Re: They woke up
> Put simply, it's impossible to create an entirely "secure" development language/environment. ... Doesn't mean that we can't improve things though.
Yeah. You can never prove that code does what you think it does (i.e. is correct). The best you can do is to eliminate surprises: pointers, untyped variables, type casting, integer overflows, silent failures in general, fancy string embedding/escaping (big in webdev), cryptic punctuation, unnecessary verbosity, etc. But you have to be careful about adding new surprises (exceptions, garbage collection, arcane type systems) in the name of safety.
Predictability is key. Simple concepts, simple syntax, limited features, deterministic compilation & execution (same source & input -> same exact runtime behavior)
> ...even open source stuff is no guarantee if you didn't write the compiler yourself. And even if you did, what did you compile /that/ with?
Pencil, paper, and an opcode table. You can implement a simple Forth compiler in under 1000 bytes, and use that to bring up the rest of the system. Worst case, you'd have to program it in bit-by-bit using toggle switches. :)