Linux people doing Linux things, it seems.
Switching everything from C to Rust because it has better memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns and other cool features. Maybe it’s a good idea, but it’s understandable that some people are reluctant.
Maybe it’s a good idea, but it’s understandable that some people are reluctant.
I understand that position. I also understand how the words and phrases that the C community has used to communicate with the Rust community seems to be completely dismissive, not just reluctant.
I quoted what I did explicitly because of how a statement like that comes off to the person it’s aimed at. It doesn’t make them feel like they’re on an even footing working on the same project with the overall goal of it becoming better.
memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns.
I mean… not at all? Memory safety is huge for cybersecurity, buffer overflows and the like are common attack surfaces. C requires you to have deep knowledge of safe memory management practices and even then you can end up with memory issues. Rust was developed to avoid such issues entirely. I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”
Gender neutral pronouns are pretty huge too. Sure you can do them in English without too many problems usually, just as it’s also possible to code safely in C. It requires everyone to change their old habits, but it’s much less of a change than is involved in adopting a whole new language.
Anyway, I do like Rust better personally.
I would still say that getting people to the point where they can write safe C code every time is harder than learning Rust, as it’s equivalent to being able to write rust code that compiles without any safety issues (compiler errors) every single time, which is very difficult to do.
People prefer what’s familiar to them. Rust is completely foreign to them, the syntax is very different, the community is different (and often much younger), it still has many issues and is not ubiquitous, and many people are just slow/averse to change in general. So I absolutely understand the hesitation. And some just don’t like it for other reasons like the syntax, learning curve or other reasons. There’s also still a host of memory-related things Rust doesn’t fix like stack overflows, leaks, bitflips, unsafe context code, and just bad coding practices in general.
I blame C++. When these kernel hackers hear about how they should switch to this shiny new language that’s going to make their code so much cleanser and more manageable, I don’t blame them for thinking it’s all bullshit. It was last time.
I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”
For those depending on COBOL code that does the job and has been doing it just well for a few decades, there are approximately zero good reasons to not stick with it.
- Eventually all the people who know and are good at cobol will die.
- A while before that happens, the people who know it will continually demand more money for their rare skills.
- Eventually, the cobol systems out there will need to interface new systems in some way it wasn’t designed to and it’ll be more expensive to shoehorn the remote system than to let the ancient beast retire.
Vast majority of the cybersecurity community: “an absolute ton of exploits come from memory safety issues with C/C++, we should move to memory safe languages like Rust to greatly reduce security risk and make everyone safer”
You: “Ehh Rust has a couple features, but it’s totally not worth switching from my precious precious C”
like Rust
But no one is talking about that that is doesn’t need to be Rust. There are alternatives that can do as much if not more with the type system & safety while being as low-level as C without some of Rust’s restrictions.
Turns out there is a name for that. I had to look it up. Never seen such a striking example before.
Not quite, had I done something more broad than sure. But I reference a specific group of people whose job it is to provide security guidance on such matters. The ones who are out there fighting the good fight, RE’ing malware and busting down botnets among many security things
But I’m sure you are similarly credentialed as the SMEs in the cybersecurity field right?
I don’t think it does? https://en.wikipedia.org/wiki/Gender_reform_in_Esperanto
