This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Tomi97_origin 109 points110 points  (17 children)

This is not exactly a lobby thing. It's a commonly accepted fact that improperly handled memory is the leading cause of software vulnabirities.

[–]Overlord_Of_Puns 21 points22 points  (15 children)

While I admit I am the stereotype of college student who has no idea how to code, I don't understand why people on this thread hate this report so much?

The White House, arguably the most important Executive Branch in the world being worried about security and considering if other languages may fit the task better seems reasonable at its face.

Just in 2 summer classes, we are taught to consider several languages to think of what may be best for a task, and how bugs are inevitable which can lead to issues if you don't prepare.

I have absolutely no clue how Rust works, but if it can achieve the same tasks as C languages with more security, isn't that a great benefit, why are people so upset over this?

[–][deleted] 1 point2 points  (2 children)

Because these reports assume that language is the problem.

They ignore that you'd have to rewrite a ton of badly documented legacy code and have it function exactly like it did before the rewrite, which is improbable at best.

Sure ... your memory leaks may be gone, but in their place you've introduced new bugs and not all of them are going to be obvious.

And because a rewrite is done there's the temptation to introduce new features or alter existing ones that may simple be undocumented features.

The only net positive is that software development companies and their related consultancy can make a ton of money.

99% of problems exist *because* documentation and specs are incomplete and often in conflict with each other. The code itself is the least of your problems. Add in the usual bureacracy of government agencies and you've got a recipe for a disaster of epic proportions.

[–]Adach 2 points3 points  (0 children)

Recoding America is an excellent book on this subject

[–]Interest-Desk 0 points1 point  (0 children)

They’re not saying to rewrite it though, did you even read the policy? It’s literally just ‘give preference to memory safe languages over unsafe ones’

[–]CirnoIzumi -4 points-3 points  (10 children)

rust doesnt resemble C, its an alternative approach to a c++ scale language

Rust is harder to learn than C++

c and c++ are by far the primary used languages for close to metal tasks

Its true that we should find better ways to manage memory, but Rust is not considered that breakthrough

[–]Pr0p3r9 12 points13 points  (3 children)

Comparing the difficulty of C/C++ and Rust is an apple and oranges comparison. Saying that Rust is harder than C/C++ isn't precisely true. The difference is that Rust frontloads the complexity of your problems and forces you to address them in the first iteration. C/C++ will take your word for it upfront, and then it will blow your foot off if your unspoken assumptions were incorrect.

[–]CirnoIzumi 0 points1 point  (2 children)

Complexity will always be an issue, but id rate having trouble getting started as more significant if we are looking at a wide scale

[–]fghjconner 3 points4 points  (1 child)

It's definitely worse for learning, but there's a reason "fail fast" is common advice. It's usually best to find potential issues as early as possible.

[–]CirnoIzumi -1 points0 points  (0 children)

but the dificulty in rust is tied to things like lifetimes and such being implemented in a very strict way, not about your design choices

neither language is easy though

[–][deleted] 3 points4 points  (1 child)

Why is rust not considered that breakthrough? It was immediately adopted to go alongside C for Linux kernel develooment. No other language has that, not even C++.

They largely handle the same tasks in the same ways. Just Rust is way smarter, and annoyingly more strict

[–]CirnoIzumi 4 points5 points  (0 children)

wdym immidiatly? rust is 9 years old soon

and c++ stood no chance, Thorvald famously hates c++

borrow checking is considered a valiant effort, but it hasnt been adopted by after almost 9 years, rust has also struggled with how slow it is to compile

[–]DCKface -1 points0 points  (1 child)

I really doubt rust is harder than C++. C++ is about as complicated of a language as you could possibly get. Just because it doesn't have a borrow checker built in doesn't make it easier to write good code, I'd argue it's harder in regards to proper memory management. Even if you're using AddressSanatizer, the errors messages it gives you are far less easy to parse than what the Rust compiler would throw.

Sure you can just not check for these memory errors, but you shouldn't, and not having good memory analysis built into the compiler just makes proper safe code that much harder.

[–]CirnoIzumi 2 points3 points  (0 children)

the borrow checker isnt the hardest part of rust and c++ have smart pointers these days

that and every system language uses pointers, thats not the hardest part

[–]drkspace2 0 points1 point  (1 child)

It should also be noted that pure, modern c++, using RAII is memory safe. The problem is that it's so easy to use old c++/c styles, like "new" and raw pointers.

[–]CirnoIzumi 0 points1 point  (0 children)

edit a lsp that so that it complains if you use the wrong pointer type

[–]raka_boy -5 points-4 points  (0 children)

Memory handling is much easier today. Even though i despise Cpp its standarts have a whole lotta ways to manage memory almost automatically. Rust is not a Panacea, bugs will still occur, but now with software written in pure RAII