The Insightful Troll

Rants and ruminations.

Code That Changed Everything

| Comments

Slate came up with a list of the 36 world-changing pieces of code, including the code responsible for the 1202 alarm thrown by the Apollo Guidance Computer during the first Moon landing, the HTML hyperlink, PageRank, the guidance system for the Roomba, and Bitcoin.

My favorites - Of course the piece of code from 1972 that launched a generation of developers, myself included:

1
2
3
4
5
6
#include <stdio.h>

main()
{
  printf("hello, world\n")
}

That snippet of code, or some form of it is the first thing a budding developer writes. Even today.

And the infamous null terminated string:

1
char yellow[26] = {'y', 'e', 'l', 'l', 'o', 'w', '\0'};

From the Slate article:

In 1972, Dennis Ritchie made a fateful decision: to represent text in his new language with something called a null-terminated string. The concept had been around earlier, but he enshrined it in his new language, which he called C, and the legacy of that decision has been with us ever since.

There are two primary ways that programming languages represent a piece of text: It can have an intrinsic, explicit length—“I contain exactly 10 characters and no more.” Or it can be null-terminated—“Here are a bunch of characters, keep going until you hit the zero-byte at the end, good luck!”

An extremely common mistake in C code is to copy a long string into a shorter string and overflow the end, meaning you are destroying other data that just happened to be nearby. It’s like scribbling past the edge of a whiteboard.

Besides merely causing the program to malfunction, such bugs can be exploited to change a program’s behavior by convincing it to overwrite something with specific, carefully crafted data. These are the buffer overflow attacks. Very nearly every security exploit you’ve ever heard of starts here, beginning with the Morris Worm in 1988.

You can code carefully in C to avoid these kinds of bugs, but the language makes this class of mistake easy to make and hard to detect. Nearly every modern language eschews the null-terminated string, but C and C++ still run the substrate of the world, from your router to your “smart” lightbulbs. So we’re still playing whack-a-mole with this class of bug nearly 50 years later.

Jamie Zawinski Netscape Developer

Its intersting how Brian W. Kernighan and Dennis M. Ritchie in their classic book The C Programming Language gave us the both the lingua franca of the modern software world, and its greatest design flaw.

Comments