• rational_lib@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    2 days ago

    Imagine if there was a hack so bad that it caused everyone to become unable to develop in C and C++.

    Classic “let’s just make the cure worse than the disease” mindset among security enthusiasts.

    • ulterno@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 day ago

      Imagine if there was a hack so bad that it caused everyone to become unable to develop in C and C++.

      Well, there is one that will imply you can only develop using anything that you have bootstrapped yourself, using hardware that you have designed and manufactured yourself, using tools that you have designed and manufactured yourself, using tools that you have designed and manufactured yourself …

      … with your own bare hands.

  • riodoro1@lemmy.world
    link
    fedilink
    arrow-up
    39
    arrow-down
    3
    ·
    3 days ago

    The US government has more pressing issues I think.

    Maybe it can shut the fuck up an let me do my job in contrast to its judicial branch.

  • Solemarc@lemmy.world
    link
    fedilink
    arrow-up
    85
    ·
    4 days ago

    I don’t get why we’re taking a swing at Linus here. The article only mentions him in relation to the rust for Linux project being slow going. But, it IS going and the US government has only stated that “you need a plan to move to a memory safe language by 2025 or you might be liable if something bad happens as a result of the classics (use after free/double free/buffer overflow/etc.)” but I don’t think Linux would count it’s free software and it does have a plan.

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          7
          ·
          4 days ago

          I do know that Linus is on record with low opinion of C++. I have heard of him compare the cult-like following Rust has with the whole Vim/Emacs tribalism thing.

          • xav@programming.dev
            link
            fedilink
            arrow-up
            23
            ·
            4 days ago

            I didn’t understand this. He said the bickering between C and rust devs reminds him of the vim/emacs debate.

          • MajorHavoc@programming.dev
            link
            fedilink
            arrow-up
            15
            arrow-down
            4
            ·
            4 days ago

            I have heard of him compare the cult-like following Rust has with the whole Vim/Emacs tribalism thing.

            Heh.

            I do think the worst thing going for Rust, right now, is the Rust community.

            It feels like few specific jackasses from the Java community made the jump to Rust, and no one had the sense to slap them with a newspaper.

            • bamboo@lemm.ee
              link
              fedilink
              arrow-up
              8
              ·
              4 days ago

              Can you be more specific? I’ve had nothing but great experiences from the rust community.

              • MajorHavoc@programming.dev
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                3 days ago

                Can you be more specific?

                Sure.

                I’ve had discussions about my impression that Rust’s build chain can be a bit surly compared to other popular languages.

                I don’t particularly mean it as a criticism - of course Rust’s security enforcement comes with more warnings and errors.

                But the novel part of the interactions, for me, was Rust community members coming at me with ‘well get gud, newbie’.

                These interactions are particularly ironic, given my experiences and specialties. I’m an old school veteran software developer. I have spent over half of my career in dedicated Cybersecurity roles.

                These conversations converted me from a mildly interested Rust proponent into a casual Rust critic.

                • bamboo@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  3 days ago

                  Well I’m sorry that you got shitty responses like that. Which platform(s) was this on?

  • JakenVeina@lemm.ee
    link
    fedilink
    English
    arrow-up
    88
    arrow-down
    2
    ·
    4 days ago

    If only it were that easy to snap your fingers and magically transform your code base from C to Rust. Spoiler alert: It’s not.

    How utterly disingenuous. That’s not what the CISA recommendation says, at all.

  • thingsiplay@beehaw.org
    link
    fedilink
    arrow-up
    75
    arrow-down
    1
    ·
    4 days ago

    But there is context to it:

    The report on Product Security Bad Practices warns software manufacturers about developing “new product lines for use in **service of critical infrastructure or [national critical functions] **NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.”

    It’s for new products that are very important to critical infrastructure and need to be safe as possible. The article writer seem not to be aware of this context:

    Take Rust in Linux, for example. Even with support from Linux’s creator, Linus Torvalds, Rust is moving into Linux at a snail’s pace.

    Because Linux is the biggest software in the entire world and they do lot of stuff their own way. Rust is integrated slowly for future new projects. It makes sense to move in snail pace. The government doesn’t suggest the Linux project to stop using C entirely. The government “recommends” to start new projects in memory safe languages, if it is a critical software. That makes sense to me.

    You see, people who’ve spent years and sometimes decades mastering C don’t want to master the very different Rust. They don’t see the point.

    No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

    After all, they can write memory-safe code in C, so why can’t you?

    Nonsense argument, and false too. If that was the case, why do we have memory safe languages? Clearly people make mistake, old and new. Besides Linux is not the only software in the world.

    Converting existing large codebases to memory-safe languages can be an enormous undertaking.

    Nobody says old code should be rewritten in Rust. Neither the government, nor the Rust programmers in Linux suggest that. It’s not about rewriting code in memory-safe languages, its about new projects.

    Either this article is a misrepresentation or misunderstanding. Or I misunderstand the article or government. I don’t know anymore…

    • nous@programming.dev
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      1
      ·
      4 days ago

      They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

      I don’t even think the rust devs where asking for that. They are refusing changes by rust devs that help with rust while making the c code clearer and even refuse to answer questions about the semantics behind the c code. At least as far as I can see from the outside.

      • wewbull@feddit.uk
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        16
        ·
        4 days ago

        The Rust kernel devs are …

        1. …asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.
        2. …asking maintainers to accept code into their subsystem whilst being told, you don’t need to know Rust to an expert level…trust us. Cross language interfaces always have nuance and make good attack vectors. Understandable that maintainers are cautious.
        3. …creating quite a lot of hassle for no a lot of improvement. Systems are only as resilient as their weakest components. The cross language interface is always going to be weak. Introducing a weakness to get improvements probably only succeeds at making the whole weaker.
        • FizzyOrange@programming.dev
          link
          fedilink
          arrow-up
          27
          ·
          4 days ago

          asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.

          No, they were asking them to define the semantics of the filesystem APIs. Those semantics are not encoded in the C API but the Rust devs wanted to encode them in the Rust API to avoid making mistakes.

          The C devs didn’t want to, not because of concerns about binary drivers, but because the semantics are already broken. Apparently different filesystem drivers assume different semantics for the same functions and it’s a whole mess. They don’t want to face up to this and certainly don’t want anyone pointing it out, so clearly it must be the Rust devs’ fault for wanting APIs to have consistent semantics.

          The rest of your comment is nonsense.

        • lad@programming.dev
          link
          fedilink
          English
          arrow-up
          7
          ·
          4 days ago

          What’s the reason to avoid binary blob drivers being feasible? Is that about not being able to use non-free binary blobs in kernel? I don’t quite understand what it even is about

            • lad@programming.dev
              link
              fedilink
              arrow-up
              1
              ·
              4 days ago

              Got it. I agree that their drivers are (were?) of exemplary bad quality

              But I don’t think that it is realistically possible to drop all the proprietary firmware blobs, and if it’s not maybe it’s better to not actively sabotage something to ‘avoid those being feasible’?

              • Vilian@lemmy.ca
                link
                fedilink
                arrow-up
                2
                ·
                3 days ago

                Firmware don’t link to the kernel tho, and the kernel functions aren’t stable so a firmware today would stop working tomorrow because a function was refactored(and all the code in the kernel that depend on that function) for performance or security, and the binary can’t be refactored so it become useless

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          3
          arrow-down
          6
          ·
          4 days ago

          IIRC They were also trying to get kernel devs to let official structure definitions live in Rust instead of C, and got upset when they didn’t want to do that.

          • Pup Biru@aussie.zone
            link
            fedilink
            English
            arrow-up
            12
            ·
            4 days ago

            the rust devs wanted to CREATE official structure definitions that don’t exist in C so that there was more semantic meaning to the APIs

    • Vilian@lemmy.ca
      link
      fedilink
      arrow-up
      7
      ·
      3 days ago

      No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

      I would argue that’s not the biggest problem, the biggest problem is that for you to refactor a function to work with rust, you need to refactor all the subsystems that rely on that function, and that take time, and you need to explain for the C dev why it need to be done, try to explain that for the amount of C devs in the kernel

    • MajorasMaskForever@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 days ago

      As someone who learned Ada for a defense job years ago, I’ve been wondering how long it was going to take until I saw others comparing Rust to it, both in the sense of the language “safety” goals and the USG pushing for it.

      While the rust compiler is leagues better than any Ada compiler I ever had the misfortune of dealing with, the day to day pain that Rust incurs will probably always be a thorn in it’s side

  • tourist@lemmy.world
    link
    fedilink
    arrow-up
    34
    arrow-down
    6
    ·
    4 days ago

    My friend from university sends me his Rust code snippets sometimes. Ngl it looks like a pretty cool language.

    There was also that tldr reimplemention in Rust that is a gatrillion times faster than the original.

    I really want to give it a try but I have executive dysfunction and don’t have any ideas of what I could use it for.

    • ScreaminOctopus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      4 days ago

      The main issue I have with rust is the lack of a rust abi for shared libraries, which makes big dependencies shitty to work with. Another is a lot of the big, nearly ubiquitous libraries don’t have great documentation, what’s getting put up on crates.io is insufficient to quickly get an understanding of the library. It’d also be nice if the error messages coming out of rust analyzer were as verbose as what the compiler will give you. Other than that it’s a really interesting language with a lot of great ideas. The iterator paradigm is really convenient, and the way enums work leads to really expressive code.

      • snaggen@programming.dev
        link
        fedilink
        arrow-up
        16
        arrow-down
        3
        ·
        3 days ago

        As someone that have worked in software for 30 years, and deplying complicated software, shared libraries is a misstake. You think you get the benefit of size and easy security upgrades, but due to deployment hell you end up using docker and now your deployment actually added a whole OS in size and you need to do security upgrades for this OS instead of just your application. I use rust for some software now, and I build it with musl, and is struck by how small things get in relation to the regular deployment, and it feels like magic that I no longer get glibc incompatibility issues.

        • ScreaminOctopus@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 days ago

          Maybe for your use cases that’s OK, but there are many situations where the size and ease of upgrading provided by shared libraries is worthwhile. For example it would suck to need to push a 40+ GB binary to a fleet of systems with a poor or unreliable internet connection. You could try to mitigate this sort of thing by splitting the application up into microservices, but that adds complexity, and isn’t always a viable tradeoff if maximizing compute efficiency is also a concern.

          • calcopiritus@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            2 days ago

            I’m not so sure that dynamic libraries always reduces the size. Specially with libraries that are linked by a single binary.

            With static libraries, you can conditionally compile only the features you’re gonna use. With dynamic libraries, however, the whole library must be compiled.

            EDIT: just to clarify, I’m not saying that static libraries result always in less size. I’m saying that it’s not a black and white issue.

        • 0x0@programming.dev
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          3 days ago

          due to deployment hell you end up using docker

          Maybe tackle that deployment hell instead of band-aiding it with docker?

          • FizzyOrange@programming.dev
            link
            fedilink
            arrow-up
            3
            arrow-down
            3
            ·
            3 days ago

            He is. By using statically linked binaries.

            Technically this is conflating two things: bundling dependencies and static/dynamic linking. But since you have to bundle your dependencies to use static linking, and there’s little point dynamic linking if you bundle your dependencies… most of the time they are synonymous.

            Exceptions are things like plugins, but that’s pretty rare.

      • nous@programming.dev
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        4 days ago

        Documentation is generally considered one of the stronger points of rust libraries. Crates.io is not a documentation site you want https://docs.rs/ for that though it is generally linked to on crates.io. A lot of bigger crates also have their own online books for more in depth stuff. It is not that common to find a larger crate with bad documentation.

        • ScreaminOctopus@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 days ago

          One specific example I encountered was ndarray. I couldn’t figure out how to make a function take an array and an arrayslice without rewriting the function for both types. This could be because I’m novice with the language, but it didn’t seem obvious. I ended up giving up after trying to dig through the docs for a few hours and went back to C++.

      • asdfasdfasdf@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        3
        ·
        edit-2
        4 days ago

        Why not just use the C ABI?

        And what libraries are you referring to? Almost all the ones I’ve used have fantastic docs.

    • Kacarott@aussie.zone
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      4 days ago

      Rust is definitely a really cool language (as someone who has played with it just a little) but it’s quite headache inducing, at least for me at the moment.

        • Kacarott@aussie.zone
          link
          fedilink
          arrow-up
          2
          ·
          3 days ago

          Mostly the ownership model, trying to remember which functions expect borrowed types or not, etc.

          The error messages in rust are really good, so I can usually make the code work quickly, but I need to properly understand the reason behind the error in order to learn, so that’s when I get headaches

  • it_depends_man@lemmy.world
    link
    fedilink
    Deutsch
    arrow-up
    27
    arrow-down
    4
    ·
    4 days ago

    To address this concern, CISA recommends that developers transition to memory-safe programming languages such as Rust, Java, C#, Go, Python, and Swift.

    If only it were that easy to snap your fingers and magically transform your code base from C to Rust.

    guy_butterfly_meme.jpg is this unbiased journalism?

    • Successful_Try543
      link
      fedilink
      arrow-up
      17
      arrow-down
      4
      ·
      edit-2
      4 days ago

      As the article is denoted as a comment, it is not its aim to be unbiased journalism.

      In contrast to usual articles, comments usually elaborate on the opinion of the jounalist.

        • Successful_Try543@discuss.tchncs.de
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          3 days ago

          My mind was making one transfer to much, as the opinion clip in German TV news is called comment. There were no additional downvotes after I added the second sentence for clarification.