Subj : Re: US White House urges devs to dump C and C++ To : Digital Man From : tenser Date : Fri Mar 01 2024 08:05 am On 28 Feb 2024 at 09:50p, Digital Man pondered and said... DM> Re: US White House urges devs to dump C and C++ DM> By: Nightfox to Ogg on Wed Feb 28 2024 08:31 pm DM> DM> > Re: US White House urges devs to dump C and C++ DM> > By: Ogg to Nightfox on Wed Feb 28 2024 07:06 pm DM> > DM> > N>> I saw this article today: DM> > N>> https://shorturl.at/KMZ07 DM> > DM> > Og> Is the WH a good source for programming advice? :| DM> > DM> > I was thinking that as well.. I wonder if they talked to anyone before DM> > suggesting developers drop C and C++. DM> DM> I don't doubt it. Indeed, they did. There was an extensive public commentary period wherein a number of people from industry, academia, and government weighed in. The WH press release is just that: a press release. The actual text is linked, but is rather different. Effectively, the White House is just putting out a press release to raise awareness of efforts from across the US government. DM> Managed languages have been big in security and DM> enterprise app development, anywhere performance or hardware-access DM> isn't the paramount priority, for a long time now. It's not to say that DM> you can't have vulnerabilites in managed software (they happen all the DM> time), they're just a different class of vulnerabilities that are DM> generally easier to find and defend against or fix than the memory DM> issues that plague C and C++ code bases. +1e6 DM> It's honestly not bad advice for most projects (e.g. I don't think Apple DM> accepts apps written in C or C++ in its app store). But keep in mind, DM> Rust supports writing memory-unsafe code too. It's default mode is DM> memory-safe, but it's still subvertable. So Rust might not be the DM> cure-all they think it is. -- In the various materials they link to, Rust is just one option they mention. Ada SPARK, C#, Java, Python, Rust and Go are all listed across the set of publications, as well as non-language techniques (like formal methods and verification). Interestingly, they mention Rust as being explicitly unproven in space applications, while C that's been formally verified is well proven. The thing about Rust unsafety is, however, a bit of a red herring. Rust _does_ give you the ability to write memory-unsafe code, but you have to go out of your way to do so (e.g., via explicit use of `unsafe` or other weird shenanigans). But so do most managed programming languages (e.g., Java with JNI etc). If one writes Rust using the safe subset, you get memory safety and data race freedom. Now, async cancel safety, that's another thing entirely.... --- Mystic BBS v1.12 A48 (Linux/64) * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101) .