Steve Litt <slitt@???> writes:
> Rainer Weikusat via Dng said on Sun, 29 Mar 2026 19:18:49 +0100
>>Steve Litt <slitt@???> writes:
>>> Peter Duffy said on Mon, 23 Mar 2026 19:49:22 +0000
>>>
>>>>Maybe memory safety is actually not a property of the language or the
>>>>program - but of the programmer?
>>>>
>>>>Most languages have features which can be very useful, but which can
>>>>also be dangerous if misused, either carelessly or deliberately
>>>>(pointer arithmetic in C is only one example). The onus is on the
>>>>programmer being skilled and diligent enough to use the features
>>>>safely.
>>>
>>> In other words, only the ultra-careful need apply for a programming
>>> position.
>>>
>>> Roads shouldn't have reflective lane markers, because the onus is on
>>> the driver being skilled and diligent enough to use the road safely.
>>> Stairs shouldn't have banisters, because the onus is on the user
>>> being skilled and diligent enough to use the stairs safely. Public
>>> bathrooms shouldn't have locks, because the onus is on the person
>>> seeking entry being skilled and diligent enough to knock before
>>> attempting to enter.
>>
>>I think this misses the point: Every useful device can be abused or be
>>used wrongly and humans are really good at getting everything wrong
>>they possibly can.
>
> Deliberate misuse is not what I was talking about, and of course no
> language can guard against deliberate misuse. I wasn't even talking
> about reckless misuse. I was talking about misuse by mistake, and
> making it more difficult to make a mistake.

If something can be misued, humans will manage to do so because our
brains are not reliable.Especially, our short-term memory is really
feeble and bound to get erased with a a trace by any distraction. Yet,
we absolutely need it to remember what we're doing at the moment.

Simple example for this: My usual footwear is a pair of 2000 issue
standard German infantry combat boots. These, I polish once per day so
that they look decent (for my idea of decent at least). An individual
boot has five different sections and I'm applying shoe polish twice to
each section in two rounds of dealing with all of them. I'm an
intelligent person, this really ought to be considered a simple problem
and I've been doing this daily for the last 7 years. Yet, I routinely
use track of where I am in the procedure at least once every couple of
days.

Programming computers is much more complicated than that.

>
>
>>In a hypothetical universe where all software must
>>be written in Rust,
>
> Whoa, I never suggested a rule where all software must be written in
> Rust or any other language. There are always going to be (a few) better
> languages.
>
>>all security problem will also be written in
>>Rust. Humans will manage to do that.
>>
>>See also "SQL injection" and "supply chain attacks."
>
> I wasn't talking about a situation where somebody deliberately corrupts
> the Rust compiler to give badguys some sort of backdoor.

Neither was I. I was just mentioning classes of exploits abusing
(mostly) innocent mistakes people made. It's no longer 1988 and the
Morris worm is a phenomenon of the past. Languages with automated bounds
checking have existed for ages and are widely used. But they haven't
eliminated security problems as such.