this post was submitted on 28 Feb 2024
230 points (96.0% liked)

Technology

59688 readers
4089 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

you are viewing a single comment's thread
view the rest of the comments
[–] ricdeh -5 points 9 months ago (5 children)

C is not the problem, it's sloppy "programmers" who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.

[–] dejected_warp_core 10 points 9 months ago

While this is technically correct, it's tantamount to saying "just don't make mistakes", or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.

Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.

Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.

[–] [email protected] 7 points 9 months ago

I love C, but C definitely is the problem.

While one disciplined programmer can in theory write correct code, once there is a small group of even good C programmers and a code base with more than around 3000-5000 LOC, there will be bugs. There is a good reason for tools like Valgrind etc.

While I think C and C++ are the problem, I don't think Rust is the solution, tho.

[–] daddy32 6 points 9 months ago

It is just too easy to shoot yourself in the foot when using a foot gun... Sure the experts can avoid it, but that doesn't mean the foot gun is a good tool in general.

[–] [email protected] 5 points 9 months ago

Your take is objectively false. This issue has been studied and the conclusion every time is that real programmers make memory-related mistakes all the time. Even if there are a few superhuman programmers who never get tired, have a bad day, or misunderstand an API, firing the 99.99% of programmers who aren't superheroes isn't a realistic solution to anything.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (1 children)

If you're an expert tightrope walker, you're likely not gonna fall off. You can just do it without too much issue. When you're doing it over a chasm, and you don't plan on dying, you'd still probably prefer a harness though, wouldn't you?

Edit: I'm not saying C is a bad language or anything, but for important applications the safety of actually memory safe languages is vital for lower-skilled programmers and still a good assistance for higher-skilled programmers, as we're all humans and it doesn't hurt to try and avoid the mistakes we will eventually make.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

I'll say it. C is a bad language. There was a time when it needed needed to exist and using it was a smart choice, but it has outlived its usefulness for anything but legacy code and niche use cases like FFI. It's in essentially the same category as Cobol.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (2 children)

The bad language that all successor languages copied?

Edit: spell.

[–] [email protected] 2 points 9 months ago (1 children)

Did you mean predecessor, like the languages that came before it?

[–] [email protected] 2 points 9 months ago

Fuck I meant successor

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

It wasn't bad at the time relative to what else was around.

And I don't even know what you're getting at by saying "all" successor languages copied it. Are you referring to how many languages use curly braces as block delimiters? Because that's not what's wrong with C.