White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • Richard@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.

    • dejected_warp_core@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      9 months ago

      While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.

      Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.

      Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.

    • wolf@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      I love C, but C definitely is the problem.

      While one disciplined programmer can in theory write correct code, once there is a small group of even good C programmers and a code base with more than around 3000-5000 LOC, there will be bugs. There is a good reason for tools like Valgrind etc.

      While I think C and C++ are the problem, I don’t think Rust is the solution, tho.

    • daddy32@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 months ago

      It is just too easy to shoot yourself in the foot when using a foot gun… Sure the experts can avoid it, but that doesn’t mean the foot gun is a good tool in general.

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Your take is objectively false. This issue has been studied and the conclusion every time is that real programmers make memory-related mistakes all the time. Even if there are a few superhuman programmers who never get tired, have a bad day, or misunderstand an API, firing the 99.99% of programmers who aren’t superheroes isn’t a realistic solution to anything.

    • CatLikeLemming@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      9 months ago

      If you’re an expert tightrope walker, you’re likely not gonna fall off. You can just do it without too much issue. When you’re doing it over a chasm, and you don’t plan on dying, you’d still probably prefer a harness though, wouldn’t you?

      Edit: I’m not saying C is a bad language or anything, but for important applications the safety of actually memory safe languages is vital for lower-skilled programmers and still a good assistance for higher-skilled programmers, as we’re all humans and it doesn’t hurt to try and avoid the mistakes we will eventually make.

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        I’ll say it. C is a bad language. There was a time when it needed needed to exist and using it was a smart choice, but it has outlived its usefulness for anything but legacy code and niche use cases like FFI. It’s in essentially the same category as Cobol.

          • lolcatnip@reddthat.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            9 months ago

            It wasn’t bad at the time relative to what else was around.

            And I don’t even know what you’re getting at by saying “all” successor languages copied it. Are you referring to how many languages use curly braces as block delimiters? Because that’s not what’s wrong with C.