven to be unsecure time and time again.

>And the hypothetical alternative language would likely be implemented in C or C++.

Isn't rust self hosted now ?

>And it would be translated to assembly or machine code, a horribly unsafe language.

Not on a Lisp Machine ! ;)

But you are right. Not using C only suppress a class of vulnerabilities, not all of them (and not the most trivial to exploit ones). Unless you are prepared to go all the way and do formal verification, model checking, and NASA style development, your application will be unsecure, and it will be hacked. The question is what is (are ?) your plan to recover when it happens ?

Rust has been self-hosted for a long time. But that doesn't really matter anyway, because the language used to write the compiler has no relevance[1] to vulnerabilities in the compiled code. What is more important is the language the runtime is written in, and Rust's runtime is written almost entirely in Rust (offhand the only parts I know of that aren't are compiler-rt and libbacktrace).

[1] Reflections on Trusting Trust isn't relevant here, we're not considering someone trying to attack the compiler.

>I believe I can deliver it. Especially when I use C.

No, you can't. It's been shown constantly. Buffer overflows. UB. Stack overflow. Dangling pointers. Memory leaks. It will happen.

>it is literally impossible to write secure code in C (you'd have to prove it)

Nobody can prove that. But I can show that it's significantly more error prone. Most other languages have some protections against stack overflow or invalid memory access. Not to mention UB.

>my web application should be the least of anyone's worries.

Not true. Of all the parts of the stack, your webapp is likely the least tested, least used, and thus the most likely to have the most serious bugs. Not to mention that, unlike most of the software you describe, your webapp is likely handling direct user input, the most dangerous location for a bug. And let's not even get into what happens if you're storing sensitive user data.

>And the hypothetical alternative language would likely be implemented in C or C++. And it would be translated to assembly or machine code, a horribly unsafe language. If bugs are inevitable, then no language is safe.

Any backend that generates C can generate near-perfect C code. As for runtimes and compilers written in C, they'll have bugs. All programs have bugs. That's why C sucks. But for the most part, you only have to worry about three issues in the compiler: 1) a built-in function has a bug in it, and doesn't work right. This can happen in any language, including C. 2) the runtime has an error in it that allows user input to cause some kind of memory corruption bug, and exploit it. This is bad, but those codebases are heavily scrutinized, and thus are less likely to contain bugs than the hand-rolled versions that you'd write. 3) there was some kind of GC error. This is probably what you're thinking of.

Two men are walking in the woods. They come across a bear, which starts moving towards them to attack. The first man starts tying his shoes, getting ready to run. The second man asks him, "What are you doing? You can't outrun a bear." And the first man says, "I don't need to outrun the bear. I just need to outrun you."

The same is true of the GC. The GC doesn't have to be perfect, it just has to be better than you. And statistically, you suck at what the GC does.

>If bugs are inevitable, then no language is safe.

Of course no language is safe. But some are safer than others.

"Two men are walking in the woods. They come across a bear, which starts moving towards them to attack. The first man starts tying his shoes, getting ready to run. The second man asks him, "What are you doing? You can't outrun a bear." And the first man says, "I don't need to outrun the bear. I just need to outrun you."

The same is true of the GC. The GC doesn't have to be perfect, it just has to be better than you. And statistically, you suck at what the GC does.

Aka how to sail safely Without a Paddle. ;) Like the analogy and use of statistical argument.