:: Re: [DNG] I have to cancel my Rust …
Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MKevin Chadwick at <-
M\MMHarald Arnesen at ->
Delete this message
Reply to this message
Author: Peter Duffy
Date:  
To: dng
New-Topics: [DNG] IT quality and security [was about memory security with Rust]
Subject: Re: [DNG] I have to cancel my Rust presentation for 3/4/2026
A lot to say about this. See inline comments below. TL:DR - no worries:
just my two-pennyworth :)

On Mon, 2026-03-23 at 21:14 -0400, Steve Litt wrote:
> Peter Duffy said on Mon, 23 Mar 2026 19:49:22 +0000
>
> > Maybe memory safety is actually not a property of the language or
> > the
> > program - but of the programmer?
> >
> > Most languages have features which can be very useful, but which
> > can
> > also be dangerous if misused, either carelessly or deliberately
> > (pointer arithmetic in C is only one example). The onus is on the
> > programmer being skilled and diligent enough to use the features
> > safely.
>
> In other words, only the ultra-careful need apply for a programming
> position.
>
I used "diligent" rather than "careful" (although the latter is clearly
a subset of the former). In my definition (probably not the standard
one), "diligent" means being conscientious and honourable enough to go
the extra mile - or even 100 miles - to ensure that something is done
properly, rather than just botched. And - if it is temporarily need to
botch something to fix a critical problem, having the humility to admit
to it, placing warnings and caveats in place, and revisiting/improving
the situation at the first opportunity.

> Roads shouldn't have reflective lane markers, because the onus is on
> the
> driver being skilled and diligent enough to use the road safely.
> Stairs
> shouldn't have banisters, because the onus is on the user being
> skilled
> and diligent enough to use the stairs safely. Public bathrooms
> shouldn't
> have locks, because the onus is on the person seeking entry being
> skilled and diligent enough to knock before attempting to enter.
>

Plenty of roads - at least here in the UK - don't have reflective
markers. Many such roads in Scotland are single-track with passing
places: safely negotiating those, even in daylight, is challenging in
the extreme.

Obviously a public bathroom/restroom will have a vacant/engaged sign as
well as a lock. There's probably a valid argument that a lock should be
unnecessary, and everyone should be considerate and respectful enough
not to barge in or even knock if the facility appears to be in use.
There are probably countries (Scandinavia?) where the obsession with
privacy is less than it is in the UK and USA, and which do not have
locks on restrooms.

The point about all your three examples is that they all apply to
virtually everyone at some time or other during their lives. (OK, some
people don't learn to drive.) So the safety features have to be aimed
at the lowest common denominator, and designed/implemented for the
needs of the people who will require them the most. (Here in the UK,
this is currently being taken to what seems like an extreme degree:
even someone inviting other people to go for a Sunday afternoon walk in
the woods is expected to conduct a formal "risk assessment" and obtain
3rd party insurance based on the results.)

But not everyone rises to the challenge of becoming a programmer or
working in other IT-related disciplines - or even hears the call to do
so!

> But even more important, no regardless of who has onus and who
> fulfills
> their onus, a lot of dangerous memory errors are being produced by
> programmers. The problem is so bad that now many are calling for
> programmers to be licensed like Professional Engineers. If protecting
> people from their own mistakes can lessen these kinds of problems and
> reduce the obscene call for mandatory licensing of programmers, I'm
> all
> for it.
>

This is something that I've been thinking about - and feeling
passionately about - for a very long time, and if I start talking about
it, I tend to get on my soapbox. Please bear with me.

The status of programmers, sysadmins and other IT professionals in our
society is very low - usually (particularly at times of IT-related
disasters) little more than that of pariah. And yet . . . Suppose a
sysadmin was treated so badly by his or her employer that word got
around on social media, and a large proportion of sysadmins all over
the world downed tools and walked out. How long would it be before the
world's economy ground to a halt? I suspect that 6 hours would probably
be a conservative estimate. Given the degree to which banks now rely on
computers and the internet, I suspect that it would be back to barter
within 24h max.

People who are (accurately or not) classed in our society as
"professionals" (doctors, lawyers, accountants, architects, etc.) all
tend to have organisations behind them, which not only regulate their
skills and qualifications, but also their working conditions and
remuneration rates. So if their services are used, the user not only
has to pay them what's asked and treat them with a suitable degree of
respect, but can expect good work in return - and if the work isn't
good, they can complain to the organisation providing the
accreditation, and potentially get the practitioner struck off. (The
other thing which unites such people classed as "professionals" is that
they have to become proficient in the handling of extremely arcane
information and in difficult and exacting skills - information and
skills to which virtually everyone needs recourse at some point in
their lives, but do not necessarily have the time, energy and possibly
even intellectual capacity to master for themselves.)

To me - given the ever-increasing and critical importance of IT in our
time, the fact that such a body does not exist for IT professionals
seems like a outrageous omission. On the one hand, I read media reports
on the Horizon scandal, in which a large number of British postmasters
received criminal convictions - all because no one would admit to a
piece of software having a serious fault (almost certainly as a result
of developers being leant on by management to roll out the software
before it was ready). On the other hand, I spent 37 years working as an
IT sysadmin and programmer, and on any number of occasions being
expected to work all night and all the following day to fix and test
the fix for a problem - during which I received no extra remuneration
whatsoever. I'm sure plenty of members of this list have had similar or
worse experiences.

I've been convinced for many years that there should be an
international organisation regulating and certifying both the skills
and experience, and the working conditions and remuneration, of IT
professionals. I think it would be a win/win for both the IT people
(better conditions and remuneration, increased respect) and the people
who employ them and use the facilities that they develop and manage
(better quality software, greater reliability and accountability). Here
in the UK, we have the British Computer Society and the Institution of
Analysts and Programmers. Both are respected and give recognised
qualifications - but (at least when I was a member of both) neither had
anything like the status, heft and teeth wielded by bodies such as the
British Medical Association or the Law Society.

Please be clear that I'm in no way underestimating the scale of the
challenge of setting up such an organisation and reaching the point
where it was viable and fit for purpose. Colossal would be putting it
mildly, and catering for all requirements and opinions would make
squaring the circle look trivial by comparison. But I do believe that
it should be attempted.

A few years ago, I reached the age at which my driving licence expired.
As part of the application for a new one, I had to prove my identity by
obtaining a passport photograph, and getting it countersigned by a
"professional person". The list of such people included lawyers,
doctors, accountants, architects, teachers, ministers, etc. But not
software developers or IT sysadmins. And AFAIAC, that is nothing short
of scandalous!

(Whew. Sorry about that. Cold shower time . . . )

> And because I'm not very careful, I welcome languages like Rust and
> Ada, or even Pascal.
>

>From what I've read of your posts on here, I'm fully confident that you
are diligent, in the sense of my definition above, to an exemplary
degree. I'd also be confident that the same goes for everyone on this
list. I suspect that most members have collections of books on IT
subjects equal to or even greater than my own. Most of these books are
highly intellectual and difficult, requiring concentrated study and
practice to master the subjects and techniques. Why do I have mine -
and why in most cases did I shell out for them myself? Well, because at
some point, I needed to master the subject - not because anyone told me
to, but because I realised that I needed that skill to solve a
particular problem or meet a particular requirement.


> SteveT
>
> Steve Litt
>
> http://444domains.com
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription:
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Rust Reservations [Was: I have to cancel my Rust presentation for 3/4/2026]Re: [DNG] I have to cancel my Rust presentation for 3/4/2026->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)