If ssh has a security issue and you permit root logins then hostiles likely have an easier time getting access to root on the machine than if they only get access to your user account—then they need multiple exploits.

Generally you also want to be root as little as possible. Hence sudo, run0, etc.

Isn’t that sort of just the cost of doing business in C? It’s a sparse language, so it falls to the programmer to cobble together more.

I do also think the concrete example of emails should be taken as a stand-in. Errors like swapping a parameter for an email application is likely not very harmful and detected early given the volume of email that exists. But in other, less fault-tolerant applications it becomes a lot more valuable.

It is pretty funny that C’s type system can be described pretty differently based on the speaker’s experience. The parable of the Blub language comes to mind.

Parsing is a way of “validating early”. You either get a successful parse and the program continues working on known-good data with that knowledge encoded in the type system, or you handle incorrect data as soon as it’s encountered.

I feel I gotta point out it’s a pretty funny example—email comes up so frequently as a thing that you’re recommended to neither parse nor validate, just try to send an email to the address and see if it works. If you need to know that it was received successfully, a link to click is the general method.

But “parse, don’t validate” is still a generally good idea, no matter the example used. :)