SoylentNews is people
SoylentNews
Eric S Raymond, author of "The Cathedral and the Bazaar", blogs via Ibiblio
I wanted to like Rust. I really did. I've been investigating it for months, from the outside, as a C replacement with stronger correctness guarantees that we could use for NTPsec [a hardened implementation of Network Time Protocol].
[...] I was evaluating it in contrast with Go, which I learned in order to evaluate as a C replacement a couple of weeks back.
[...] In practice, I found Rust painful to the point of unusability. The learning curve was far worse than I expected; it took me those four days of struggling with inadequate documentation to write 67 lines of wrapper code for [a simple IRC] server.
Even things that should be dirt-simple, like string concatenation, are unreasonably difficult. The language demands a huge amount of fussy, obscure ritual before you can get anything done.
The contrast with Go is extreme. By four days in of exploring Go, I had mastered most of the language, had a working program and tests, and was adding features to taste.
Have you tried using Rust, Go or any other language that might replace C in the future? What are your experiences?
(Score: 0) by Anonymous Coward on Tuesday January 17 2017, @06:57AM
Exactly. What's wrong with them is they aren't suitable for most programmers. Most programmers should be using other safer languages.
With C and C++ too often common simple mistakes like typos or buffers not being big enough can result in "attackers can execute arbitrary code".
With safer languages the level of wrongness/stupidity needs to be higher. Like not escaping stuff or not using bind variables/parameters for DB stuff, or even explicitly running arbitrary code from an unsafe source.
It's fairly easy for a half-decent programmer to always escape stuff and use bind params but it's not easy to never make an "arbitrary code execution" mistake in C/C++. The programmer has to make special effort to have an buffer overflow arbitrary code execution exploit in a Perl/Python/Java/Lisp program. If there's one it's probably in the library/interpreter's C code.
And performance in safer languages is often good enough. Many years ago I wrote a db-backed rules-based DHCP server in perl for work reasons. Performance was fine (in fact it handled hundreds or thousands of network interfaces much better and faster than ISC DHCPD - the target servers would often have many VLAN interfaces). There was far less danger of "attackers can execute arbitrary code" compared to ISC's dhcpd (which kept having exploits for quite a number of years: https://www.cvedetails.com/vulnerability-list/vendor_id-64/product_id-2017/ISC-Dhcpd.html [cvedetails.com] ).