Steve Litt wrote:
>
> Roads shouldn't have reflective lane markers, because the onus is on the
> driver being skilled and diligent enough to use the road safely. Stairs
> shouldn't have banisters, because the onus is on the user being skilled
> and diligent enough to use the stairs safely. Public bathrooms shouldn't
> have locks, because the onus is on the person seeking entry being
> skilled and diligent enough to knock before attempting to enter.

So, there are places where health and safety warnings don't exist.

Out in the wilderness, the grizly bear doesn't wear a high viz vest and
hands out fliers telling us how dangerous he is, he just rips your arms off.

All analogies are deficient, but I consider running free software
as the electronic equivalent of living in the wilderness, away from
the safety but also away from the surveillance and coercion.

That demands a certain level of competence, or at least the ability
to learn quickly.

So abusing the analogy further, C is the ice and snow, or perhaps
the heat and sand of the arid which keeps out the careless and easily
distracted who can't survive without a smartphone, uber and door dash. And
with an insufficient density of people, the old occulted AIs that
run top of human minds (you might know them as the state and the
corporation) struggle to find a foothold, leaving space in
your mind for yourself.

> But even more important, no regardless of who has onus and who fulfills
> their onus, a lot of dangerous memory errors are being produced by
> programmers. The problem is so bad that now many are calling for
> programmers to be licensed like Professional Engineers. If protecting
> people from their own mistakes can lessen these kinds of problems and
> reduce the obscene call for mandatory licensing of programmers, I'm all
> for it.

I think the security benefits of rust are wildly overstated. In particular,
it trades better memory safety for a build that is so complex that
a number of actually-from-source distributions have given up on shipping it, as
it seems hard to get a rust compiler without doing a "curl ... | bash"
somewhere along the line. This is as big a threat as not checking your
array boundaries. And we haven't even touched on the risk of
weaponised complexity, submarine patents and capture, where there is a
sudden upgrade to Visual RST++ 11, which nobody is allowed to
comprehend, never mind port. Heck, at that point people will have
lost the source, 'cause you know, "curl ... | bash" has been normalised.

But lets assume that there is a magic version of rust which solves
all security issues and enables even the most sloppy of coders write
bullet proof code. The consequence of this will be that software will
become totally coercive. Jailbreaking your fridge to have it stop
playing ads won't be feasible. Breaking the bios to let you load your
own distribution - nah, not a thing.

The internet had an article about payment networks with a title
(I probably butchered it) "The optimal amount of fraud is nonzero" and
I'd add to this to say that the optimal number of buffer overflows is
nonzero too.

> And because I'm not very careful, I welcome languages like Rust and
> Ada, or even Pascal.

Don't you write your system services in python ?

regards

marc