The US government wants devs to stop using C and C++ : programming

[–] [email protected] 7 points 4 days ago

[–] [email protected] 15 points 4 days ago (1 children)

I thought the US Government bought a lot of software in Ada, so I hope they continue with that.

load more comments (1 replies)

[–] [email protected] 86 points 4 days ago

I don't get why we're taking a swing at Linus here. The article only mentions him in relation to the rust for Linux project being slow going. But, it IS going and the US government has only stated that "you need a plan to move to a memory safe language by 2025 or you might be liable if something bad happens as a result of the classics (use after free/double free/buffer overflow/etc.)" but I don't think Linux would count it's free software and it does have a plan.

[–] [email protected] 12 points 4 days ago

lol ok.

[–] [email protected] 32 points 4 days ago (6 children)

My friend from university sends me his Rust code snippets sometimes. Ngl it looks like a pretty cool language.

There was also that tldr reimplemention in Rust that is a gatrillion times faster than the original.

I really want to give it a try but I have executive dysfunction and don't have any ideas of what I could use it for.

[–] [email protected] 23 points 4 days ago (7 children)

The main issue I have with rust is the lack of a rust abi for shared libraries, which makes big dependencies shitty to work with. Another is a lot of the big, nearly ubiquitous libraries don't have great documentation, what's getting put up on crates.io is insufficient to quickly get an understanding of the library. It'd also be nice if the error messages coming out of rust analyzer were as verbose as what the compiler will give you. Other than that it's a really interesting language with a lot of great ideas. The iterator paradigm is really convenient, and the way enums work leads to really expressive code.

[–] [email protected] 5 points 4 days ago* (last edited 4 days ago) (3 children)

Why not just use the C ABI?

And what libraries are you referring to? Almost all the ones I've used have fantastic docs.

load more comments (3 replies)

[–] [email protected] 15 points 4 days ago (1 children)

Documentation is generally considered one of the stronger points of rust libraries. Crates.io is not a documentation site you want https://docs.rs/ for that though it is generally linked to on crates.io. A lot of bigger crates also have their own online books for more in depth stuff. It is not that common to find a larger crate with bad documentation.

load more comments (1 replies)

load more comments (5 replies)

[–] [email protected] 17 points 4 days ago (3 children)

Rust is definitely a really cool language (as someone who has played with it just a little) but it's quite headache inducing, at least for me at the moment.

[–] [email protected] 14 points 4 days ago

It has a steep learning curve, but it's super nice to use once you're over the initial bump

load more comments (2 replies)

[–] [email protected] 11 points 4 days ago

fn executive() {}

load more comments (3 replies)

[–] [email protected] 88 points 4 days ago

If only it were that easy to snap your fingers and magically transform your code base from C to Rust. Spoiler alert: It's not.

How utterly disingenuous. That's not what the CISA recommendation says, at all.

[–] [email protected] 77 points 5 days ago (4 children)

But there is context to it:

The report on Product Security Bad Practices warns software manufacturers about developing "new product lines for use in **service of critical infrastructure or [national critical functions] **NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety."

It's for new products that are very important to critical infrastructure and need to be safe as possible. The article writer seem not to be aware of this context:

Take Rust in Linux, for example. Even with support from Linux's creator, Linus Torvalds, Rust is moving into Linux at a snail's pace.

Because Linux is the biggest software in the entire world and they do lot of stuff their own way. Rust is integrated slowly for future new projects. It makes sense to move in snail pace. The government doesn't suggest the Linux project to stop using C entirely. The government "recommends" to start new projects in memory safe languages, if it is a critical software. That makes sense to me.

You see, people who've spent years and sometimes decades mastering C don't want to master the very different Rust. They don't see the point.

No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

After all, they can write memory-safe code in C, so why can't you?

Nonsense argument, and false too. If that was the case, why do we have memory safe languages? Clearly people make mistake, old and new. Besides Linux is not the only software in the world.

Converting existing large codebases to memory-safe languages can be an enormous undertaking.

Nobody says old code should be rewritten in Rust. Neither the government, nor the Rust programmers in Linux suggest that. It's not about rewriting code in memory-safe languages, its about new projects.

Either this article is a misrepresentation or misunderstanding. Or I misunderstand the article or government. I don't know anymore...

[–] [email protected] 34 points 4 days ago (1 children)

They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

I don't even think the rust devs where asking for that. They are refusing changes by rust devs that help with rust while making the c code clearer and even refuse to answer questions about the semantics behind the c code. At least as far as I can see from the outside.

[+] [email protected] -6 points 4 days ago (3 children)

The Rust kernel devs are ...

...asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.
...asking maintainers to accept code into their subsystem whilst being told, you don't need to know Rust to an expert level...trust us. Cross language interfaces always have nuance and make good attack vectors. Understandable that maintainers are cautious.
...creating quite a lot of hassle for no a lot of improvement. Systems are only as resilient as their weakest components. The cross language interface is always going to be weak. Introducing a weakness to get improvements probably only succeeds at making the whole weaker.

[–] [email protected] 27 points 4 days ago

asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.

No, they were asking them to define the semantics of the filesystem APIs. Those semantics are not encoded in the C API but the Rust devs wanted to encode them in the Rust API to avoid making mistakes.

The C devs didn't want to, not because of concerns about binary drivers, but because the semantics are already broken. Apparently different filesystem drivers assume different semantics for the same functions and it's a whole mess. They don't want to face up to this and certainly don't want anyone pointing it out, so clearly it must be the Rust devs' fault for wanting APIs to have consistent semantics.

The rest of your comment is nonsense.

[–] [email protected] 7 points 4 days ago (1 children)

What's the reason to avoid binary blob drivers being feasible? Is that about not being able to use non-free binary blobs in kernel? I don't quite understand what it even is about

[–] [email protected] 14 points 4 days ago (1 children)

Having binary blobs linked into your kernel is a maintainability nightmare. You're allowing a third party to link their buggy drivers into the heart of your platform. It breaks any security model you have, and brings with a bunch of bugs that are impossible to debug.

Nvidia were the worst offender and it culminated in this:

https://arstechnica.com/information-technology/2012/06/linus-torvalds-says-f-k-you-to-nvidia/

[–] [email protected] 1 points 4 days ago (1 children)

Got it. I agree that their drivers are (were?) of exemplary bad quality

But I don't think that it is realistically possible to drop all the proprietary firmware blobs, and if it's not maybe it's better to not actively sabotage something to 'avoid those being feasible'?

load more comments (1 replies)

[–] [email protected] -3 points 4 days ago (1 children)

IIRC They were also trying to get kernel devs to let official structure definitions live in Rust instead of C, and got upset when they didn't want to do that.

[–] [email protected] 12 points 4 days ago

the rust devs wanted to CREATE official structure definitions that don’t exist in C so that there was more semantic meaning to the APIs

load more comments (3 replies)

[+] [email protected] -14 points 5 days ago* (last edited 5 days ago)

Eventually, painfully, slowly, we'll move to memory-safe languages. It really is a good idea. Personally, though, I don't expect it to happen this decade. In the 2030s? Yes, 2020s? No.

This. Unless the government starts introducing fines or financial incentives (like fines) to force the use of memory-safe languages, ain't nothing gonna happen.

Anti Commercial-AI license

[+] [email protected] -26 points 5 days ago (6 children)

Ok, and what do you think the memory managers were written in?

[–] [email protected] 7 points 4 days ago

If it’s broke, don’t fix it amiright?!

[–] [email protected] 18 points 4 days ago

AFAIK, the first one was written in LISP.

The one most people push around here was written in Rust. It's a really great language to write memory managers anyway.

[–] [email protected] 29 points 5 days ago

God, this old argument... Careful, it's an antique.

The idea is to minimize memory management and have people who are experts on it deal with it.

[–] [email protected] 47 points 5 days ago* (last edited 5 days ago) (1 children)

Who cares? Just like most things your average programmer relies on, they are written by smarter or at least more specialised people to make your job easier. They have learned to write memory-safe code so you don't have to.

[–] [email protected] 13 points 4 days ago

More specialized is critical.

You have to understand your domain, what your goal is, how much time and money you have, etc.

[–] [email protected] 14 points 5 days ago

I don't think those are the problem, but rather how they are used. And in case of managed languages like C#, it's almost impossible to shoot yourself in the foot when it comes to memory management. You still can, if you really wish, but you have to be very explicit in that. 🤷‍♂️

load more comments (1 replies)

[–] [email protected] 23 points 5 days ago (1 children)

To address this concern, CISA recommends that developers transition to memory-safe programming languages such as Rust, Java, C#, Go, Python, and Swift.

If only it were that easy to snap your fingers and magically transform your code base from C to Rust.

guy_butterfly_meme.jpg is this unbiased journalism?

[–] [email protected] 14 points 5 days ago* (last edited 4 days ago) (1 children)

As the article is denoted as a comment, it is not its aim to be unbiased journalism.

In contrast to usual articles, comments usually elaborate on the opinion of the jounalist.

[–] [email protected] 7 points 4 days ago (1 children)

I don't know why you're being downvoted. It literally starts with the word OPINION in bold red caps.

load more comments (1 replies)

[–] [email protected] 10 points 5 days ago

Well now I'm going to have to use it even more.

[–] [email protected] 136 points 5 days ago (4 children)

Why the swipe at Linus? He's been supportive of rust in the Linux kernel.

load more comments (2 replies)

Programming

Rules

Wormhole