Fixing C's Biggest Mistake

[Don Allen]

On Monday, 9 January 2023 at 21:38:34 UTC, Walter Bright wrote:
> On 1/9/2023 7:12 AM, Don Allen wrote:
>> So is an airplane (despite the internal redundancies, the 
>> whole system can fail, e.g., the 737 rudder actuator 
>> failures), and yet we fly. That something is a single point of 
>> failure is, considered alone, not an argument against its use. 
>> The decision to use or not should be based on a weighing of 
>> the benefits vs the risk/cost (probability of failure and its 
>> cost).
>
> The rudder failure was a very baffling problem, and it wasn't 
> even clear it *was* a rudder failure for years.
>
>
>> As for LastPass, I was a user, with a long-enough random 
>> password drawn from a large enough character set resulting in
>> > 10^15 possibilities. A key that hard to find by brute force
>> gets the risk low enough for me so I can enjoy the benefit of 
>> having access to my passwords from all my devices and share 
>> them with my wife and vice-versa. What's the alternative? An 
>> encrypted spreadsheet? Unworkable.
>
> A strong password isn't good enough. There are other ways in. A 
> key logger may record your password.

I'm well aware of key loggers. It's pretty unlikely that a key 
logger going to get installed on my FreeBSD or Linux systems that 
are sitting behind a firewall with the sshd port blocked? In 
addition, I never type my 1Password password. I keep it on a USB 
key that gets inserted and mounted when I need it and a script 
prints the password and umounts the key. I then copy-paste the 
password.

I'm not looking for zero risk, which is impossible. I'm looking 
for the most reasonable operating point. Again, cost/risk vs. 
benefit.