drspodNov 12

🦀🦀🦀🦀🦀

https://lemmy.ml/post/38894606

Show threadanyhow2503Nov 12

Mozilla, where Rust was originally conceived, have already talked about this risk factor ages ago when they were still working on Servo. Reimplementing battle-tested software in a different language can result in logic bugs being introduced, which no programming language can really prevent. Many times they will actually reintroduce bugs that have already been historically fixed in the original implementation. This doesn’t invalidate the benefits of moving to a very memory safe language, it just needs to be taken into consideration when determining whether it’s worth the risk or the effort.

Honestly I have no idea whether sudo-rs is a good idea or not, but I have my doubts that any of the other people (especially the very vocal kind) chiming in on this do. Any time Rust is involved in the Linux community, a lot of vocal critics with very little knowledge of the language or programming in general seem to appear.

Show threadPossibly linux
Contrary to popular belief, it is possible to write software in C that is very secure. It takes thought but C has the edge with its small footprint and system integration
Nov 12 at 11:35pmWeb
Show threadpivot_rootNov 13
Contrary to popular belief, it is possible to write software in assembly that is very readable. It takes thought but assembly has the edge with its miniscule footprint and zero-dependency runtime.
Show threadnaught101Nov 13
esolangs.org/wiki/Brainfuck
brainfuck - Esolang

Show threadPossibly linuxNov 13

I wouldn’t go that far

The problem with assembly is that it is almost impossible to optimize it as a human. Way back in the day instruction sets were written for humans but these days it is highly unlikely that you will be able to write assembly that can outperform a compiler. The reason primary has to do with pipelining and caching since modern CPUs are extremely complex.

Show threadfuck_u_spez_in_particularNov 14
That’s btw. also a good argument for Rust. Due to the strictness of the language the compiler os able to do optimizations that just aren’t possible (safely) in C or C++
Show threadsabinNov 13

Yea I mean it’s possible, but the sooner you bite the bullet and use a more modern language, the sooner you’ll get back to the same level of maturity and start having productivity dividends being paid out thanks to things like being able to get your compiler to prevent use after free bugs and the like.

Not sure how much sudo specifically needs this, maybe new commits are rare. As long as it stays out of LTS for the time being I’m all for it though.

Also not quite sure what you mean by “footprint”

Are you talking about the binary size or the fact that C has a tiny and straightforward language spec?

Show threadanyhow2503Nov 13

At this point I think the “thoughtful” C programmer is a myth and I don’t mean this as an insult. Even the most careful and experienced C gurus still make mistakes that would be much harder to make, if not categorically prevented in something like Rust. A lot of very secure C software is small in footprint, has had stable requirements for years, experienced thousands of hours of real world testing by users and the scrutiny of security experts. What I’m saying is: it should be easier to write secure software, especially with complex requirements or large attack surfaces.

I disagree that C has a notably smaller footprint than Rust for most purposes and system integration is in some cases harder in Rust precisely because of the notorious upfront implementation cost that prevents a lot of potential bugs.