The US government wants devs to stop using C and C++
https://www.theregister.com/2024/11/08/the_us_government_wants_developers/Open linkView original on lemm.ee201
Comments77https://www.theregister.com/2024/11/08/the_us_government_wants_developers/Open linkView original on lemm.ee
Why the swipe at Linus? He's been supportive of rust in the Linux kernel.
they don't swipe him at all. I don't know why his picture is there
because that makes people click
Maybe read the article...
Anti Commercial-AI license
I did - it says he's supporting rust in the kernel.
I do know that Linus is on record with low opinion of C++. I have heard of him compare the cult-like following Rust has with the whole Vim/Emacs tribalism thing.
I didn't understand this. He said the bickering between C and rust devs reminds him of the vim/emacs debate.
Heh.
I do think the worst thing going for Rust, right now, is the Rust community.
It feels like few specific jackasses from the Java community made the jump to Rust, and no one had the sense to slap them with a newspaper.
Can you be more specific? I’ve had nothing but great experiences from the rust community.
Sure.
I've had discussions about my impression that Rust's build chain can be a bit surly compared to other popular languages.
I don't particularly mean it as a criticism - of course Rust's security enforcement comes with more warnings and errors.
But the novel part of the interactions, for me, was Rust community members coming at me with 'well get gud, newbie'.
These interactions are particularly ironic, given my experiences and specialties. I'm an old school veteran software developer. I have spent over half of my career in dedicated Cybersecurity roles.
These conversations converted me from a mildly interested Rust proponent into a casual Rust critic.
Well I’m sorry that you got shitty responses like that. Which platform(s) was this on?
Java sucked so much though (and still does).
I love programming in Java. It continues to be my language of choice.
Lets have a flame war like back in the day!
:-)
There's no shortage of reasons to not like Linus.
Did.. Did you just diss the All Mighty Father, Emperor of Linux on Lemmy?
He did! He did just diss the All Might Father, Emperor of Linux on Lemmy!
Unacceptable! Go get the SIGKILL
kill -9You gotta learn when it’s time for your thread to yield; you shoulda slept; instead you stepped and now your fate is sealed.How utterly disingenuous. That's not what the CISA recommendation says, at all.
I don't get why we're taking a swing at Linus here. The article only mentions him in relation to the rust for Linux project being slow going. But, it IS going and the US government has only stated that "you need a plan to move to a memory safe language by 2025 or you might be liable if something bad happens as a result of the classics (use after free/double free/buffer overflow/etc.)" but I don't think Linux would count it's free software and it does have a plan.
The US government has more pressing issues I think.
Maybe it can shut the fuck up an let me do my job in contrast to its judicial branch.
What if I told you the judicial branch is doing its job because it was always evil to begin with?
I would say you’re right
My friend from university sends me his Rust code snippets sometimes. Ngl it looks like a pretty cool language.
There was also that tldr reimplemention in Rust that is a gatrillion times faster than the original.
I really want to give it a try but I have executive dysfunction and don't have any ideas of what I could use it for.
The main issue I have with rust is the lack of a rust abi for shared libraries, which makes big dependencies shitty to work with. Another is a lot of the big, nearly ubiquitous libraries don't have great documentation, what's getting put up on crates.io is insufficient to quickly get an understanding of the library. It'd also be nice if the error messages coming out of rust analyzer were as verbose as what the compiler will give you. Other than that it's a really interesting language with a lot of great ideas. The iterator paradigm is really convenient, and the way enums work leads to really expressive code.
As someone that have worked in software for 30 years, and deplying complicated software, shared libraries is a misstake. You think you get the benefit of size and easy security upgrades, but due to deployment hell you end up using docker and now your deployment actually added a whole OS in size and you need to do security upgrades for this OS instead of just your application. I use rust for some software now, and I build it with musl, and is struck by how small things get in relation to the regular deployment, and it feels like magic that I no longer get glibc incompatibility issues.
Maybe tackle that deployment hell instead of band-aiding it with docker?
He is. By using statically linked binaries.
Technically this is conflating two things: bundling dependencies and static/dynamic linking. But since you have to bundle your dependencies to use static linking, and there's little point dynamic linking if you bundle your dependencies... most of the time they are synonymous.
Exceptions are things like plugins, but that's pretty rare.
Maybe for your use cases that's OK, but there are many situations where the size and ease of upgrading provided by shared libraries is worthwhile. For example it would suck to need to push a 40+ GB binary to a fleet of systems with a poor or unreliable internet connection. You could try to mitigate this sort of thing by splitting the application up into microservices, but that adds complexity, and isn't always a viable tradeoff if maximizing compute efficiency is also a concern.
I'm not so sure that dynamic libraries always reduces the size. Specially with libraries that are linked by a single binary.
With static libraries, you can conditionally compile only the features you're gonna use. With dynamic libraries, however, the whole library must be compiled.
EDIT: just to clarify, I'm not saying that static libraries result always in less size. I'm saying that it's not a black and white issue.
Documentation is generally considered one of the stronger points of rust libraries. Crates.io is not a documentation site you want https://docs.rs/ for that though it is generally linked to on crates.io. A lot of bigger crates also have their own online books for more in depth stuff. It is not that common to find a larger crate with bad documentation.
One specific example I encountered was ndarray. I couldn't figure out how to make a function take an array and an arrayslice without rewriting the function for both types. This could be because I'm novice with the language, but it didn't seem obvious. I ended up giving up after trying to dig through the docs for a few hours and went back to C++.
Why not just use the C ABI?
And what libraries are you referring to? Almost all the ones I've used have fantastic docs.
In my understanding, you can't interface with the C abi without using an unsafe block.
I think there are some crates that wrap the unsafe code for you, e.g. https://github.com/rodrimati1992/abi_stable_crates/ (I haven't ever tried it).
You can just use an unsafe block though. Or make a thin wrapper that is just safe functions that inside just have an unsafe block with the C ABI function.
Even if rust had a stable ABI, you would still need that unsafe block.
Rust is definitely a really cool language (as someone who has played with it just a little) but it's quite headache inducing, at least for me at the moment.
It has a steep learning curve, but it's super nice to use once you're over the initial bump
What's causing the most headache for you?
Mostly the ownership model, trying to remember which functions expect borrowed types or not, etc.
The error messages in rust are really good, so I can usually make the code work quickly, but I need to properly understand the reason behind the error in order to learn, so that's when I get headaches
fn executive() {}
Of course its rewrite is nearly infinitely faster than the original JavaScript.
oh
lol
didn't cross my mind that someone would make a CLI program in js
I mean, I've done it, but I am a registered dunce cap owner.
Well, so is that guy.
guy_butterfly_meme.jpg is this unbiased journalism?
As the article is denoted as a comment, it is not its aim to be unbiased journalism.
In contrast to usual articles, comments usually elaborate on the opinion of the jounalist.
I don't know why you're being downvoted. It literally starts with the word OPINION in bold red caps.
My mind was making one transfer to much, as the opinion clip in German TV news is called comment. There were no additional downvotes after I added the second sentence for clarification.
"Oh, I thought I was coding in Python. Oops!"
Continues coding in C++
Jython's your Python
well, i'm glad the US government is at least aware what C and C++ are!
I thought the US Government bought a lot of software in Ada, so I hope they continue with that.
The comment section mentions that conundrum as well... quite interesting.
lol ok.
Well now I'm going to have to use it even more.
The comment thread in that article is interesting. Grep for Ada.
The US government hates anything that can perform math too fast.
As someone who learned Ada for a defense job years ago, I've been wondering how long it was going to take until I saw others comparing Rust to it, both in the sense of the language "safety" goals and the USG pushing for it.
While the rust compiler is leagues better than any Ada compiler I ever had the misfortune of dealing with, the day to day pain that Rust incurs will probably always be a thorn in it's side
Imagine if there was a hack so bad that it caused everyone to become unable to develop in C and C++.
Classic "let's just make the cure worse than the disease" mindset among security enthusiasts.
Well, there is one that will imply you can only develop using anything that you have bootstrapped yourself, using hardware that you have designed and manufactured yourself, using tools that you have designed and manufactured yourself, using tools that you have designed and manufactured yourself ...
... with your own bare hands.
yeah No.
Need more carrot
Too bad! Stay in your lane, pinche government!
Because they want to replace them with more corporate-controlled languages.
Just add
@safe:after yourmoduledeclaration, and you'll be safe by default if you don't want to wait until D3.Also, unlike in Rust, you can opt-out from RAII with
int foo = void;, although it primarily has a performance advantage with arrays, not singleton variables (might be also useful for aquiring an RNG seed in a dumb way).Jep, you got em, it's all a conspiracy so they poison our mind with the evil tongues and make us corpo slaves with the help of Rust.
I don't see python on your image :)
This. Unless the government starts introducing fines or financial incentives (like fines) to force the use of memory-safe languages, ain't nothing gonna happen.
Anti Commercial-AI license
Ok, and what do you think the memory managers were written in?
Who cares? Just like most things your average programmer relies on, they are written by smarter or at least more specialised people to make your job easier. They have learned to write memory-safe code so you don't have to.
More specialized is critical.
You have to understand your domain, what your goal is, how much time and money you have, etc.
God, this old argument... Careful, it's an antique.
The idea is to minimize memory management and have people who are experts on it deal with it.
AFAIK, the first one was written in LISP.
The one most people push around here was written in Rust. It's a really great language to write memory managers anyway.
I don't think those are the problem, but rather how they are used. And in case of managed languages like C#, it's almost impossible to shoot yourself in the foot when it comes to memory management. You still can, if you really wish, but you have to be very explicit in that. 🤷♂️
If it’s broke, don’t fix it amiright?!
Don't worry bud, I'll upvote you. Not everyone is afraid of pointers.