Byzantine Reality

Searching for Byzantine failures in the world around us

C as the Fat Man

It’s pretty rare that I find a good programming language-video game metaphor, but after a bit of thinking, I think I’ve got something. For me, it’s a natural match between the C programming language (and C++) and Fallout 3′s Fat Man, a “tactical nuclear catapult”. They’re both super-powerful and exceedingly dangerous to your health if not used correctly.

With the Fat Man, you need to know how to use it safely as well as the common ways that using it incorrectly will get you killed. It’s exactly the same for C (substitute your player’s death for your program’s death). And with both, you only learn from experience. It’s debatable whether or not either can be the first you use or whether it’s really practical for everyday use. If you’ve got enough ammo (which you really don’t), then you technically could use the Fat Man for whatever you need to, although there’s some close quarters action where you really can’t use it without killing yourself in the midst of it. And the same goes for C: you could use C for whatever you felt like, but there’s some tasks where it’s just not suitable.

And the same goes the other way: there’s some tasks where the Fat Man and C really excel. The last thirty years have shown us that if you’re writing an operating system, it’s gotta be C. Many projects have tried to wrestle the throne away: SPIN (Modula-3), JavaOS (Java), and Singularity (C#). Of course this list is far from exhaustive, but it just goes to show, it just hasn’t happened yet. In the same way, for taking out the big enemies in Fallout 3 you’ve just gotta use the Fat Man:

Of course it’s common knowledge all over again: no programming language is perfect for everything just as no weapon does every task perfectly well, otherwise, why would we need more than one of either? And I’d go further to say that the preeminence of garbage collected languages have shown us that as programmers, we just aren’t that great at managing memory ourselves. It’s hard enough to use malloc() and free() correctly on non-trivial systems, even with years of experience. But there’s a different angle I want to look at this from:

Like the Fat Man, C gives you more than enough power to shoot your leg off. But with programs, you now have untrusted users running your programs as well as hackers nitpicking through your code looking for vulnerabilities. So now you’ve got the Fat Man being operated by people with no idea what they’re doing and by people who want to cripple themselves or each other. Here’s where it got dangerous: the C language and it’s runtime has so many different types of vulnerabilities that letting new programmers use them is straightup dangerous. Of course, you have to use it to learn it, but for new programmers, here’s a word of advice to you, in traditional CS style:

Rule 1: If you have to program in C, don’t.

Rule 2: If you really have to program in C, have a copy of The Shellcoder’s Handbook to your left and a copy of Code Complete to your right.

If you’re programming in C and you don’t know how to use it correctly and how to use it safely, you’re no better than pointing the Fat Man straight at the ground and clicking the trigger. You’re begging for your program to memory leak or segfault, and that’s if you’re lucky. In all actuality, you’re opening up security holes waiting to be exploited (equivalent to the radiation poisoning you’ll get from the Fat Man if it doesn’t immediately kill you upon improper use).

It’s a valuable lesson that language designers picked up for newer languages: they saw how C was being exploited and patched a lot of those issues with Java and its runtime system (of course not just Java, but that’s the notable example). And of course, I’ve used C and have enjoyed it and will continue to use it via the rules shown earlier. Always know the pros and the cons of the technology you’re using, and keep them nearby so they don’t slip by you.