Author: marc Date: To: Dng Subject: Re: [DNG] C vs ADA : advice sought
> 2 Oct 2024 16:42:32 marc <marcxdv@???>: >
> > C is the language which meets these criteria
> > best - no contest.
>
> So long as you're happy to continue the constant security
> and maintenance problems that have plagued software for
> years including the Linux kernel such as remote takeover
> during scanning for wifi. Or the constant renderer bugs
> in Android. Rust isn't best suited to solve these problems
> either. Especially maintenance which the Linux kernel has huge
> problems with currently.
It remains possible to write insecure code in
all useful languages. Remember the recentish log4j
security issue - one of the bigger alerts for linux
sysadmins of late, yet written in java which
shouldn't have buffer overflows either.
Or longer ago: The rash of cgi-bin exploits involving
yet another magic perl character - again no buffer
overflow needed.
I worry that the rush to rewrite everything in rust
has other risks that people will only understand once
they get trapped by them.
I did mention infrastructure complexity before. This has so
many forms: Try bootstrapping an up to date rust
toolchain from bare metal without doing a "wget |
bash" somewhere. Just try, and be enlightened.
Its supply chain attack surface is scary. Or
perhaps a grand re-write which obsoletes yet another
decade of worldwide effort. And don't forget
submarine patents which can do the same.
And then weirdest of all: Imagine the propaganda is
true and every line of rust (or ada) code is magically
free of security defects. Would you be really happy with
the full consequences ?
It will tilt power further towards the big AIs that
are modern corporations. That will make every cell
phone, tv, car or fridge impossible to jailbreak. At
the moment I can buy a bit of electronics, drop it
into a drawer and come back some years later when
odds are good an awesome human has built better
firmware which dials back on the spyware and adds
actually useful features. A perfect rust world (hah,
what an oxymoron) makes this impossible.
At the risk of making a virtue out of a necessity,
the current world where pretty much all infrastructure is
written in C means that care, motivation and mastery
matter. Something which corporations struggle to
recognise never mind buy. It is not because of civic
mindedness that most corporates have ended up using
free software infrastructure - given a viable choice
to close up, they will do so again.
C means more frontier and less police state. Sure,
that comes with the cost of outlaws and highwaymen,
but the alternative may be a totalitarian state with
corporate sponsored re-education camps. Some might say
that with facebook, instagram and tiktok we are halfway
there already. But code carefully, lest you build them
to tools to complete the job.