Linux people doing Linux things, it seems.

  • kbal
    link
    fedilink
    102 months ago

    Switching everything from C to Rust because it has better memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns and other cool features. Maybe it’s a good idea, but it’s understandable that some people are reluctant.

    • Snot Flickerman
      link
      fedilink
      English
      74
      edit-2
      2 months ago

      Maybe it’s a good idea, but it’s understandable that some people are reluctant.

      I understand that position. I also understand how the words and phrases that the C community has used to communicate with the Rust community seems to be completely dismissive, not just reluctant.

      I quoted what I did explicitly because of how a statement like that comes off to the person it’s aimed at. It doesn’t make them feel like they’re on an even footing working on the same project with the overall goal of it becoming better.

      memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns.

      I mean… not at all? Memory safety is huge for cybersecurity, buffer overflows and the like are common attack surfaces. C requires you to have deep knowledge of safe memory management practices and even then you can end up with memory issues. Rust was developed to avoid such issues entirely. I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”

      • kbal
        link
        fedilink
        142 months ago

        Gender neutral pronouns are pretty huge too. Sure you can do them in English without too many problems usually, just as it’s also possible to code safely in C. It requires everyone to change their old habits, but it’s much less of a change than is involved in adopting a whole new language.

        Anyway, I do like Rust better personally.

        • @[email protected]
          link
          fedilink
          242 months ago

          I would still say that getting people to the point where they can write safe C code every time is harder than learning Rust, as it’s equivalent to being able to write rust code that compiles without any safety issues (compiler errors) every single time, which is very difficult to do.

        • Snot Flickerman
          link
          fedilink
          English
          13
          edit-2
          2 months ago

          Ok, that made your analogy make more sense to me. I can agree with that. Thanks.

        • @[email protected]
          link
          fedilink
          10
          edit-2
          2 months ago

          Gender neutral pronouns might be pretty huge too, but nobody’s private data is getting hacked because of gendered pronoun use.

        • @[email protected]
          link
          fedilink
          English
          12 months ago

          Don’t thinknits possible by on write safe c code. Otherwise we would not have these issues time and time again. But yes its only the idiots begin don’t know how to code. Projects are big and complicated itsneasy to make mistakes.

      • @[email protected]
        link
        fedilink
        13
        edit-2
        2 months ago

        People prefer what’s familiar to them. Rust is completely foreign to them, the syntax is very different, the community is different (and often much younger), it still has many issues and is not ubiquitous, and many people are just slow/averse to change in general. So I absolutely understand the hesitation. And some just don’t like it for other reasons like the syntax, learning curve or other reasons. There’s also still a host of memory-related things Rust doesn’t fix like stack overflows, leaks, bitflips, unsafe context code, and just bad coding practices in general.

        • @[email protected]
          link
          fedilink
          English
          22 months ago

          I blame C++. When these kernel hackers hear about how they should switch to this shiny new language that’s going to make their code so much cleanser and more manageable, I don’t blame them for thinking it’s all bullshit. It was last time.

          • @[email protected]
            link
            fedilink
            5
            edit-2
            2 months ago

            To be fair, there’s nothing wrong with only using the parts of C++ you want. If you avoid things like templates, exceptions, RTTI etc. then e.g. your compile times will not suffer like people always complain about, your error messages will not be cryptic, plus you’ll have stronger typing, easier/safer lifetime management with ctor/dtors and easier to read code from class usage.

            Personally I think Swift has great potential if it can get past the speed and cross-platform issues, as it was designed by (among others) some C++ committee folks, and so it feels a lot more familiar than say, Rust, plus it fixes a lot of long-standing issues.

            There is also an Indian kernel fork that allows C++ drivers.

      • rhabarbaOP
        link
        fedilink
        32 months ago

        I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”

        For those depending on COBOL code that does the job and has been doing it just well for a few decades, there are approximately zero good reasons to not stick with it.

        • @[email protected]
          link
          fedilink
          English
          132 months ago
          1. Eventually all the people who know and are good at cobol will die.
          2. A while before that happens, the people who know it will continually demand more money for their rare skills.
          3. Eventually, the cobol systems out there will need to interface new systems in some way it wasn’t designed to and it’ll be more expensive to shoehorn the remote system than to let the ancient beast retire.
          • @[email protected]
            link
            fedilink
            12 months ago

            Even if, we are talking about the Linux kernel. Our entire ecosystem builds upon C. People choosing C for new projects because it is the common denominator.

            If Rust should be adopted in the kernel faster, patches should be send which comment how each line addresses issues of memory management solved and elaborations for rust specific patterns unfamiliar to a C dev.

            Lurkers will pick up Rust that way as well.

            Each Rust dev had to pick it up and therefore should be able to enable other - probably more experienced - Linux kernel hacker to provide reviewable patches.

            It shouldn’t be the other way around, else you are just stepping on the efforts the other human provided to that project.

            • @[email protected]
              link
              fedilink
              English
              12 months ago

              I’m not against Rust. I’d like to see something less dangerous with memory than C, but I don’t think it’s time yet for the kernel to leave C.

              It’s pretty clean, stable, it’s working well at the moment and the C language (or variants of it) is/are still actively used everywhere. I think the kernel universally going Rust will be a long road of everything under the sun going there first before it’s ported in earnest.

              • @[email protected]
                link
                fedilink
                English
                22 months ago

                The goal ATM is simply to allow people to write new drivers in rust, not convert the whole kernel to rust. It will be a very long time, before more core parts would be allowed to be written in rust let alone rewriting any existing core kernel code. Which is all fine as new drivers are a large part where bugs are added - older parts have had a long time for bugs to be found and fixed and so it is far less important to need to rewrite them.

        • @[email protected]
          link
          fedilink
          32 months ago

          Does it count as “doing it well” when every release has fixes for previous releases’ memory bugs?

    • @[email protected]
      link
      fedilink
      162 months ago

      Vast majority of the cybersecurity community: “an absolute ton of exploits come from memory safety issues with C/C++, we should move to memory safe languages like Rust to greatly reduce security risk and make everyone safer”

      You: “Ehh Rust has a couple features, but it’s totally not worth switching from my precious precious C”

      • @[email protected]
        link
        fedilink
        English
        32 months ago

        Yes people are also like you can code c safely yet it doesn’t seem to be that way. With the amount of bugs found over and over again.

      • @[email protected]
        link
        fedilink
        12 months ago

        like Rust

        But no one is talking about that that is doesn’t need to be Rust. There are alternatives that can do as much if not more with the type system & safety while being as low-level as C without some of Rust’s restrictions.

        • Pup Biru
          link
          fedilink
          English
          102 months ago

          rust was literally written as a systems programming language to take a similar place as C. i’m not sure of the restrictions you mean

        • @[email protected]
          link
          fedilink
          102 months ago

          Not quite, had I done something more broad than sure. But I reference a specific group of people whose job it is to provide security guidance on such matters. The ones who are out there fighting the good fight, RE’ing malware and busting down botnets among many security things

          But I’m sure you are similarly credentialed as the SMEs in the cybersecurity field right?

          • kbal
            link
            fedilink
            -92 months ago

            Nah. If you’d been leaning on specific statements of any given expert — of which it is of course possible to find plenty that might in such casual rhetoric be used to support whichever conclusion you like — that would’ve been argumentum ad verecundiam, an appeal to authority. Instead you cited an imagined “vast majority” to exaggerate the universality of your opinion.

            P.S. Whilst I’m indulging my argumentative side perhaps it is also worth pointing out that you totally mischaracterized my own statements and motivation. I am not primarily a C programmer, and I’ve been happy to use Rust myself when the opportunity arises. I have no personal stake in this particular fight.

            • @[email protected]
              link
              fedilink
              72 months ago

              Ah I see your default is to sprinkle in a bit of argumentum ad logicam and add a dash of straw man at the end

              Your statement comes across as the migration from C/C++ is more of an upgrade for new features and increased “ease of use” rather than an urgent security issue when it definitely is. It’s more than just a case of a couple of experts and some articles, you’ve got multiple governmental and NGOs like The NSA, The Whitehouse, CISA, DARPA all calling for the migration away from C/C++ to memory safe languages

              https://devops.com/darpa-turns-to-ai-to-help-turn-c-and-c-code-into-rust/

              “DARPA, the Defense Department’s (DOD) R&D agency, will lean on emerging AI capabilities in a new program to deal with the costly and time-consuming challenge of rewriting C and C++ code to Rust in a move designed to meet the push for federal agencies and private organizations to adopt memory-safe programming languages.

              https://www.theregister.com/2023/12/07/memory_correction_five_eyes/

              "CISA, in conjunction with the National Security Agency (NSA), FBI, and the cyber security authorities of Australia, Canada, the United Kingdom, and New Zealand, said its call for better memory safety follows from its Secure By Design recommendations – endorsed by all of these cyber authorities.

              “With this guidance, the authoring agencies urge senior executives at every software manufacturer to reduce customer risk by prioritizing design and development practices that implement MSLs [memory safe languages],” the report argues."

              ~

              "CISA suggests that developers look to C#, Go, Java, Python, Rust, and Swift for memory safe code.

              “The most promising path towards eliminating memory safety vulnerabilities is for software manufacturers to find ways to standardize on memory safe programming languages, and to migrate security critical software components to a memory safe programming language for existing codebases,” the CISA paper concludes."

              • kbal
                link
                fedilink
                -42 months ago

                Indeed the language is extremely fashionable among government types and many others. I did not really mean to suggest otherwise. If accusing me of erecting a straw man is your way of apologizing for your initial comment, I accept it.

                • @[email protected]
                  link
                  fedilink
                  42 months ago

                  Straw Man Fallacy: A straw man fallacy occurs when someone misrepresents an opponent’s argument to make it easier to attack or refute. Instead of addressing the actual issue, the person creates a distorted version of the argument that is easier to discredit.

                  This is what you have done in every single reply you made when I have made it quite clear that this is about the migration being an urgent security issue that the cyber security community at large has been calling attention to.

                  You avoid all the core points I make and distort them into trivial things that you can easily argue, like the fact that you “Don’t code C much and use Rust occasionally”. It’s irrelevant to the actual arguments and you use it to dismiss the real core issues AKA a Straw Man fallacy

                  You have failed to argue in good faith and are actually a part of the problem. Good job!

                  • kbal
                    link
                    fedilink
                    -42 months ago

                    Failing to respond in detail to all of the claims you believe to be your most important ones is not what is usually meant by a “straw man.”

                    While I don’t mind Rust (although I’m not too good at it yet) I really do find the crowd of overzealous enthusiasts claiming in the most hyperbolic terms that the necessity of its universal use is an urgent security issue quite off-putting sometimes.

    • @[email protected]
      link
      fedilink
      -22 months ago

      😂i wish my country switched from german to English because of how difficult it is to talk genderless in that language. Like, every fucking word seems to be gendered here.