Leaders in Industry Support White House Call to Address Root Cause of Many of the Worst Cyber Attacks Read the full report here WASHINGTON – Today, the White House Office of the National Cyber Director (ONCD) released a report calling on the technical community to proactively reduce the attack surface in cyberspace. ONCD makes the…
On the one side I really like c and c++ because they’re fun and have great performance; they don’t feel like your fighting the language and let me feel sort of creative in the way I do things(compared with something like Rust or Swift).
On the other hand, when weighing one’s feelings against the common good, I guess it’s not really a contest. Plus I suspect a lot of my annoyance with languages like rust stems from not being as familiar with the paradigm. What do you all think?
I’m going to probably be downvoted to Hell, but I disagree wholly that it’s the language’s fault that people can exploit their programs. I’d say it’s experience by the programmer that is at fault, and that’s due to this bootcamp nature of learning programming.
I’d also blame businesses that emphasize quantity over quality, which then gets reflected in academia because schools are teaching to what they believe business wants in a programmer. So they’re just churning out lazy programmers who don’t know any better.
There needs to be an earnest revival of good programming as a whole; regardless of language, but also specifically to language. We also need to stop trying to churn out programmers in the shortest time possible. That’s doing no one any good.
While I agree wholeheartedly with the idea that we need to emphasize quality over quantity, so long as software pays well there will be people who don’t care. In my university I’ve met a fair few people that complain about having to learn about compilers, assembly, and whatnot because “I’ll never need to know that in my actual job”. While to some extent in the United States you can blame the fact that classes just cost a ton, I think it’s a sad reality that, barring some key change in the way our whole education and economic systems work, there will be unimaginative apathetic people that will ruin things for the rest. Plus people are fallible or something I dunno. But yeah void pointers are my jam because I don’t have to wait precious clock cycles making new ones jk.
but I disagree wholly that it’s the language’s fault that people can exploit their programs. I’d say it’s experience by the programmer that is at fault, and that’s due to this bootcamp nature of learning programming.
Considering that even the best programmers in the world can’t write correct programs with C/C++, it’s wrong to absolve those languages of the massive level of memory safety bugs in them. The aforementioned best programmers don’t lack the knowledge needed to write correct programs. But programmers are just humans and they make or miss serious bugs that they never intended. Having the computing power to catch such bugs and then not using it is the real mistake here. In fact, I would go one step further and say that it isn’t the language’s fault either. Such computing power didn’t exist when these languages were conceived. Now that it does, the fault lies entirely with the crowd that still insist that there’s nothing wrong with these old languages and that these new languages are a fad.
Id say it’s experience by the programmer that is at fault, and that’s due to this bootcamp nature of learning programming.
You are getting downvoted, because this is factually proven wrong by studies and internal analysis of several huge companies (e.g. google/android and microsoft). A huge number of exploitable bugs are preventable using memory safe languages, nowadays even without performance costs (Rust).
Apart from that your point is orthogonal to the point of the post. You can have better trained coders and have them use better, safer technologies.
We could also just train every driver more thoroughly including mental training and meditation to make sure they are more calm and focussed when driving and we maybe wouldn’t need seatbelts anymore. But:
Is that a realistic scenario?
Why not use seatbelts anyway, so there’s a higher chance of not dying if some driver didn’t sleep well that day?
Gently, I would ask you to think about yourself in a future role where you have too little time, and are under too much pressure, and you haven’t gotten enough sleep, and you’re distracted on this particular day, and you happen to make a mistake, leave out a line, forget to fix a section of code you were experimenting with…
And even if you, a paragon of programming power and virtue, would never find yourself able to be hurt by your tools, you must surely know that mortals have to work with them as well, right?
He has written his own libraries and programs to ensure these things don’t happen.
What you people need to understand is that these problems have been solved before Rust. They just weren’t baked into the language. And so people made mistakes.
I’m not saying Rust is not always the better choice. Of course not. I’m just oh-so-weary of this rewrite-the-world zealotry a lot of people have about it.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programming@programming.dev
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
Follow the programming.dev instance rules
Keep content related to programming in some way
If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos
I’m going to probably be downvoted to Hell, but I disagree wholly that it’s the language’s fault that people can exploit their programs. I’d say it’s experience by the programmer that is at fault, and that’s due to this bootcamp nature of learning programming.
I’d also blame businesses that emphasize quantity over quality, which then gets reflected in academia because schools are teaching to what they believe business wants in a programmer. So they’re just churning out lazy programmers who don’t know any better.
There needs to be an earnest revival of good programming as a whole; regardless of language, but also specifically to language. We also need to stop trying to churn out programmers in the shortest time possible. That’s doing no one any good.
That’s my two cents.
While I agree wholeheartedly with the idea that we need to emphasize quality over quantity, so long as software pays well there will be people who don’t care. In my university I’ve met a fair few people that complain about having to learn about compilers, assembly, and whatnot because “I’ll never need to know that in my actual job”. While to some extent in the United States you can blame the fact that classes just cost a ton, I think it’s a sad reality that, barring some key change in the way our whole education and economic systems work, there will be unimaginative apathetic people that will ruin things for the rest. Plus people are fallible or something I dunno. But yeah void pointers are my jam because I don’t have to wait precious clock cycles making new ones jk.
Even the best programmers are going to make mistakes at times. Saying the solution is to just be perfect all the time is impossible.
Memory safety issues were a thing even before bootcamps and “bootcamp culture”.
Even if you fix expertise, intention, and mindset - the entire workfield environment and it’s people - mistakes still happen.
If you can categorically evade mistakes and security and safety issues, why would you not?
Considering that even the best programmers in the world can’t write correct programs with C/C++, it’s wrong to absolve those languages of the massive level of memory safety bugs in them. The aforementioned best programmers don’t lack the knowledge needed to write correct programs. But programmers are just humans and they make or miss serious bugs that they never intended. Having the computing power to catch such bugs and then not using it is the real mistake here. In fact, I would go one step further and say that it isn’t the language’s fault either. Such computing power didn’t exist when these languages were conceived. Now that it does, the fault lies entirely with the crowd that still insist that there’s nothing wrong with these old languages and that these new languages are a fad.
All programmers make mistakes that cause memory safety errors if the language doesn’t protect them. This is a well documented fact, not an opinion.
Heartbleed, that famous cve written by a bootcamp grad
You are getting downvoted, because this is factually proven wrong by studies and internal analysis of several huge companies (e.g. google/android and microsoft). A huge number of exploitable bugs are preventable using memory safe languages, nowadays even without performance costs (Rust).
Apart from that your point is orthogonal to the point of the post. You can have better trained coders and have them use better, safer technologies.
We could also just train every driver more thoroughly including mental training and meditation to make sure they are more calm and focussed when driving and we maybe wouldn’t need seatbelts anymore. But:
Gently, I would ask you to think about yourself in a future role where you have too little time, and are under too much pressure, and you haven’t gotten enough sleep, and you’re distracted on this particular day, and you happen to make a mistake, leave out a line, forget to fix a section of code you were experimenting with…
And even if you, a paragon of programming power and virtue, would never find yourself able to be hurt by your tools, you must surely know that mortals have to work with them as well, right?
Absolutely. The problem is, most programmers are mediocre. So sadly the protection of stupid people tends to take cultural precedence.
Please show me a single “good” programmer who is working with C/C++ and hasn’t had a single memory bugs in a decade.
Check out Eskil Steenberg. He’s mostly a game dev, but he has some really good talks.
And you know with 100% certainty he hasn’t had a single memory bug in his last decade of developing?
He has written his own libraries and programs to ensure these things don’t happen.
What you people need to understand is that these problems have been solved before Rust. They just weren’t baked into the language. And so people made mistakes.
https://www.youtube.com/watch?v=pvkn9Xz-xks
I’m not saying Rust is not always the better choice. Of course not. I’m just oh-so-weary of this rewrite-the-world zealotry a lot of people have about it.
You mean grown-ups?
No, children.
People who are about memory safety are children? Bruh.