White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • @ricdeh
    link
    English
    -59 months ago

    C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.

    • @dejected_warp_core
      link
      English
      109 months ago

      While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.

      Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.

      Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.

    • @[email protected]
      link
      fedilink
      English
      79 months ago

      I love C, but C definitely is the problem.

      While one disciplined programmer can in theory write correct code, once there is a small group of even good C programmers and a code base with more than around 3000-5000 LOC, there will be bugs. There is a good reason for tools like Valgrind etc.

      While I think C and C++ are the problem, I don’t think Rust is the solution, tho.

    • @daddy32
      link
      English
      69 months ago

      It is just too easy to shoot yourself in the foot when using a foot gun… Sure the experts can avoid it, but that doesn’t mean the foot gun is a good tool in general.

    • @[email protected]
      link
      fedilink
      English
      59 months ago

      Your take is objectively false. This issue has been studied and the conclusion every time is that real programmers make memory-related mistakes all the time. Even if there are a few superhuman programmers who never get tired, have a bad day, or misunderstand an API, firing the 99.99% of programmers who aren’t superheroes isn’t a realistic solution to anything.

    • @[email protected]
      link
      fedilink
      English
      3
      edit-2
      9 months ago

      If you’re an expert tightrope walker, you’re likely not gonna fall off. You can just do it without too much issue. When you’re doing it over a chasm, and you don’t plan on dying, you’d still probably prefer a harness though, wouldn’t you?

      Edit: I’m not saying C is a bad language or anything, but for important applications the safety of actually memory safe languages is vital for lower-skilled programmers and still a good assistance for higher-skilled programmers, as we’re all humans and it doesn’t hurt to try and avoid the mistakes we will eventually make.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        9 months ago

        I’ll say it. C is a bad language. There was a time when it needed needed to exist and using it was a smart choice, but it has outlived its usefulness for anything but legacy code and niche use cases like FFI. It’s in essentially the same category as Cobol.

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            9 months ago

            It wasn’t bad at the time relative to what else was around.

            And I don’t even know what you’re getting at by saying “all” successor languages copied it. Are you referring to how many languages use curly braces as block delimiters? Because that’s not what’s wrong with C.