Re: Bloody tools
"I'm shuddering right now at the thought of a video decoder written in C# with regular pauses in playback when the garbage collector kicks in."
This is the 21st century and we're talking about mobile devices right? Why don't you just use the hardware-implemented codecs on the hardware (via the SDKs)? I can play real time video on my phone's browser, or from within an app, without having to get my hands dirty writing c++ codecs.
The piece of software relating to this particular security nightmare wasn't even something that would be bothered by GC.
I don't use C# but they've got it right when they named the 'unsafe' declaration. Golang was written because Google realised it was stupid putting C++ in the hands of ordinary people and expect them not to end up with an exploit-ridden rat's nest.
We're not going to fix humans any time soon. So the tools should change. Stuff the bare-metal performance (at least for situations where security is important - i.e. most of the stuff people use from day to day for online banking, shopping, communicating etc.)