Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Friday May 08 2015, @09:01PM   Printer-friendly
from the off-with-its-head dept.

Ladies and gentlemen, the C programming language. It’s a classic. It is blindingly, quicksilver fast, because it’s about as close to the bone of the machine as you can get. It is time-tested and ubiquitous. And it is terrifyingly dangerous.

The author's biggest issue with the C language seems to be security holes:

If you write code in C, you have to be careful not to introduce subtle bugs that can turn into massive security holes — and as anyone who ever wrote software knows, you cannot be perfectly careful all of the time.

The author claims that the Rust language is a modern answer to these issues and should replace C (and C++). It does look that Rust can run C code, so it looks like an interesting proposition. What do Soylent's coders think about this?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Touché) by mtrycz on Friday May 08 2015, @09:52PM

    by mtrycz (60) on Friday May 08 2015, @09:52PM (#180504)

    Takehome message: you have to write extra code to call unsafe code.

    I like Rust more now.

    --
    In capitalist America, ads view YOU!
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Touché=1, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 1) by Ethanol-fueled on Friday May 08 2015, @10:56PM

    by Ethanol-fueled (2792) on Friday May 08 2015, @10:56PM (#180540) Homepage

    Rust: Write once, write again!

    • (Score: 4, Informative) by Anonymous Coward on Friday May 08 2015, @11:02PM

      by Anonymous Coward on Friday May 08 2015, @11:02PM (#180545)

      That's been my experience with Rust. I wrote some code one weekend, I spent the following work week at work coding in C++, then went back to my hobbyist Rust code on the weekend. Well it turns out that during that single week a bunch of the language's syntax changed, so my code no longer compiled. It required lots of changes before it would compile again. So I spent the weekend doing that, instead of actually using Rust for something productive. Then I had to go back to work for the next work week. When the weekend rolled around again, I went back to my hobbyist Rust code once more. Like before, the language and even the standard library had changed in incompatible ways. So again I had to waste a lot of time fixing my existing code, and not doing something productive. It didn't help that some of my code triggered a crash of the Rust compiler. Why would the Rust compiler crash? I thought that Rust was supposed to help stop crashes! Well whatever. The whole experience really made me think of Rust as a box of lemons. I work with C++ code that was first written in 1989. A lot of it hasn't been changed since the early 1990s, yet it all still compiles and works, even after we started using C++14. Rust has a lot of catching up to do if it ever wants to be as good as C++. I can compile C++ code written almost a quarter of a century ago, but I couldn't reliably compile Rust code written just 5 days earlier!

      • (Score: 1, Insightful) by Anonymous Coward on Friday May 08 2015, @11:21PM

        by Anonymous Coward on Friday May 08 2015, @11:21PM (#180550)

        ...perhaps you should have waited until Rust is actually released?

        • (Score: 0) by Anonymous Coward on Saturday May 09 2015, @03:31AM

          by Anonymous Coward on Saturday May 09 2015, @03:31AM (#180616)

          When the fuck will that actually be? The Rust devs keep saying "soon" and then "soon" arrives but it's never the right "soon".

      • (Score: 2) by maxwell demon on Friday May 08 2015, @11:27PM

        by maxwell demon (1608) on Friday May 08 2015, @11:27PM (#180555) Journal

        So it's called "rust" because your code doesn't just bitrot, but actually rusts away if you don't constantly update it? Or is it more because your language knowledge will seem rusty already next week? :-)

        Well, maybe it's a security feature: It makes sure that unmaintained code will stop working quickly. ;-)

        --
        The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2) by mtrycz on Saturday May 09 2015, @08:38AM

        by mtrycz (60) on Saturday May 09 2015, @08:38AM (#180689)

        if you're using a language that has not yet been released, couldn't you just have stick with the same version of the compiler for the project?

        Just sayin'.

        --
        In capitalist America, ads view YOU!
        • (Score: 1) by iWantToKeepAnon on Monday May 11 2015, @06:58PM

          by iWantToKeepAnon (686) on Monday May 11 2015, @06:58PM (#181583) Homepage Journal

          if you're using a language that has not yet been released

          If it isn't stable enough to compile code five days latter, then why the h@!! is there an article called "Death to C"? Don't gripe at the OP for doing something that is totally reasonable for a language being touted as the next "C(++) killer". I've heard that tune too many times and too many times it sounds and falls flat.

          --
          "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
  • (Score: 0) by Anonymous Coward on Friday May 08 2015, @10:57PM

    by Anonymous Coward on Friday May 08 2015, @10:57PM (#180542)

    That's not a good thing. It means that while calling "unsafe" (that's a misnomer; the code could very well be perfectly safe, especially if it wasn't written by a Rust programmer) code there is much more that could go wrong.

    Complexity is what causes bugs. Simplicity is what helps eliminate them.

    Adding complexity to try to prevent bugs will never work. It will just cause more bugs, and they will be harder to detect and properly fix.

    • (Score: 2) by Immerman on Saturday May 09 2015, @01:39PM

      by Immerman (3985) on Saturday May 09 2015, @01:39PM (#180750)

      is there added complexity though, or just added tedium? Adding tedium to generally unsafe practices would tend to promote using other practices instead.

      • (Score: 0) by Anonymous Coward on Saturday May 09 2015, @02:01PM

        by Anonymous Coward on Saturday May 09 2015, @02:01PM (#180759)

        Tedium is a form of unnecessary, wasteful complexity.

        • (Score: 2) by Immerman on Saturday May 09 2015, @04:42PM

          by Immerman (3985) on Saturday May 09 2015, @04:42PM (#180796)

          No, it really isn't.

          For a simplistic example, naming a function FastButUnsafeConversionFromStringToInteger() is going to nudge people toward using its slower, safer cousin StringToInt(). But there is absolutely no difference in the complexity of using either, only in the tedium of typing and reading the function name.

          The various _cast functions in C++ could have done something similar, except that the more concise C-style casts were still supported - I don't think I ever even found a compiler that let you warn against them. Which created the situation where the language constantly nudged people into using the more dangerous (and less locatable) legacy casts