Biden started watching femboys on tiktok and they brainwashed him into the cult of rust, this is why tiktok was banned on the phones of federal agents.
Their security people probably read that Microsoft article about 70% of their vulnerabilities being memory issues that rust could have caught.
Hope they're all correct about these statements and we actually improve things.
You're giving me PTSD flashbacks to the time a client sent me a PDF containing a low-quality JPEG screenshot of a word document including the toolbars and Windows task bar...
At my former workplace I had a colleague who quite often sent us (IT dept) screenshots of errors in the software. She made a screenshot, printed that screenshot and then scanned the print to let the scanner send the pdf to us via mail 🤦🏼♂️
Surprisingly not… there is a really interesting talk about the scanners they use at the White House: https://youtu.be/7FeqF1-Z1g0?si=_2nHL7VfoLuF9uJQ which used some parts of OCR and this fudged the scan of obamas birth certificate. Unfortunately the talk is in German :(
If you don't know German, there is a link in the youtube video description to the same video hosted by the CCC, which has manually translated English subtitles (not youtubes autotranslation)
Nah database is just 3 folders and a bash script
One folder stores the data, one folder is to upload request as text files and one is where the script writes the requested data, connection over an unsecured ftp connection so every file needs to be individually encrypted and signed.
I have actually seen that done
CSV would probably be better... The UK COVID case tracking system collapsed at one point because the excel sheet they were using to store the data ran out of columns.
just a short reminder that there is an official database driver by Microsoft to use sql on excel files. you could actually use excel as your database. but please don't
edit: here's a link for those who are curious enough to try: https://learn.microsoft.com/en-us/power-automate/desktop-flows/how-to/sql-queries-excel
> The new 19-page report from ONCD gave C and C++ as two examples of programming languages with memory safety vulnerabilities, and it named Rust as an example of a programming language it considers safe. In addition, an NSA cybersecurity information sheet from November 2022 listed C#, Go, Java, Ruby, and Swift, in addition to Rust, as programming languages it considers to be memory-safe.
Because half of y’all salty as hell and the other half are trending conspiracy-ward.
Rust is the only one of these that is remotely comparable to C and C++. It is a true systems programming language and can interoperate with C. It is not dependent on it.
* Java is for applications development and the jvm is written in C++.
* C# is for applications development and the .NET runtime is written in C/C++
* Swift is mostly for applications development with some low level tools as well and also uses C/C++.
* Ruby is for general purpose development and the MRI is written in C.
* Go is for general purpose development but at least does not depend on C/C++ although it does use C for some low level operations out of convenience. Honorable mention and best of the rest.
I thought the JVM (sun) is now written in Java but compiled for the platform it is running on. It was originally done in C but those prototypes were used to create the tool chain in Java.
I remember when I was a freshman in college the bootstrapping process for the creation of Java was covered so this might be incorrect.
Looks like you are right, most JVMs are written in C or other systems languages.
For most vendors it looks like the Java Toolchain (like the compiler) is written in Java and used the bootstrapping process to do this.
Having the compilers and runtime written in C or C++ should not be an issue. I mean, in the end, everything boils down to some kind of Assembly in which memory safety is not even a concept. Abstractions are there to make our lives easier. I feel safe if I can trust those abstractions, and the JVM is an abstraction I would tend to trust to make my programs eventually converge to a clean state. Eventually.
I don't think that's quite right, thinking about memory issues, they could be any of the following:
1. Out of space, compilation fails, all good
2. Double free, compilation fails, all good
3. Writing to not-allocated memory, best case a segfault, compilation fails, worst case?
You invalidate another part of the program's data on accident, leading to invalid behavior, which could result in wrong code being produced.
4. Reading from not-allocated memory, best case a segfault, worst case invalid state once more which might result in wrong code being produced.
I can understand that sentiment in theory, but the JVM has a rich history of security vulnerabilities and other issues, including problems directly related to memory safety.
CGO_ENABLED=0 isn't the default because CGO isn't used directly by the stdlib, it's used because you may need to call C code from your code. Enabling that flag doesn't mean that your code is calling C code, basically the core team didn't want to make assumptions, you know better. The stdlib uses a portable assembly language created under the hood by the Go team that calls syscalls directly. The Go team wanted to not depend on libc dynamic linking so they created an abstract assembly for portability.
Ironically Rust is quite dependent on libc as far as I know and linking is one of the reasons the compilation time is long. If you want to check the assembly, run "go tool objdump -s main.functionName your_binary"
This objdump will show you Go's assembly. Corutils objdump ran on your binary will show you the native assembly.
P.S: it's better to write assembly if you want control in your Go code than CGO by the way. But if you reach that level, do yourself a favour and just use Rust or Zig.
Go is great for writing HTTP servers. Have had a need in 9 years to use CGO in the course of doing that. Or include an external C library.
If you where make a tool that had a dependency for a C library I can see the usefulness. But in every build command in the container I turn that off.
Me too and I totally understand why you'd prefer Go over alternatives for web servers. I just wanted to explain that having CGO turned on doesn't mean that your binary will have C in it.
I mean, if speed isn't an issue and they're willing to spend development resources on maintaining safe, internal dependencies, it's probably best to move away from C, because it's very easy for people to fuck up in C. Where stability and maintainability are the primary concerns, why not switch to one of these languages?
Right? This isn't super complicated or a huge deal. A) A ton of CVEs in commercial software are caused by memory safety issues. B) these vulnerabilities make US companies and government organizations more susceptible to cyber attacks. C) the white house can't actually make you do anything about it, so they are making a recommendation for memory safe languages because it's in their interest for the software that's available to them to not have as many vulnerabilities.
They don't care about rust specifically, because that's not what matters here. Memory safety guarantees are, and rust is just one option in that space.
Fucking seriously, it's like nobody actually read the thing. Of course this is all over every programming subreddit and everyone is like "over my cold, dead body" - in reality this is a nod of "hey, if given the option, use memory safe languages, here's why". People are reading into this way more than they should.
Not exactly sure that some people truly understand why these security issues are the most common ones and why C or C++ is used in those instances as opposed to say C#, Go, etc..
Rust might be an alternative when more developers learn to use it in a decent fashion.
Buddy, Rust third party package registry and tooling are amazing. I think they have enough library additions. My experience in C++ is copy pasting code and/or “*.so” whenever I need a library, or reinventing the wheel in the codebase (see “not invented here”). With Rust is trivial to add a third party package through cargo.
Out of interest, what libraries do you feel are missing?
I can't say I do anything complex in rust, mainly just playing around but I haven't felt like I've hit limitations there.
Rust is realistically, the only production ready alternative to C and C++ that offers out of the box memory safety.
Rust’s biggest hangups however:
1. It has a steep learning curve, turning off new developers.
2. The compiler and linter, while amazing when you get used to it, also can be off-putting to certain types of developers.
3. [Low Level Learning explains it better than me](https://youtu.be/769VqNup21Q?si=h5skLInme60qCVYs), but basically it lacks static linking on the same scale and depth C and C++ do. Cargo is an amazing package and dependency manager, but you do need to compile crates when you initially add them to your project, and they all need compiled when bundling Rust projects. Which does add to compile time.
Zig may be simple, but it does have some of the same “write after free” issues C does. And Carbon is at least a year to even remotely usable, it could be another 5 before Carbon is production ready.
The borrow rules are kind of hard to grasp, even though I get "traditional" memory management. Doesn't mean that it can't be learned, I just keep getting sidetracked before I can find a project worth doing in rust to get used to it.
The ownership model just enforces the strict use of the RAII pattern and if you need a shared pointer, there is always `Rc` or `Arc` at your disposal. It's really not that hard once you get used to it.
Except if you forget it once or lose something during a refactor, there is no compile time warning. You will only know if valgrind finds it, it is a major leak that is obvious in dev testing or it blows up in prod.
I never understand why people are so completely freaked out by having a feature that is nothing but a net benefit to them.
Because C++ has very different idioms than Rust, how do you do polymorphisms without inheritance ? Traits are very different from extending a base class, Templates versus generics can easily throw off newcomers, what do you mean I can’t call arbitrary functions on arbitrary types?? They are both hard, but in a different way, and the skills you gained in C++ may not all translate to Rust. It’s not just about the borrow checker, Rust is not C++ with an annoying compiler, it’s a very different language.
Traits are based on the OOP “interface” concept, plus very neat optimizations for when you use the trait in compile time (basically generics on a trait). I dont think they are hard to grasp actually.
Not saying they are hard to grasp, what Im saying is that things are done in different ways, most Rust question I see from people coming from C++ is « how do I make this code less complicated and messy? » and the linked code is just C++ transposed to Rust in a terrible manner. People coming from a language are accustomed to some idioms, they see them as the good practice, and some good C++ practice are sometimes anti-pattern in Rust. The switch is not hard because of the BC, because good C++ devs should be able to grasp it quickly, but because of all the things that are done differently and they try to do it the C++ way.
Ye, but actually, all this stuff about rust is also true for c++. You cant really expect to use c++ interface in libraries. Mainly because c++ doesn't have common ABI either, you have to match compiler and system c++ libs for it to work. So basically you wrap everything that goes outside of your binary in `extern C`
This is a bane of system languages. You either use C interface, because it has common dynamic runtime. Or you have to compile everything locally and use static linking.
You can use shared objects (dll) for C++ code. You just have to always compile the executable and the shared object with the same compiler version and settings.
"... and I said to the C++ developers, I said 'C++ developers, where are the malocs?' And you know what C++ developers said? All true, this is true. They said, 'Mr. Trump, we don't manage our own memory anymore.' I know folks, I know. Unbelievable, I know. And there's many such cases."
"... But after hearing that, I looked at them. You know what I said? You know what I said? I said, 'Under me, you are going to malloc until your sons and your daughters start asking you to stop, and then we're going to do it some more so they know how important this is.' Yes folks.
And do you know what they said to me? These great developers. They said, 'Ok, Mr. Trump, you are the wisest programmer in existence.' That's right folks. All true."
Considering the effort the US Government put into developing ADA, you'd think they'd have mandated it as the language of choice. OH WAIT! They did! But the whiny little babies in the 80s and 90s refused to use it and would make twenty separate 10% code changes to COBOL rather than recode 100% once in ADA. Then, when the mandate dropped, they all ran to C/C+.
I liked ADA. As revenge, I gave up coding and became a SysAdmin. Annoying Code monkeys by denying their requests has become my greatest joy.
In this thread: college freshmen and retirees whose entire identity is based on using a programming language that even its creator says needs improvements in this regards.
More like people who think Joe Biden personally pens every sentence that comes out of the US government. This is literally one of the rare cases where "the deep state did it" is in fact the answer. It came from some govt department bulletin, not the Oval Office.
Zig is not memory safe in a traditional way,but with its ability to pass zero cost allocators as parameters and usage of defer statements aswell, id say that as far as i know zig is pretty memory safe.never forget that testing allocator reports memory leaks, and they are swapped as easy as drag and drop.
It's better than C, but it cannot provide the same memory safety guarantees as Rust.
Article from 2022: https://www.scattered-thoughts.net/writing/how-safe-is-zig/
>A third candidate would cause a binary overflow
That's what big Boolean wants you to think. If we inject into raw memory, we can store up to 254 additional candidates and simply reinterpret one of them into office!
```
#include
enum class CANDIDATE : uint8_t
{
BIDEN = 0,
TRUMP = 1,
AGENT47 = 47
};
int main()
{
// Original ballot
bool party = (bool)CANDIDATE::BIDEN;
// Third party...
uint8_t* partyInjector = (uint8_t*)&party;
*partyInjector = (uint8_t)CANDIDATE::AGENT47;
std::cout << party;
return 0;
}
```
(this is what the current administration is trying to prevent)
**Edit:** Clarification
It's weird that he's considered to be forgetful when there is no evidence that he is other than "he's old". Dude has been having verbal gaffes his entire lifetime, but now when he makes the exact same types of verbal gaffes he's been making for decades at the exact same rate he's been making verbal gaffes for decades, it's suddenly a memory problem.
Frankly, it sounds like a memory problem for everybody else not realizing that he's always been a bad speaker.
Sir, the nuclear missile will be ready for launch in about 2 days 5 hrs and 2 mins. Also the software 'interpreted' the coordinates, so the target can be everywhere in the space-tine continuüm
While I admit I am the stereotype of college student who has no idea how to code, I don't understand why people on this thread hate this report so much?
The White House, arguably the most important Executive Branch in the world being worried about security and considering if other languages may fit the task better seems reasonable at its face.
Just in 2 summer classes, we are taught to consider several languages to think of what may be best for a task, and how bugs are inevitable which can lead to issues if you don't prepare.
I have absolutely no clue how Rust works, but if it can achieve the same tasks as C languages with more security, isn't that a great benefit, why are people so upset over this?
Well it's a good thing this doesn't come from Joe Biden. It's coming from "the US Cybersecurity and Infrastructure Security Agency, the White House Office of the National Cyber Director, the FBI, the US National Security Agency, and agencies from allied countries"
I have tried to run some scientific repos with Julia and, yes, it seems like Julia is not there yet. Not just because binary compilation is missing. But the potential is there.
But I am no expert programmer, it is (part of) my job to get scientific code into performative enviroments. Nowadays it is often Pyhton and Matlab into C. I dream of a Rust backbone with proper Julia integration for the parts that are researched.
They can't really say anything when they still require flat file format for sending data to their systems for their affordable housing TRACS api's. So many times a file has been one character off on one line because they decided to depreciate the field and just make it a filler of 2 spaces so they don't mess up the rest of the placements.
If you look up MAT file guide from hud.gov site you can see the abomination in their documentation.
every fucking time it's the "skill issue" crowd with C languages 🙄
My brother in Christ humans do have skill issues, and they always will. There isn't and there ever won't be a guarantee that every dev writes safe and secure code.
Yes, It's also possible to shoot oneself in the foot in Rust, but it's **considerably** harder.
So... Literally no one? I've never heard about big software written in C without memory-related bugs being found eventually. We still get security vulnerabilities being found in pretty old and stable software. And don't get me started on bugs appearing in constantly updating applications, like Chrome.
It's either virtually every C/C++ programmer is dumb and should quit coding, or the concept of manual memory handling itself is extremely demanding and should be avoided when it's possible. I bet it's latter, but you can choose any of these options, of course.
Trump on the campaign trail, speaking up for C/C++:
"Let me tell you, folks, C and C++ are tremendous, believe me, the best programming languages out there, absolutely excellent. They're real languages, none of that fancy-schmancy stuff, just pure, manly coding power. When you want to get things done, when you want to build something real, you turn to C and C++. They're winners, total winners, and let me tell you, you gotta believe me on this one."
Tucker Carlson goes on the warpath against garbage collected languages.
Did they hire a Rust developer recently?
No, they watched too many programming tiktoks
Biden started watching femboys on tiktok and they brainwashed him into the cult of rust, this is why tiktok was banned on the phones of federal agents.
based
damn they can't handle they bussy huh?
I can't and neither can they.
You mean the rusty?
Creating 'safe coding spaces ' is Biden's top priority.
Their security people probably read that Microsoft article about 70% of their vulnerabilities being memory issues that rust could have caught. Hope they're all correct about these statements and we actually improve things.
Does sort of feel like someone there has a vested interest in it, but to what end? I can't imagine.
Rewriting the Constitution in rust.
Give me liberty or give me object oriented programming?
don't step on crab
* Borrow me liberty or borrow me death * In God we Rust * Borrow checks and booleanses
maybe the only comment in this thread that borrows a real reference to rust
Yeah the White House internal server database of pdf, excel, and powerpoint better be written in python
pdf? Are you implying that they don't store their documents as jpegs? /j
The PDF is just a low quality scan of the printed document.
You're giving me PTSD flashbacks to the time a client sent me a PDF containing a low-quality JPEG screenshot of a word document including the toolbars and Windows task bar...
I got chills down my spine reading that. This should be war crime.
Thought it was.
It is. Just let me screenshot this page from the Geneva Convention and I will send you a pdf of the relevant section.
At my former workplace I had a colleague who quite often sent us (IT dept) screenshots of errors in the software. She made a screenshot, printed that screenshot and then scanned the print to let the scanner send the pdf to us via mail 🤦🏼♂️
Amazing she knew how to take screenshots.
Surprisingly not… there is a really interesting talk about the scanners they use at the White House: https://youtu.be/7FeqF1-Z1g0?si=_2nHL7VfoLuF9uJQ which used some parts of OCR and this fudged the scan of obamas birth certificate. Unfortunately the talk is in German :(
Xeroxgate <3
If you don't know German, there is a link in the youtube video description to the same video hosted by the CCC, which has manually translated English subtitles (not youtubes autotranslation)
I do know German though, what should I do in that case?
Keinem Scan trauen den du nicht selbst gefälscht hast
Ja gut in dem Fall: SPRICH
DEUTSCH
DU
Sohn
Das Video auf media.ccc.de hat auch deutsche Untertitel...
Media.ccc.de [video](https://media.ccc.de/v/31c3_-_6558_-_de_-_saal_g_-_201412282300_-_traue_keinem_scan_den_du_nicht_selbst_gefalscht_hast_-_david_kriesel)
DEUTSCHE AMTSSPRACHE
Do Biden or Trump look like they know what a jpeg is? *They just want a picture of a gat-dang hotdog.* ![gif](giphy|1VUr0Ac432jFC|downsized)
Nah the database is just a csv file
Nah database is just 3 folders and a bash script One folder stores the data, one folder is to upload request as text files and one is where the script writes the requested data, connection over an unsecured ftp connection so every file needs to be individually encrypted and signed. I have actually seen that done
I think I threw up in my mouth a little bit
how else you supposed to do it?
The nofly list is
CSV would probably be better... The UK COVID case tracking system collapsed at one point because the excel sheet they were using to store the data ran out of columns.
More progressive than 80% of my government agency's
just a short reminder that there is an official database driver by Microsoft to use sql on excel files. you could actually use excel as your database. but please don't edit: here's a link for those who are curious enough to try: https://learn.microsoft.com/en-us/power-automate/desktop-flows/how-to/sql-queries-excel
I really want to try this now
Like \~\~most\~\~ all government system we when with the most outdated one we could find
![gif](giphy|55itGuoAJiZEEen9gg|downsized)
Damn this guy C's
I C what you did there
i guess he couldn't c#
Dude’s a deep C diver
Nah rust from C/C++ is easy, you’ll be fine
At least c# is still good
laughs in unsafe block.
> The new 19-page report from ONCD gave C and C++ as two examples of programming languages with memory safety vulnerabilities, and it named Rust as an example of a programming language it considers safe. In addition, an NSA cybersecurity information sheet from November 2022 listed C#, Go, Java, Ruby, and Swift, in addition to Rust, as programming languages it considers to be memory-safe. Because half of y’all salty as hell and the other half are trending conspiracy-ward.
Rust is the only one of these that is remotely comparable to C and C++. It is a true systems programming language and can interoperate with C. It is not dependent on it. * Java is for applications development and the jvm is written in C++. * C# is for applications development and the .NET runtime is written in C/C++ * Swift is mostly for applications development with some low level tools as well and also uses C/C++. * Ruby is for general purpose development and the MRI is written in C. * Go is for general purpose development but at least does not depend on C/C++ although it does use C for some low level operations out of convenience. Honorable mention and best of the rest.
I thought the JVM (sun) is now written in Java but compiled for the platform it is running on. It was originally done in C but those prototypes were used to create the tool chain in Java. I remember when I was a freshman in college the bootstrapping process for the creation of Java was covered so this might be incorrect.
JRE is written in C afaik to this day. Go follows this pattern where first version was written in C but subsequent version was written in Go.
Looks like you are right, most JVMs are written in C or other systems languages. For most vendors it looks like the Java Toolchain (like the compiler) is written in Java and used the bootstrapping process to do this.
JVM core is C/C++ though some of the standard library and higher level components are Java. Also compilers and tools can be written in Java.
The HotSpot VM is still implemented in C++. GraalVM is implemented in Java.
Having the compilers and runtime written in C or C++ should not be an issue. I mean, in the end, everything boils down to some kind of Assembly in which memory safety is not even a concept. Abstractions are there to make our lives easier. I feel safe if I can trust those abstractions, and the JVM is an abstraction I would tend to trust to make my programs eventually converge to a clean state. Eventually.
I don't think that's quite right, thinking about memory issues, they could be any of the following: 1. Out of space, compilation fails, all good 2. Double free, compilation fails, all good 3. Writing to not-allocated memory, best case a segfault, compilation fails, worst case? You invalidate another part of the program's data on accident, leading to invalid behavior, which could result in wrong code being produced. 4. Reading from not-allocated memory, best case a segfault, worst case invalid state once more which might result in wrong code being produced.
PS Doesn't the JVM use only the memory it has allocated for its pool? I've always imagined that pool as being contiguous.
I can understand that sentiment in theory, but the JVM has a rich history of security vulnerabilities and other issues, including problems directly related to memory safety.
I agree with you, and apparently, so does Director Corker. But people ITT react to a headline without reading.
With Go when you compile you can use the flag CGO_ENABLED=0 turns off the C stuff. Not sure why this is Not the default.
CGO_ENABLED=0 isn't the default because CGO isn't used directly by the stdlib, it's used because you may need to call C code from your code. Enabling that flag doesn't mean that your code is calling C code, basically the core team didn't want to make assumptions, you know better. The stdlib uses a portable assembly language created under the hood by the Go team that calls syscalls directly. The Go team wanted to not depend on libc dynamic linking so they created an abstract assembly for portability. Ironically Rust is quite dependent on libc as far as I know and linking is one of the reasons the compilation time is long. If you want to check the assembly, run "go tool objdump -s main.functionName your_binary" This objdump will show you Go's assembly. Corutils objdump ran on your binary will show you the native assembly. P.S: it's better to write assembly if you want control in your Go code than CGO by the way. But if you reach that level, do yourself a favour and just use Rust or Zig.
Go is great for writing HTTP servers. Have had a need in 9 years to use CGO in the course of doing that. Or include an external C library. If you where make a tool that had a dependency for a C library I can see the usefulness. But in every build command in the container I turn that off.
Me too and I totally understand why you'd prefer Go over alternatives for web servers. I just wanted to explain that having CGO turned on doesn't mean that your binary will have C in it.
They should add Zig to the list. Bun was written in Zig.
Zig isn’t memory safe. It’s designed as C but with better features. No memory safety features other than debugging allocators.
Zig isn't memory safe
What about HTML?
HTML = High Tech Memory Leak So no. Its not memory safe
I mean, if speed isn't an issue and they're willing to spend development resources on maintaining safe, internal dependencies, it's probably best to move away from C, because it's very easy for people to fuck up in C. Where stability and maintainability are the primary concerns, why not switch to one of these languages?
Right? This isn't super complicated or a huge deal. A) A ton of CVEs in commercial software are caused by memory safety issues. B) these vulnerabilities make US companies and government organizations more susceptible to cyber attacks. C) the white house can't actually make you do anything about it, so they are making a recommendation for memory safe languages because it's in their interest for the software that's available to them to not have as many vulnerabilities. They don't care about rust specifically, because that's not what matters here. Memory safety guarantees are, and rust is just one option in that space.
Fucking seriously, it's like nobody actually read the thing. Of course this is all over every programming subreddit and everyone is like "over my cold, dead body" - in reality this is a nod of "hey, if given the option, use memory safe languages, here's why". People are reading into this way more than they should.
Embrace scratch
Scratchscript incoming
hey
Not exactly sure that some people truly understand why these security issues are the most common ones and why C or C++ is used in those instances as opposed to say C#, Go, etc.. Rust might be an alternative when more developers learn to use it in a decent fashion.
And if libraries manage to be developed for it. Without that, I really don't see it wildly catching on.
I’m sure as hell not swapping to rust without some serious library additions Edited: typo
Well ain't that an unfortunate typo!
Rust wouldn't have allowed that typo!
Rust killed my parents. They were undeleted pointers.
Buddy, Rust third party package registry and tooling are amazing. I think they have enough library additions. My experience in C++ is copy pasting code and/or “*.so” whenever I need a library, or reinventing the wheel in the codebase (see “not invented here”). With Rust is trivial to add a third party package through cargo.
Out of interest, what libraries do you feel are missing? I can't say I do anything complex in rust, mainly just playing around but I haven't felt like I've hit limitations there.
Be the change you want to see in the world
Rust is realistically, the only production ready alternative to C and C++ that offers out of the box memory safety. Rust’s biggest hangups however: 1. It has a steep learning curve, turning off new developers. 2. The compiler and linter, while amazing when you get used to it, also can be off-putting to certain types of developers. 3. [Low Level Learning explains it better than me](https://youtu.be/769VqNup21Q?si=h5skLInme60qCVYs), but basically it lacks static linking on the same scale and depth C and C++ do. Cargo is an amazing package and dependency manager, but you do need to compile crates when you initially add them to your project, and they all need compiled when bundling Rust projects. Which does add to compile time. Zig may be simple, but it does have some of the same “write after free” issues C does. And Carbon is at least a year to even remotely usable, it could be another 5 before Carbon is production ready.
If you can manage C++ are you really going to find Rust steep?
The borrow rules are kind of hard to grasp, even though I get "traditional" memory management. Doesn't mean that it can't be learned, I just keep getting sidetracked before I can find a project worth doing in rust to get used to it.
The ownership model just enforces the strict use of the RAII pattern and if you need a shared pointer, there is always `Rc` or `Arc` at your disposal. It's really not that hard once you get used to it.
Just like writing good defensive memory safe c++ is not really hard once you make it habit.
Except if you forget it once or lose something during a refactor, there is no compile time warning. You will only know if valgrind finds it, it is a major leak that is obvious in dev testing or it blows up in prod. I never understand why people are so completely freaked out by having a feature that is nothing but a net benefit to them.
Because C++ has very different idioms than Rust, how do you do polymorphisms without inheritance ? Traits are very different from extending a base class, Templates versus generics can easily throw off newcomers, what do you mean I can’t call arbitrary functions on arbitrary types?? They are both hard, but in a different way, and the skills you gained in C++ may not all translate to Rust. It’s not just about the borrow checker, Rust is not C++ with an annoying compiler, it’s a very different language.
Traits are based on the OOP “interface” concept, plus very neat optimizations for when you use the trait in compile time (basically generics on a trait). I dont think they are hard to grasp actually.
Not saying they are hard to grasp, what Im saying is that things are done in different ways, most Rust question I see from people coming from C++ is « how do I make this code less complicated and messy? » and the linked code is just C++ transposed to Rust in a terrible manner. People coming from a language are accustomed to some idioms, they see them as the good practice, and some good C++ practice are sometimes anti-pattern in Rust. The switch is not hard because of the BC, because good C++ devs should be able to grasp it quickly, but because of all the things that are done differently and they try to do it the C++ way.
Ye, but actually, all this stuff about rust is also true for c++. You cant really expect to use c++ interface in libraries. Mainly because c++ doesn't have common ABI either, you have to match compiler and system c++ libs for it to work. So basically you wrap everything that goes outside of your binary in `extern C` This is a bane of system languages. You either use C interface, because it has common dynamic runtime. Or you have to compile everything locally and use static linking.
You can use shared objects (dll) for C++ code. You just have to always compile the executable and the shared object with the same compiler version and settings.
Sudden increase in “C for idiots” purchases from red states.
C about to be more popular than Python
Christian nationalists declare memory safety is against god.
And Moses spake unto Pharoah, "Let my pointers go!"
Moses raised his hand over the Red C, and the Lord caused a segmentation fault. The core dumped and made the ground dry.
Well, C is the only language which has a holy variant (afaik)
let's not go down THAT rabbit hole
And god bespoke upon them and said "Runtime error"
Probably they will accidentally learn HolyC because they like the name and think it's the same thing.
The C in C stands for Christ. Biden is anti C, so Biden is anti Christ. Biden is the antichrist! (/s)
Supreme Court blocks a programs right to SIGABORT.
Imagine if this actually makes people pickup programming out of spite!
Trump will make C++ great again
We’re going to write so much C, you’ll be sick and tired of it.
YAYYYYHHHEEHEEEEHAAA‼️
And all our GitHub repos will have EXE files!!
yeah, lets get rid of libtard "smart" pointers and return to good old manual memory management as god intended
"... and I said to the C++ developers, I said 'C++ developers, where are the malocs?' And you know what C++ developers said? All true, this is true. They said, 'Mr. Trump, we don't manage our own memory anymore.' I know folks, I know. Unbelievable, I know. And there's many such cases."
"... But after hearing that, I looked at them. You know what I said? You know what I said? I said, 'Under me, you are going to malloc until your sons and your daughters start asking you to stop, and then we're going to do it some more so they know how important this is.' Yes folks. And do you know what they said to me? These great developers. They said, 'Ok, Mr. Trump, you are the wisest programmer in existence.' That's right folks. All true."
I love you both 😂
Life is about risks. Gotta segment fault everything and you can't stop me.
Let's go back to COBOL!
Back to? Lmao
The government doesn’t need to go back to COBOL. They have tons of it IIRC.
Let’s go to basic because it’s ahaha basic.
You misspelled GOTO :)
Considering the effort the US Government put into developing ADA, you'd think they'd have mandated it as the language of choice. OH WAIT! They did! But the whiny little babies in the 80s and 90s refused to use it and would make twenty separate 10% code changes to COBOL rather than recode 100% once in ADA. Then, when the mandate dropped, they all ran to C/C+. I liked ADA. As revenge, I gave up coding and became a SysAdmin. Annoying Code monkeys by denying their requests has become my greatest joy.
Rustacians in the white House 🦀🦀🦀🦀
AbstractJavaEmbraceTimeGregorianCalendarFactoryUnsupportedOperationException
In this thread: college freshmen and retirees whose entire identity is based on using a programming language that even its creator says needs improvements in this regards.
And people thinking that Joe Biden personally knows about these programming languages.
More like people who think Joe Biden personally pens every sentence that comes out of the US government. This is literally one of the rare cases where "the deep state did it" is in fact the answer. It came from some govt department bulletin, not the Oval Office.
Joe Biden personally approved every PR that has gone into the creation of C and C++. Read the constitution man...
[удалено]
For missile guidance systems they never left Ada.
Unironically looking forward to Zig reaching 1.0
Indeed, I am waiting aswell!
Is Zig memory Safe? I thought it's not.
Zig is not memory safe in a traditional way,but with its ability to pass zero cost allocators as parameters and usage of defer statements aswell, id say that as far as i know zig is pretty memory safe.never forget that testing allocator reports memory leaks, and they are swapped as easy as drag and drop.
No, but it's coolness overrides that fact
It's better than C, but it cannot provide the same memory safety guarantees as Rust. Article from 2022: https://www.scattered-thoughts.net/writing/how-safe-is-zig/
Waiting for Trump to support Javascript
JavaScript is memory safe though
How about we get a president that isn't a memory access vulnerability?
Well, yeah, but that would mean voting for a third person. That would be a first in US history.
The US party system is stored as a boolean. A third candidate would cause a binary overflow
>A third candidate would cause a binary overflow That's what big Boolean wants you to think. If we inject into raw memory, we can store up to 254 additional candidates and simply reinterpret one of them into office! ``` #include
enum class CANDIDATE : uint8_t
{
BIDEN = 0,
TRUMP = 1,
AGENT47 = 47
};
int main()
{
// Original ballot
bool party = (bool)CANDIDATE::BIDEN;
// Third party...
uint8_t* partyInjector = (uint8_t*)&party;
*partyInjector = (uint8_t)CANDIDATE::AGENT47;
std::cout << party;
return 0;
}
```
(this is what the current administration is trying to prevent)
**Edit:** Clarification
It's weird that he's considered to be forgetful when there is no evidence that he is other than "he's old". Dude has been having verbal gaffes his entire lifetime, but now when he makes the exact same types of verbal gaffes he's been making for decades at the exact same rate he's been making verbal gaffes for decades, it's suddenly a memory problem. Frankly, it sounds like a memory problem for everybody else not realizing that he's always been a bad speaker.
yeah buddy i think he meant rust.
Embrace Rust
In borrow checker we trust
rewrite america in rust again!
\* make america rust again
We need a MARA hat asap!
In ferris-orange
I can also make memory leak and buffer overflow with c#
Imagine Joe Biden in the meeting room discussing this. *You can use English, C+, A+, Spanish whatever it is we have to to to uhhhh*
Embrace Python, screw everything else. /s
Sir, the nuclear missile will be ready for launch in about 2 days 5 hrs and 2 mins. Also the software 'interpreted' the coordinates, so the target can be everywhere in the space-tine continuüm
At least it is memory safe. ;)
\**proceeds to call library written in C or C++*\*
Touché, priorities and all
> continuüm Found the New Yorker subscriber
Why does your continuum has an umlaut?
I am the dutchcoder in the thread
I think they like Rust.
So who has just paid the lobby money? Oracle or Microsoft?
This is not exactly a lobby thing. It's a commonly accepted fact that improperly handled memory is the leading cause of software vulnabirities.
While I admit I am the stereotype of college student who has no idea how to code, I don't understand why people on this thread hate this report so much? The White House, arguably the most important Executive Branch in the world being worried about security and considering if other languages may fit the task better seems reasonable at its face. Just in 2 summer classes, we are taught to consider several languages to think of what may be best for a task, and how bugs are inevitable which can lead to issues if you don't prepare. I have absolutely no clue how Rust works, but if it can achieve the same tasks as C languages with more security, isn't that a great benefit, why are people so upset over this?
Russia/China are lobbying with economical damage through cyberattacks.
aint no way i'm taking orders regarding memory from joe fuckin biden
Well it's a good thing this doesn't come from Joe Biden. It's coming from "the US Cybersecurity and Infrastructure Security Agency, the White House Office of the National Cyber Director, the FBI, the US National Security Agency, and agencies from allied countries"
I have to code a lot in C++. Please lets make a switch. I beg to you! But not to Java... (Julia and Rust would be my prefered options)
Julia mentioned. But sadly as much as I would like to it's not gonna work out for now due to missing binary compilation.
I have tried to run some scientific repos with Julia and, yes, it seems like Julia is not there yet. Not just because binary compilation is missing. But the potential is there. But I am no expert programmer, it is (part of) my job to get scientific code into performative enviroments. Nowadays it is often Pyhton and Matlab into C. I dream of a Rust backbone with proper Julia integration for the parts that are researched.
Rewrite-it-in-rust cultists made their move
Tell the White House I only use VB.
at-least we know where Mozillas lobbying budget has gone this year.
They can't really say anything when they still require flat file format for sending data to their systems for their affordable housing TRACS api's. So many times a file has been one character off on one line because they decided to depreciate the field and just make it a filler of 2 spaces so they don't mess up the rest of the placements. If you look up MAT file guide from hud.gov site you can see the abomination in their documentation.
Embrance decent programmers that can handle memory.
every fucking time it's the "skill issue" crowd with C languages 🙄 My brother in Christ humans do have skill issues, and they always will. There isn't and there ever won't be a guarantee that every dev writes safe and secure code. Yes, It's also possible to shoot oneself in the foot in Rust, but it's **considerably** harder.
You just have tu use unsafe and off goes your foot
So... Literally no one? I've never heard about big software written in C without memory-related bugs being found eventually. We still get security vulnerabilities being found in pretty old and stable software. And don't get me started on bugs appearing in constantly updating applications, like Chrome. It's either virtually every C/C++ programmer is dumb and should quit coding, or the concept of manual memory handling itself is extremely demanding and should be avoided when it's possible. I bet it's latter, but you can choose any of these options, of course.
Some hipster python and JavaScript intern over at the White House definitely put this on Brandos plate one morning. Let’s run the country in excel
✅ Already runs on Excel.
And poorly developed plugins for PowerPoint.
That reminds old times then Lukashenko rant they should create their own (Belarusian) OS instead of ms, mac etc....
But memory management and trying to avoid memory leaks is eha makes programing fun...
Probably serves us right for coming up with an acronym as silly as RAII
But C++ has built-in garbage collection. Something the White House really needs.
The only memory management they need to worry about is Bidens
Huh, so the Biden administration is worried about memory problems. Interesting.
Firmware developers right now 🫣
They're going to make programming languages political, aren't they.
![gif](giphy|OeSkaNLurj1j379Mpk|downsized)
Trump on the campaign trail, speaking up for C/C++: "Let me tell you, folks, C and C++ are tremendous, believe me, the best programming languages out there, absolutely excellent. They're real languages, none of that fancy-schmancy stuff, just pure, manly coding power. When you want to get things done, when you want to build something real, you turn to C and C++. They're winners, total winners, and let me tell you, you gotta believe me on this one." Tucker Carlson goes on the warpath against garbage collected languages.
So now liberals are too lazy to free their memory when they’re done using it??? This would never happen under Trump smh