Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

19 May, 2024: Line wrapping has been changed to be more consistent with Usenet standards.
 If you find that it is broken please let me know here rocksolid.nodes.help


devel / comp.lang.c++ / "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

SubjectAuthor
* "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lynn McGuire
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"John McCue
|`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
| `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Blue-Maned_Hawk
|  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|   +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Blue-Maned_Hawk
|    `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|     `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Blue-Maned_Hawk
+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Blue-Maned_Hawk
+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Janis Papanagnou
|+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
||`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| | +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Malcolm McLean
|| | |`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| | `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |  +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |    `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |     `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |      `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |        `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |         `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Janis Papanagnou
||  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
||   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Janis Papanagnou
||    `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
||+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Andreas Kempe
||`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"bart
|| |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Malcolm McLean
|| | `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |    +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |    |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |    | `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |    `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |     `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |      `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |       +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"bart
|| |       |+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |       ||`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       || +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |       || |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       || | +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
|| |       || | `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Paavo Helde
|| |       || |  +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       || |  |+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"bart
|| |       || |  ||`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       || |  |`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Ross Finlayson
|| |       || |  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |       || |   +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       || |   |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
|| |       || |   | `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       || |   |  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
|| |       || |   |   `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       || |   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"paavo512
|| |       || |    +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       || |    `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Scott Lurndal
|| |       || `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
|| |       ||  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       ||   `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |       ||    `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David Brown
|| |       ||     +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Michael S
|| |       ||     `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |       ||      `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"aph
|| |       |`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |       +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"aph
|| |       |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| |       | `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       |  `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kaz Kylheku
|| |       |   `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|| |       `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
|| `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Kenny McCormack
||  `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Scott Lurndal
|`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lynn McGuire
| +- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
| `- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Scott Lurndal
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Blue-Maned_Hawk
|+- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
|`- Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lynn McGuire
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"David LaRue
|`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
| +* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
| |+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Chris M. Thomasson
| ||+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lawrence D'Oliveiro
| ||`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Janis Papanagnou
| |`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Lynn McGuire
| `* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Malcolm McLean
+* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Derek
`* Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"Mr. Man-wai Chang

Pages:1234567
"White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us0brl$246bf$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3178&group=comp.lang.c%2B%2B#3178

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: lynnmcgu...@gmail.com (Lynn McGuire)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sat, 2 Mar 2024 17:13:56 -0600
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 2 Mar 2024 23:13:57 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="04c9b382e9beb5e37022f7b7359a2ffd";
logging-data="2234735"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/QvXdpZgG19DerwD83Eqg6WZNkFNL7SyA="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:3mRVYC6khhxf8SbNWBZC9HvY7wo=
Content-Language: en-US
 by: Lynn McGuire - Sat, 2 Mar 2024 23:13 UTC

"White House to Developers: Using C or C++ Invites Cybersecurity Risks"
https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks

"The Biden administration backs a switch to more memory-safe programming
languages. The tech industry sees their point, but it won't be easy."

No. The feddies want to regulate software development very much. They
have been talking about it for at least 20 years now. This is a very
bad thing.

Lynn

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us0es8$24khf$4@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3179&group=comp.lang.c%2B%2B#3179

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 00:05:28 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <us0es8$24khf$4@dont-email.me>
References: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 00:05:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1df16df39307445c7cddc792d9e0afb1";
logging-data="2249263"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+pED3e/y3xxe7ivWHp/kyu"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:wAdo7iO7OvoUfM2Ua5b40roXqp4=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 00:05 UTC

On Sat, 2 Mar 2024 17:13:56 -0600, Lynn McGuire wrote:

> The feddies want to regulate software development very much.

Given the high occurrence of embarrassing mistakes companies have been
making with their code, and continue to make, it’s quite clear they’re not
capable of regulating this issue themselves.

I wouldn’t worry about companies tripping over and hurting themselves, but
when the consequences are security leaks, not of information belonging to
those companies, but to their innocent customers/users who are often
unaware that those companies even had that information, then it’s quite
clear that Government has to step in.

Because if they don’t, then who will?

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us0m5r$25tj3$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3180&group=comp.lang.c%2B%2B#3180

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Followup: comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: jmc...@neutron.jmcunx.com (John McCue)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
Followup-To: comp.lang.c
Date: Sun, 3 Mar 2024 02:10:03 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 39
Message-ID: <us0m5r$25tj3$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me>
Reply-To: jmclnx@SPAMisBADgmail.com
Injection-Date: Sun, 3 Mar 2024 02:10:03 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="988db088bf698dae2a76e19d1c1d2210";
logging-data="2291299"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19dU8MK8WJHnPp+0ODt6xf0"
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (NetBSD/10.0_RC5 (amd64))
Cancel-Lock: sha1:G+8APTbiySWdduaXcZW2cX8v6e0=
X-OS-Version: NetBSD 10-RC5 amd64
 by: John McCue - Sun, 3 Mar 2024 02:10 UTC

trimmed followups to comp.lang.c

In comp.lang.c Lynn McGuire <lynnmcguire5@gmail.com> wrote:
<snip>
>
> "The Biden administration backs a switch to more memory-safe programming
> languages. The tech industry sees their point, but it won't be easy."
>
> No. The feddies want to regulate software development very much. They
> have been talking about it for at least 20 years now. This is a very
> bad thing.

Well to be fair, the feds regulations in the 60s made COBOL and
FORTRAN very popular, plus POSIX later on. All they did was
say "we will not buy anything unless ... rules".

From "The C Programming Language Quotes by Brian W. Kernighan".

> Nevertheless, C retains the basic philosophy that
> programmers know what they are doing; it only requires
> that they state their intentions explicitly.

If programmers were given time to test and develop, many
issues would not exist. Anyone who has ever worked for a
large company knows the pressure that exists to get things
done quickly instead of right. So all these issues I blame
on management.

How many times have we heard "ship it now, you can fix later"
and "later" never comes. :)

Rust will never fix policy issues, just different and maybe worst
issues will happen.

> Lynn

--
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us0qs9$2adp7$2@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3181&group=comp.lang.c%2B%2B#3181

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 03:30:17 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <us0qs9$2adp7$2@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 03:30:17 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1df16df39307445c7cddc792d9e0afb1";
logging-data="2438951"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/y3m8CB1kFmpAn1d9RAtjN"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:5GfVa/KpCD3WA2LsMaQpCQchvHc=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 03:30 UTC

On Sun, 3 Mar 2024 02:10:03 -0000 (UTC), John McCue wrote:

> Well to be fair, the feds regulations in the 60s made COBOL and FORTRAN
> very popular, plus POSIX later on.

The US Government purchasing rules on POSIX were sufficiently sketchy that
Microsoft was able to satisfy them easily with Windows NT, while supplying
a “POSIX” subsystem that was essentially unusable.

And then Microsoft went on to render POSIX largely irrelevant by eating
all the proprietary “Unix” vendors alive.

Nowadays, POSIX (and *nix generally) is undergoing a resurgence because of
Linux and Open Source. Developers are discovering that the Linux ecosystem
offers a much more productive development environment for a code-sharing,
code-reusing, Web-centric world than anything Microsoft can offer.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<pan$7c635$8df1683c$82c11c30$637245ac@invalid.invalid>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3182&group=comp.lang.c%2B%2B#3182

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!bluemanedhawk.eternal-september.org!.POSTED.2600:1700:e4c0:9ea0::41!not-for-mail
From: bluemane...@invalid.invalid (Blue-Maned_Hawk)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 08:52:03 -0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <pan$7c635$8df1683c$82c11c30$637245ac@invalid.invalid>
References: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 08:52:03 -0000 (UTC)
Injection-Info: bluemanedhawk.eternal-september.org; posting-host="2600:1700:e4c0:9ea0::41";
logging-data="2544862"; mail-complaints-to="abuse@eternal-september.org"
User-Agent: Pan/0.154 (Izium; 517acf4)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACh0lEQVRYw71Z21bD
MAzzevbfkr4cHjrSXJyL044+MDa6WLEl2SkvkrZ1AbAvXO+bUGSCPYnsuIVGMpm
ZLnjX718GhAKNsp8lON2F9VrhELwIgJlBepkZjA78rVK+FkmNhEJK76UsJlz8+E
rJsjrpYouhLo/SC6qPHgakFOR8wV9+8rCfO/I/oVnmUZUp42/LW2XkLj9TCFNM9
jp5g2EmHZgpYZjCOkYU7sXVogRylJqpdggoFLG1g09Flah/7kErCxzR9HgXPYsq
0glb9cxjIz2Vsk9AmAoCSxECpD713joMKjQqLAtmMqJmXjdVvlMnMQCVITotJd1
z+fh1f1NNo+vuc1KnhWUmY7t03vydTud9BbXCtN3L2PL3bK7JCNG0GHzuZxafyB
fxevCxpm1vrwZltqw6SILCcdoCE6PGQC8wZWDA9Or7Qp5s3lAZezys0nDazs9S9
R0TjwEiksRxLkNPC1NMMWPs1bj0Ei0Yuo+JVtFLuzP1NRJ16qXWN8DhhtmS4PDg
O6mqRxs4bEJrYt087mSIow/1VzW2oFlMQuiuIy/KsUagvhdw6hSjJGlIavbLF8x
j3X47bccLcUSi0dkWh1nUZNhANT1tHKUXrNxNLbd9KPb9wDDVrKwmPQMOPQ1oy6
k5I1DwzDeRJd3jVIhDAUxq3ngzJG4CCkNXZxZVMcjefoK2J0gUY2S3rxz/RuTFx
2zHd9U+obimJXMG4edsk/2j5pTU5G1MmzbRLxkfq5EiT1GGsidvMGzi+1goGb2l
GCrN+nGnV8xj3q3JLRDVPL96vUc7Z4aJ3TN1mVqWAMJMfG+Jxh6TQqP+92iZkCU
xtglds1AB6r0aiSHKcnFck+p/c/0CbacFLQcajGcAAAAASUVORK5CYII=
X-Face: Llanfair­pwllgwyng
yll
­gogeryÂÃ
? ?­chwyrnÂÂÂÂÂÂ
­drobwll­llanÃ
‚Ã
ƒƒƒ‚­tysilioÂÂÂÃ
‚­gogo­goch
 by: Blue-Maned_Hawk - Sun, 3 Mar 2024 08:52 UTC

Any attempt to displace C will require total replacement of the modern
computing ecosystem. Frankly, i'd be fine with that if pulled off well,
but i wouldn't be fine with a half-baked solution nor trying to force out
C without thinking about the whole rest of everything.

--
Blue-Maned_Hawk│shortens to
Hawk│/
blu.mɛin.dÊ°ak/
│he/him/his/himself/Mr.
blue-maned_hawk.srht.site
Mac and Cheese, Horrifying Quality, Prepared by Barack Obama

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3183&group=comp.lang.c%2B%2B#3183

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!bluemanedhawk.eternal-september.org!.POSTED.2600:1700:e4c0:9ea0::41!not-for-mail
From: bluemane...@invalid.invalid (Blue-Maned_Hawk)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 08:54:36 -0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
<us0qs9$2adp7$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 08:54:36 -0000 (UTC)
Injection-Info: bluemanedhawk.eternal-september.org; posting-host="2600:1700:e4c0:9ea0::41";
logging-data="2544862"; mail-complaints-to="abuse@eternal-september.org"
User-Agent: Pan/0.154 (Izium; 517acf4)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACh0lEQVRYw71Z21bD
MAzzevbfkr4cHjrSXJyL044+MDa6WLEl2SkvkrZ1AbAvXO+bUGSCPYnsuIVGMpm
ZLnjX718GhAKNsp8lON2F9VrhELwIgJlBepkZjA78rVK+FkmNhEJK76UsJlz8+E
rJsjrpYouhLo/SC6qPHgakFOR8wV9+8rCfO/I/oVnmUZUp42/LW2XkLj9TCFNM9
jp5g2EmHZgpYZjCOkYU7sXVogRylJqpdggoFLG1g09Flah/7kErCxzR9HgXPYsq
0glb9cxjIz2Vsk9AmAoCSxECpD713joMKjQqLAtmMqJmXjdVvlMnMQCVITotJd1
z+fh1f1NNo+vuc1KnhWUmY7t03vydTud9BbXCtN3L2PL3bK7JCNG0GHzuZxafyB
fxevCxpm1vrwZltqw6SILCcdoCE6PGQC8wZWDA9Or7Qp5s3lAZezys0nDazs9S9
R0TjwEiksRxLkNPC1NMMWPs1bj0Ei0Yuo+JVtFLuzP1NRJ16qXWN8DhhtmS4PDg
O6mqRxs4bEJrYt087mSIow/1VzW2oFlMQuiuIy/KsUagvhdw6hSjJGlIavbLF8x
j3X47bccLcUSi0dkWh1nUZNhANT1tHKUXrNxNLbd9KPb9wDDVrKwmPQMOPQ1oy6
k5I1DwzDeRJd3jVIhDAUxq3ngzJG4CCkNXZxZVMcjefoK2J0gUY2S3rxz/RuTFx
2zHd9U+obimJXMG4edsk/2j5pTU5G1MmzbRLxkfq5EiT1GGsidvMGzi+1goGb2l
GCrN+nGnV8xj3q3JLRDVPL96vUc7Z4aJ3TN1mVqWAMJMfG+Jxh6TQqP+92iZkCU
xtglds1AB6r0aiSHKcnFck+p/c/0CbacFLQcajGcAAAAASUVORK5CYII=
X-Face: Llanfair­pwllgwyng
yll
­gogeryÂÃ
? ?­chwyrnÂÂÂÂÂÂ
­drobwll­llanÃ
‚Ã
ƒƒƒ‚­tysilioÂÂÂÃ
‚­gogo­goch
 by: Blue-Maned_Hawk - Sun, 3 Mar 2024 08:54 UTC

Lawrence D'Oliveiro wrote:

> Nowadays, POSIX (and *nix generally) is undergoing a resurgence because
> of Linux and Open Source. Developers are discovering that the Linux
> ecosystem offers a much more productive development environment for a
> code-sharing, code-reusing, Web-centric world than anything Microsoft
> can offer.

I do not want to live in a web-centric world. I would much rather see
other, better uses of the internet become widespread.

--
Blue-Maned_Hawk│shortens to
Hawk│/
blu.mɛin.dÊ°ak/
│he/him/his/himself/Mr.
blue-maned_hawk.srht.site
Special thanks to misinformed hipsters!

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<20240303111022.0000051c@yahoo.com>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3184&group=comp.lang.c%2B%2B#3184

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!rocksolid2!i2pn.org!weretis.net!feeder6.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED.dsl199-203-251-52.bb.netvision.net.il!not-for-mail
From: already5...@yahoo.com (Michael S)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites
Cybersecurity Risks"
Date: Sun, 3 Mar 2024 11:10:22 +0200
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <20240303111022.0000051c@yahoo.com>
References: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: dont-email.me; posting-host="dsl199-203-251-52.bb.netvision.net.il:199.203.251.52";
logging-data="2552085"; mail-complaints-to="abuse@eternal-september.org"
X-Newsreader: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-w64-mingw32)
 by: Michael S - Sun, 3 Mar 2024 09:10 UTC

On Sat, 2 Mar 2024 17:13:56 -0600
Lynn McGuire <lynnmcguire5@gmail.com> wrote:

> They have been talking about it for at least 20 years now.

More like 48-49 years.
https://en.wikipedia.org/wiki/High_Order_Language_Working_Group

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us1lb5$2f4n4$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3185&group=comp.lang.c%2B%2B#3185

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED.2a01:799:443:8d00:3b43:ca74:7960:d842!not-for-mail
From: david.br...@hesbynett.no (David Brown)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 12:01:57 +0100
Organization: A noiseless patient Spider
Lines: 34
Message-ID: <us1lb5$2f4n4$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 11:01:57 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="2a01:799:443:8d00:3b43:ca74:7960:d842";
logging-data="2593508"; mail-complaints-to="abuse@eternal-september.org"
User-Agent: Mozilla Thunderbird
In-Reply-To: <us0brl$246bf$1@dont-email.me>
Content-Language: en-GB
 by: David Brown - Sun, 3 Mar 2024 11:01 UTC

On 03/03/2024 00:13, Lynn McGuire wrote:
> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>
> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>
> "The Biden administration backs a switch to more memory-safe programming
> languages. The tech industry sees their point, but it won't be easy."
>
> No.  The feddies want to regulate software development very much.  They
> have been talking about it for at least 20 years now.  This is a very
> bad thing.
>
> Lynn

It's the wrong solution to the wrong problem.

It is not languages like C and C++ that are "unsafe". It is the
programmers that write the code for them. As long as the people
programming in Rust or other modern languages are the more capable and
qualified developers - the ones who think about memory safety, correct
code, testing, and quality software development - then code written in
Rust will be better quality and safer than the average C, C++, Java and
C# code.

But if it gets popular enough for schools and colleges to teach Rust
programming course to the masses, and it gets used by developers who are
paid per KLoC, given responsibilities well beyond their abilities and
experience, lead by incompetent managers, untrained in good development
practices and pushed to impossible deadlines, then the average quality
of programs in Rust will drop to that of average C and C++ code.

Good languages and good tools help, but they are not the root cause of
poor quality software in the world.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us23fg$2i0j2$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3186&group=comp.lang.c%2B%2B#3186

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED.2001:a61:2633:2b01:88ab:a6ed:a355:85be!not-for-mail
From: janis_pa...@hotmail.com (Janis Papanagnou)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 16:03:10 +0100
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <us23fg$2i0j2$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Mar 2024 15:03:12 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="2001:a61:2633:2b01:88ab:a6ed:a355:85be";
logging-data="2687586"; mail-complaints-to="abuse@eternal-september.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Thunderbird/45.8.0
X-Enigmail-Draft-Status: N1110
In-Reply-To: <us1lb5$2f4n4$1@dont-email.me>
 by: Janis Papanagnou - Sun, 3 Mar 2024 15:03 UTC

On 03.03.2024 12:01, David Brown wrote:
> On 03/03/2024 00:13, Lynn McGuire wrote:
>> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>>
>> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>>
>> "The Biden administration backs a switch to more memory-safe
>> programming languages. [...]"
>> [...]
>
> It's the wrong solution to the wrong problem.
>
> It is not languages like C and C++ that are "unsafe". It is the
> programmers that write the code for them. [...]
>
> [...]
>
> Good languages and good tools help, but they are not the root cause of
> poor quality software in the world.

I agree about the necessity of having good programmers. But a lot more
factors are important, and there's factors that influence programmers.
Languages may have a design that makes it possible to produce safer
software, or to be error prone and require a lot more attention from
the programmers (and also from management). Tools may help a bit to
work around the problems that languages inherently add. Good project
management may also help to increase software quality. But it's much
more costly in case of using inferior (or unsuited) languages.

Janis

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<7J0FN.35692$zF_1.20904@fx18.iad>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3187&group=comp.lang.c%2B%2B#3187

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx18.iad.POSTED!not-for-mail
X-newsreader: xrn 9.03-beta-14-64bit
Sender: scott@dragon.sl.home (Scott Lurndal)
From: sco...@slp53.sl.home (Scott Lurndal)
Reply-To: slp53@pacbell.net
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
Newsgroups: comp.lang.c++,comp.lang.c
References: <us0brl$246bf$1@dont-email.me>
Lines: 13
Message-ID: <7J0FN.35692$zF_1.20904@fx18.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Sun, 03 Mar 2024 15:31:15 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Sun, 03 Mar 2024 15:31:15 GMT
X-Received-Bytes: 1200
 by: Scott Lurndal - Sun, 3 Mar 2024 15:31 UTC

Lynn McGuire <lynnmcguire5@gmail.com> writes:
>"White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>
>https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>
>"The Biden administration backs a switch to more memory-safe programming
>languages. The tech industry sees their point, but it won't be easy."
>
>No. The feddies want to regulate software development very much.

You've been reading far to much apocalyptic fiction and seeing the
world through trump-colored glasses. Neither reflect reality.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<20240303092938.43@kylheku.com>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3188&group=comp.lang.c%2B%2B#3188

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: 433-929-...@kylheku.com (Kaz Kylheku)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites
Cybersecurity Risks"
Date: Sun, 3 Mar 2024 18:18:26 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 92
Message-ID: <20240303092938.43@kylheku.com>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 18:18:26 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="2a4cf53726382e543b2e0eba8b36e2b7";
logging-data="2773703"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/YDD4oE68BLuw84K2NXXi1K/tttsiYHxY="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:QBzWnAaXkS6b1TBVCM4j26szomE=
 by: Kaz Kylheku - Sun, 3 Mar 2024 18:18 UTC

On 2024-03-03, David Brown <david.brown@hesbynett.no> wrote:
> On 03/03/2024 00:13, Lynn McGuire wrote:
>> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>>
>> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>>
>> "The Biden administration backs a switch to more memory-safe programming
>> languages. The tech industry sees their point, but it won't be easy."
>>
>> No.  The feddies want to regulate software development very much.  They
>> have been talking about it for at least 20 years now.  This is a very
>> bad thing.
>>
>> Lynn
>
> It's the wrong solution to the wrong problem.
>
> It is not languages like C and C++ that are "unsafe". It is the
> programmers that write the code for them. As long as the people
> programming in Rust or other modern languages are the more capable and
> qualified developers - the ones who think about memory safety, correct
> code, testing, and quality software development - then code written in
> Rust will be better quality and safer than the average C, C++, Java and
> C# code.

Programmers who think about safety, correctness and quality and all that
have way fewer diagnostics and more footguns if they are coding in C
compared to Rust.

I think, you can't just wave away the characteristics of Rust as making
no difference in this regard.

> But if it gets popular enough for schools and colleges to teach Rust
> programming course to the masses, and it gets used by developers who are
> paid per KLoC, given responsibilities well beyond their abilities and
> experience, lead by incompetent managers, untrained in good development
> practices and pushed to impossible deadlines, then the average quality
> of programs in Rust will drop to that of average C and C++ code.

The rhetoric you hear from Rust people about this is that coders taking
a safety shortcut to make something work have to explicitly ask for that
in Rust. It leaves a visible trace. If something goes wrong because of
an unsafe block, you can trace that to the commit which added it.

The rhetoric all sounds good.

However, like you, I also believe it boils down to people, in a
somewhat different way. To use Rust productively, you have to be one of
the rare idiot savants who are smart enough to use it *and* numb to all
the inconveniences.

The reason the average programmer won't make any safety
boo-boos using Rust is that the average programmer either isn't smart
enough to use it at all, or else doesn't want to put up with the fuss:
they will opt for some safe language which is easy to use.

Rust's problem is that we have safe languages in which you can almost
crank out working code with your eyes closed. (Or if not working,
then at least code in which the only uncaught bugs are your logic bugs,
not some undefined behavior from integer overflow or array out of
bounds.)

This is why Rust people are desperately pitching Rust as an alternative
for C and whatnot, and showcasing it being used in the kernel and
whatnot.

Trying to be both safe and efficient to be able to serve as a "C
replacement" is a clumsy hedge that makes Rust an awkward language.

You know the parable about the fox that tries to chase two rabbits.

The alternative to Rust in application development is pretty much any
convenient, "easy" high level language, plus a little bit of C.
You can get a small quantity of C right far more easily than a large
quantity of C. It's almost immaterial.

An important aspect of Rust is the ownership-based memory management.

The problem is, the "garbage collection is bad" era is /long/ behind us.

Scoped ownership is a half-baked solution to the object lifetime
problem, that gets in the way of the programmer and isn't appropriate
for the vast majority of software tasks.

Embedded systems often need custom memory management, not something that
the language imposes. C has malloc, yet even that gets disused in favor
of something else.

--
TXR Programming Language: http://nongnu.org/txr
Cygnal: Cygwin Native Application Library: http://kylheku.com/cygnal
Mastodon: @Kazinator@mstdn.ca

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2lfh$2ltj3$5@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3189&group=comp.lang.c%2B%2B#3189

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 20:10:26 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <us2lfh$2ltj3$5@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 20:10:26 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1df16df39307445c7cddc792d9e0afb1";
logging-data="2815587"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18k61dSz1KN3nf2qoFESSAi"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:JREWGw+N9Tii+CUo2F5lo6OdljA=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 20:10 UTC

On Sun, 3 Mar 2024 12:01:57 +0100, David Brown wrote:

> It is not languages like C and C++ that are "unsafe".

Some empirical evidence from Google
<https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html>
shows a reduction in memory-safety errors in switching from C/C++ to Rust.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2lh2$2ltj3$6@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3190&group=comp.lang.c%2B%2B#3190

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 20:11:14 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <us2lh2$2ltj3$6@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
<us0qs9$2adp7$2@dont-email.me>
<pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 20:11:14 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1df16df39307445c7cddc792d9e0afb1";
logging-data="2815587"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19D4uqufIUwsGGGfrcEhL/w"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:HTMmQ7X9T7UEkgBwVe940/8WK+A=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 20:11 UTC

On Sun, 3 Mar 2024 08:54:36 -0000 (UTC), Blue-Maned_Hawk wrote:

> Lawrence D'Oliveiro wrote:
>
>> Nowadays, POSIX (and *nix generally) is undergoing a resurgence because
>> of Linux and Open Source. Developers are discovering that the Linux
>> ecosystem offers a much more productive development environment for a
>> code-sharing, code-reusing, Web-centric world than anything Microsoft
>> can offer.
>
> I do not want to live in a web-centric world.

You already do.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2m8u$2m9mm$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3191&group=comp.lang.c%2B%2B#3191

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: david.br...@hesbynett.no (David Brown)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 21:23:56 +0100
Organization: A noiseless patient Spider
Lines: 161
Message-ID: <us2m8u$2m9mm$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
<20240303092938.43@kylheku.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 20:23:58 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="e3a4d60295db5cdd468efe6fa407fe0e";
logging-data="2827990"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+kkmO3IdWiXKLaKwxLtby1l0DsxtVVrhE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:vmOMwIPqftdoTLFIhL5S5ipakK8=
Content-Language: en-GB
In-Reply-To: <20240303092938.43@kylheku.com>
 by: David Brown - Sun, 3 Mar 2024 20:23 UTC

On 03/03/2024 19:18, Kaz Kylheku wrote:
> On 2024-03-03, David Brown <david.brown@hesbynett.no> wrote:
>> On 03/03/2024 00:13, Lynn McGuire wrote:
>>> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>>>
>>> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>>>
>>> "The Biden administration backs a switch to more memory-safe programming
>>> languages. The tech industry sees their point, but it won't be easy."
>>>
>>> No.  The feddies want to regulate software development very much.  They
>>> have been talking about it for at least 20 years now.  This is a very
>>> bad thing.
>>>
>>> Lynn
>>
>> It's the wrong solution to the wrong problem.
>>
>> It is not languages like C and C++ that are "unsafe". It is the
>> programmers that write the code for them. As long as the people
>> programming in Rust or other modern languages are the more capable and
>> qualified developers - the ones who think about memory safety, correct
>> code, testing, and quality software development - then code written in
>> Rust will be better quality and safer than the average C, C++, Java and
>> C# code.
>
> Programmers who think about safety, correctness and quality and all that
> have way fewer diagnostics and more footguns if they are coding in C
> compared to Rust.
>
> I think, you can't just wave away the characteristics of Rust as making
> no difference in this regard.

I did not.

I said that the /root/ problem is not the language, but the programmers
and the way they work.

Of course some languages make some things harder and other things
easier. And even the most careful programmers will occasionally make
mistakes. So having a language that helps reduce the risk of some kinds
of errors is a helpful thing.

But consider this. When programming in modern C++, you can be risk-free
from buffer overruns and most kinds of memory leak - use container
classes, string classes, and the like, rather than C-style arrays and
malloc/free or new/delete. You can use the C++ coding guideline
libraries to mark ownership of pointers. You can use compiler
sanitizers to catch many kinds undefined behaviour. You can use all
sorts of static analysis tools, from free to very costly, to help find
problems. And yet there are armies of programmers writing bad C++ code.
PHP and Javascript have automatic memory management and garbage
collection eliminating many of the possible problems seen in C and C++
code, yet armies of programmers write PHP and Javascript code full of
bugs and security faults.

Better languages, better libraries, and better tools certainly help.
There are not many tasks for which C is the best choice of language.
But none of that will deal with the root of the problem. Good
programmers, with good training, in good development departments with
good managers and good resources, will write correct code more
efficiently in a better language, but they can write correct code in
pretty much /any/ language. Similarly, the bulk of programmers will
write bad code in any language.

>
>> But if it gets popular enough for schools and colleges to teach Rust
>> programming course to the masses, and it gets used by developers who are
>> paid per KLoC, given responsibilities well beyond their abilities and
>> experience, lead by incompetent managers, untrained in good development
>> practices and pushed to impossible deadlines, then the average quality
>> of programs in Rust will drop to that of average C and C++ code.
>
> The rhetoric you hear from Rust people about this is that coders taking
> a safety shortcut to make something work have to explicitly ask for that
> in Rust. It leaves a visible trace. If something goes wrong because of
> an unsafe block, you can trace that to the commit which added it.
>
> The rhetoric all sounds good.

You can't trace the commit for programmers who don't use version control
software - and that is a /lot/ of them. Leaving visible traces does not
help when no one else looks at the code. Shortcuts are taken because
the sales people need the code by tomorrow morning, and there are only
so many hours in the night to get it working.

Rust makes it possible to have some safety checks for a few things that
are much harder to do in C++. It does not stop people writing bad code
using bad development practices.

>
> However, like you, I also believe it boils down to people, in a
> somewhat different way. To use Rust productively, you have to be one of
> the rare idiot savants who are smart enough to use it *and* numb to all
> the inconveniences.

And you have to have managers who are smart enough to believe it when
their programmers say they need to train in a new language, re-write
lots of existing code, and accept longer development times as a tradeoff
for fewer bugs in shipped code.

(I personally have a very good manager, but I know a great many
programmers do not.)

>
> The reason the average programmer won't make any safety
> boo-boos using Rust is that the average programmer either isn't smart
> enough to use it at all, or else doesn't want to put up with the fuss:
> they will opt for some safe language which is easy to use.
>
> Rust's problem is that we have safe languages in which you can almost
> crank out working code with your eyes closed. (Or if not working,
> then at least code in which the only uncaught bugs are your logic bugs,
> not some undefined behavior from integer overflow or array out of
> bounds.)
>
> This is why Rust people are desperately pitching Rust as an alternative
> for C and whatnot, and showcasing it being used in the kernel and
> whatnot.
>

I personally think it is madness to have Rust in a project like the
Linux kernel. I used to see C++ as a rapidly changing language with its
3 year cycle - Rust seems to have a 3 week cycle for updates, with no
formal standardisation and "work in progress" attitude. That's fine for
a new language under development, but /not/ something you want for a
project that spans decades.

> Trying to be both safe and efficient to be able to serve as a "C
> replacement" is a clumsy hedge that makes Rust an awkward language.
>
> You know the parable about the fox that tries to chase two rabbits.
>
> The alternative to Rust in application development is pretty much any
> convenient, "easy" high level language, plus a little bit of C.
> You can get a small quantity of C right far more easily than a large
> quantity of C. It's almost immaterial.
>

There are lots of alternatives to Rust for application development. But
in general, higher level languages mean you do less manual work, and
write fewer lines of code for the same amount of functionality. And
that means a lower risk of errors.

> An important aspect of Rust is the ownership-based memory management.
>
> The problem is, the "garbage collection is bad" era is /long/ behind us.
>
> Scoped ownership is a half-baked solution to the object lifetime
> problem, that gets in the way of the programmer and isn't appropriate
> for the vast majority of software tasks.
>
> Embedded systems often need custom memory management, not something that
> the language imposes. C has malloc, yet even that gets disused in favor
> of something else.
>

For safe embedded systems, you don't want memory management at all.
Avoiding dynamic memory is an important aspect of safety-critical
embedded development.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2o8i$19k0$2@nyheter.lysator.liu.se>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3192&group=comp.lang.c%2B%2B#3192

  copy link   Newsgroups: comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!nyheter.lysator.liu.se!.POSTED!not-for-mail
From: kem...@lysator.liu.se (Andreas Kempe)
Newsgroups: comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites
Cybersecurity Risks"
Date: Sun, 3 Mar 2024 20:57:54 -0000 (UTC)
Organization: Lysator ACS
Message-ID: <us2o8i$19k0$2@nyheter.lysator.liu.se>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
<us2lfh$2ltj3$5@dont-email.me>
Injection-Date: Sun, 3 Mar 2024 20:57:54 -0000 (UTC)
Injection-Info: nyheter.lysator.liu.se; posting-account="kempe";
logging-data="42624"; mail-complaints-to="newsmaster@lysator.liu.se"
User-Agent: slrn/1.0.3 (FreeBSD)
 by: Andreas Kempe - Sun, 3 Mar 2024 20:57 UTC

Den 2024-03-03 skrev Lawrence D'Oliveiro <ldo@nz.invalid>:
> On Sun, 3 Mar 2024 12:01:57 +0100, David Brown wrote:
>
>> It is not languages like C and C++ that are "unsafe".
>
> Some empirical evidence from Google
><https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html>
> shows a reduction in memory-safety errors in switching from C/C++ to Rust.

I'm not surprised. I think it is pretty self-evident that a language
that is designed to reduce memory errors, if correctly designed,
will do just that.

It is very easy to go on about good and bad programmers, but that
really doesn't matter since statistics from the real world show that
memory errors are common and cause serious vulnerabilities.

Considering how hostile today's interconnected world has become with
security getting a higher and higher priority, I think we are bound to
see a decline of memory unsafe languages. C++ can be written to be
memory safe, but it is also very easy to write C++ that is not memory
safe. If C++ is to stay competitive, I think the C++ committee needs
to have a good and long think about what can be done to remedy these
issues.

Doing nothing, I could see initiatives like CHERI introducing hardware
based memory safety being a saviour. If the languages that enforce
memory safety through their type system are more difficult to use, C++
might be preferable if the memory safety is provided more or less
transparently through the hardware. Although a software solution is
probably seen as easier and cheaper than a hardware one. As the sales
department at my last job informed me: "We can sell hardware, everyone
likes a shiny box! Software is supposed to be included for free!"

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2qrf$2n6hm$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3193&group=comp.lang.c%2B%2B#3193

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 13:42:07 -0800
Organization: A noiseless patient Spider
Lines: 25
Message-ID: <us2qrf$2n6hm$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us0es8$24khf$4@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 21:42:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2857526"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19BC+9wi3QMO/Rcv5BhQCjJsx40/n3L+Js="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:xnOWl9AQQJ8f84I6zbhm9ZlfnXQ=
In-Reply-To: <us0es8$24khf$4@dont-email.me>
Content-Language: en-US
 by: Chris M. Thomasson - Sun, 3 Mar 2024 21:42 UTC

On 3/2/2024 4:05 PM, Lawrence D'Oliveiro wrote:
> On Sat, 2 Mar 2024 17:13:56 -0600, Lynn McGuire wrote:
>
>> The feddies want to regulate software development very much.
>
> Given the high occurrence of embarrassing mistakes companies have been
> making with their code, and continue to make, it’s quite clear they’re not
> capable of regulating this issue themselves.

Oh my. C/C++ compilers are banned world wide. They even have reeducation
camps that they will confine you to. You know, to learn the one true
way... If you make a bug using the one true way, you risk a firing
squad? lol. ;^)

>
> I wouldn’t worry about companies tripping over and hurting themselves, but
> when the consequences are security leaks, not of information belonging to
> those companies, but to their innocent customers/users who are often
> unaware that those companies even had that information, then it’s quite
> clear that Government has to step in.
>
> Because if they don’t, then who will?

lol.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2r7l$2n6h3$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3194&group=comp.lang.c%2B%2B#3194

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 13:48:37 -0800
Organization: A noiseless patient Spider
Lines: 44
Message-ID: <us2r7l$2n6h3$1@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 21:48:37 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2857507"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+SlxgbQG9KbULbRLvozQXNX0jXmB+cInI="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:ifZT1ZA/cqZEMKhe4buYUQ23ZVw=
In-Reply-To: <us1lb5$2f4n4$1@dont-email.me>
Content-Language: en-US
 by: Chris M. Thomasson - Sun, 3 Mar 2024 21:48 UTC

On 3/3/2024 3:01 AM, David Brown wrote:
> On 03/03/2024 00:13, Lynn McGuire wrote:
>> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>>
>> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>>
>> "The Biden administration backs a switch to more memory-safe
>> programming languages. The tech industry sees their point, but it
>> won't be easy."
>>
>> No.  The feddies want to regulate software development very much.
>> They have been talking about it for at least 20 years now.  This is a
>> very bad thing.
>>
>> Lynn
>
> It's the wrong solution to the wrong problem.
>
> It is not languages like C and C++ that are "unsafe".  It is the
> programmers that write the code for them.  As long as the people
> programming in Rust or other modern languages are the more capable and
> qualified developers - the ones who think about memory safety, correct
> code, testing, and quality software development - then code written in
> Rust will be better quality and safer than the average C, C++, Java and
> C# code.

Then we will hear about how human programmers cannot be trusted... AI is
there. No programmers needed now. Jesting, of course, but I have heard
some people starting to think that way.

>
> But if it gets popular enough for schools and colleges to teach Rust
> programming course to the masses, and it gets used by developers who are
> paid per KLoC, given responsibilities well beyond their abilities and
> experience, lead by incompetent managers, untrained in good development
> practices and pushed to impossible deadlines, then the average quality
> of programs in Rust will drop to that of average C and C++ code.
>
> Good languages and good tools help, but they are not the root cause of
> poor quality software in the world.
>

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2r8r$2n6h3$2@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3195&group=comp.lang.c%2B%2B#3195

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 13:49:15 -0800
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <us2r8r$2n6h3$2@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
<us0qs9$2adp7$2@dont-email.me>
<pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>
<us2lh2$2ltj3$6@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Mar 2024 21:49:15 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2857507"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19mF5zXcV06M4rWlkE9joced1kmyp5sMF0="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:5JTlSmlhXOm9rAtPkDaLaKyHnhA=
In-Reply-To: <us2lh2$2ltj3$6@dont-email.me>
Content-Language: en-US
 by: Chris M. Thomasson - Sun, 3 Mar 2024 21:49 UTC

On 3/3/2024 12:11 PM, Lawrence D'Oliveiro wrote:
> On Sun, 3 Mar 2024 08:54:36 -0000 (UTC), Blue-Maned_Hawk wrote:
>
>> Lawrence D'Oliveiro wrote:
>>
>>> Nowadays, POSIX (and *nix generally) is undergoing a resurgence because
>>> of Linux and Open Source. Developers are discovering that the Linux
>>> ecosystem offers a much more productive development environment for a
>>> code-sharing, code-reusing, Web-centric world than anything Microsoft
>>> can offer.
>>
>> I do not want to live in a web-centric world.
>
> You already do.

You are not an ai, right? ;^)

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2s0i$2n6h3$5@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3196&group=comp.lang.c%2B%2B#3196

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 14:01:54 -0800
Organization: A noiseless patient Spider
Lines: 167
Message-ID: <us2s0i$2n6h3$5@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
<20240303092938.43@kylheku.com> <us2m8u$2m9mm$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 22:01:54 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2857507"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19gXGsiLsZTPEV4I0iNz59rab8jVDS+gYs="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:NhjjGjrzRqp/dT7lPSNuCwUgsgw=
Content-Language: en-US
In-Reply-To: <us2m8u$2m9mm$1@dont-email.me>
 by: Chris M. Thomasson - Sun, 3 Mar 2024 22:01 UTC

On 3/3/2024 12:23 PM, David Brown wrote:
> On 03/03/2024 19:18, Kaz Kylheku wrote:
>> On 2024-03-03, David Brown <david.brown@hesbynett.no> wrote:
>>> On 03/03/2024 00:13, Lynn McGuire wrote:
>>>> "White House to Developers: Using C or C++ Invites Cybersecurity Risks"
>>>>
>>>> https://www.pcmag.com/news/white-house-to-developers-using-c-plus-plus-invites-cybersecurity-risks
>>>>
>>>> "The Biden administration backs a switch to more memory-safe
>>>> programming
>>>> languages. The tech industry sees their point, but it won't be easy."
>>>>
>>>> No.  The feddies want to regulate software development very much.  They
>>>> have been talking about it for at least 20 years now.  This is a very
>>>> bad thing.
>>>>
>>>> Lynn
>>>
>>> It's the wrong solution to the wrong problem.
>>>
>>> It is not languages like C and C++ that are "unsafe".  It is the
>>> programmers that write the code for them.  As long as the people
>>> programming in Rust or other modern languages are the more capable and
>>> qualified developers - the ones who think about memory safety, correct
>>> code, testing, and quality software development - then code written in
>>> Rust will be better quality and safer than the average C, C++, Java and
>>> C# code.
>>
>> Programmers who think about safety, correctness and quality and all that
>> have way fewer diagnostics and more footguns if they are coding in C
>> compared to Rust.
>>
>> I think, you can't just wave away the characteristics of Rust as making
>> no difference in this regard.
>
> I did not.
>
> I said that the /root/ problem is not the language, but the programmers
> and the way they work.
>
> Of course some languages make some things harder and other things
> easier.  And even the most careful programmers will occasionally make
> mistakes.  So having a language that helps reduce the risk of some kinds
> of errors is a helpful thing.
>
> But consider this.  When programming in modern C++, you can be risk-free
> from buffer overruns and most kinds of memory leak - use container
> classes, string classes, and the like, rather than C-style arrays and
> malloc/free or new/delete.  You can use the C++ coding guideline
> libraries to mark ownership of pointers.  You can use compiler
> sanitizers to catch many kinds undefined behaviour.  You can use all
> sorts of static analysis tools, from free to very costly, to help find
> problems.  And yet there are armies of programmers writing bad C++ code.
>  PHP and Javascript have automatic memory management and garbage
> collection eliminating many of the possible problems seen in C and C++
> code, yet armies of programmers write PHP and Javascript code full of
> bugs and security faults.
>
> Better languages, better libraries, and better tools certainly help.
> There are not many tasks for which C is the best choice of language. But
> none of that will deal with the root of the problem.  Good programmers,
> with good training, in good development departments with good managers
> and good resources, will write correct code more efficiently in a better
> language, but they can write correct code in pretty much /any/
> language.  Similarly, the bulk of programmers will write bad code in any
> language.
>
>>
>>> But if it gets popular enough for schools and colleges to teach Rust
>>> programming course to the masses, and it gets used by developers who are
>>> paid per KLoC, given responsibilities well beyond their abilities and
>>> experience, lead by incompetent managers, untrained in good development
>>> practices and pushed to impossible deadlines, then the average quality
>>> of programs in Rust will drop to that of average C and C++ code.
>>
>> The rhetoric you hear from Rust people about this is that coders taking
>> a safety shortcut to make something work have to explicitly ask for that
>> in Rust. It leaves a visible trace.  If something goes wrong because of
>> an unsafe block, you can trace that to the commit which added it.
>>
>> The rhetoric all sounds good.
>
> You can't trace the commit for programmers who don't use version control
> software - and that is a /lot/ of them.  Leaving visible traces does not
> help when no one else looks at the code.  Shortcuts are taken because
> the sales people need the code by tomorrow morning, and there are only
> so many hours in the night to get it working.
>
> Rust makes it possible to have some safety checks for a few things that
> are much harder to do in C++.  It does not stop people writing bad code
> using bad development practices.
>
>>
>> However, like you, I also believe it boils down to people, in a
>> somewhat different way. To use Rust productively, you have to be one of
>> the rare idiot savants who are smart enough to use it *and* numb to all
>> the inconveniences.
>
> And you have to have managers who are smart enough to believe it when
> their programmers say they need to train in a new language, re-write
> lots of existing code, and accept longer development times as a tradeoff
> for fewer bugs in shipped code.
>
> (I personally have a very good manager, but I know a great many
> programmers do not.)
>
>>
>> The reason the average programmer won't make any safety
>> boo-boos using Rust is that the average programmer either isn't smart
>> enough to use it at all, or else doesn't want to put up with the fuss:
>> they will opt for some safe language which is easy to use.
>>
>> Rust's problem is that we have safe languages in which you can almost
>> crank out working code with your eyes closed. (Or if not working,
>> then at least code in which the only uncaught bugs are your logic bugs,
>> not some undefined behavior from integer overflow or array out of
>> bounds.)
>>
>> This is why Rust people are desperately pitching Rust as an alternative
>> for C and whatnot, and showcasing it being used in the kernel and
>> whatnot.
>>
>
> I personally think it is madness to have Rust in a project like the
> Linux kernel.  I used to see C++ as a rapidly changing language with its
> 3 year cycle - Rust seems to have a 3 week cycle for updates, with no
> formal standardisation and "work in progress" attitude.  That's fine for
> a new language under development, but /not/ something you want for a
> project that spans decades.
>
>> Trying to be both safe and efficient to be able to serve as a "C
>> replacement" is a clumsy hedge that makes Rust an awkward language.
>>
>> You know the parable about the fox that tries to chase two rabbits.
>>
>> The alternative to Rust in application development is pretty much any
>> convenient, "easy" high level language, plus a little bit of C.
>> You can get a small quantity of C right far more easily than a large
>> quantity of C. It's almost immaterial.
>>
>
> There are lots of alternatives to Rust for application development.  But
> in general, higher level languages mean you do less manual work, and
> write fewer lines of code for the same amount of functionality.  And
> that means a lower risk of errors.
>
>> An important aspect of Rust is the ownership-based memory management.
>>
>> The problem is, the "garbage collection is bad" era is /long/ behind us.
>>
>> Scoped ownership is a half-baked solution to the object lifetime
>> problem, that gets in the way of the programmer and isn't appropriate
>> for the vast majority of software tasks.
>>
>> Embedded systems often need custom memory management, not something that
>> the language imposes. C has malloc, yet even that gets disused in favor
>> of something else.
>>
>
> For safe embedded systems, you don't want memory management at all.
> Avoiding dynamic memory is an important aspect of safety-critical
> embedded development.
>

You still have to think about memory management even if you avoid any
dynamic memory? How are you going to mange this memory wrt your various
data structures needs....

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2s96$2n6h3$6@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3197&group=comp.lang.c%2B%2B#3197

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 14:06:31 -0800
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <us2s96$2n6h3$6@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
<us2lfh$2ltj3$5@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Mar 2024 22:06:31 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2857507"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+5r6/HETvowY+4fP3j53bOjkMYuoN9L3M="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:h67g7cMFTN3jIK6rP6KYfHRsEyk=
Content-Language: en-US
In-Reply-To: <us2lfh$2ltj3$5@dont-email.me>
 by: Chris M. Thomasson - Sun, 3 Mar 2024 22:06 UTC

On 3/3/2024 12:10 PM, Lawrence D'Oliveiro wrote:
> On Sun, 3 Mar 2024 12:01:57 +0100, David Brown wrote:
>
>> It is not languages like C and C++ that are "unsafe".
>
> Some empirical evidence from Google
> <https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html>
> shows a reduction in memory-safety errors in switching from C/C++ to Rust.

Sure. Putting corks on the forks reduces the chance of eye injuries.
Fwiw, a YouTube link to a scene in the movie Dirty Rotten Scoundrels:
Funny to me:

https://youtu.be/eF8QAeQm3ZM?t=332

Putting the cork on the fork is akin to saying nobody should be using C
and/or C++ in this "modern" age? :^)

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<pan$34b38$e07da3d7$ec6829a6$737b9404@invalid.invalid>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3198&group=comp.lang.c%2B%2B#3198

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!bluemanedhawk.eternal-september.org!.POSTED!not-for-mail
From: bluemane...@invalid.invalid (Blue-Maned_Hawk)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 22:11:14 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <pan$34b38$e07da3d7$ec6829a6$737b9404@invalid.invalid>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
<us0qs9$2adp7$2@dont-email.me>
<pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>
<us2lh2$2ltj3$6@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 22:11:14 -0000 (UTC)
Injection-Info: bluemanedhawk.eternal-september.org; posting-host="8fc3359f876d939f003426d125c51518";
logging-data="2870731"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+4CLcx9kbOAkEmwqI9HDqct8osU79X8iM="
User-Agent: Pan/0.154 (Izium; 517acf4)
Cancel-Lock: sha1:fVGsku5lbEv1TCMhRK6iiND1oQ4=
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACh0lEQVRYw71Z21bD
MAzzevbfkr4cHjrSXJyL044+MDa6WLEl2SkvkrZ1AbAvXO+bUGSCPYnsuIVGMpm
ZLnjX718GhAKNsp8lON2F9VrhELwIgJlBepkZjA78rVK+FkmNhEJK76UsJlz8+E
rJsjrpYouhLo/SC6qPHgakFOR8wV9+8rCfO/I/oVnmUZUp42/LW2XkLj9TCFNM9
jp5g2EmHZgpYZjCOkYU7sXVogRylJqpdggoFLG1g09Flah/7kErCxzR9HgXPYsq
0glb9cxjIz2Vsk9AmAoCSxECpD713joMKjQqLAtmMqJmXjdVvlMnMQCVITotJd1
z+fh1f1NNo+vuc1KnhWUmY7t03vydTud9BbXCtN3L2PL3bK7JCNG0GHzuZxafyB
fxevCxpm1vrwZltqw6SILCcdoCE6PGQC8wZWDA9Or7Qp5s3lAZezys0nDazs9S9
R0TjwEiksRxLkNPC1NMMWPs1bj0Ei0Yuo+JVtFLuzP1NRJ16qXWN8DhhtmS4PDg
O6mqRxs4bEJrYt087mSIow/1VzW2oFlMQuiuIy/KsUagvhdw6hSjJGlIavbLF8x
j3X47bccLcUSi0dkWh1nUZNhANT1tHKUXrNxNLbd9KPb9wDDVrKwmPQMOPQ1oy6
k5I1DwzDeRJd3jVIhDAUxq3ngzJG4CCkNXZxZVMcjefoK2J0gUY2S3rxz/RuTFx
2zHd9U+obimJXMG4edsk/2j5pTU5G1MmzbRLxkfq5EiT1GGsidvMGzi+1goGb2l
GCrN+nGnV8xj3q3JLRDVPL96vUc7Z4aJ3TN1mVqWAMJMfG+Jxh6TQqP+92iZkCU
xtglds1AB6r0aiSHKcnFck+p/c/0CbacFLQcajGcAAAAASUVORK5CYII=
X-Face: LlanfairÂÂÂÂÂÂÂ
­pwllgwyngyllÂÂÂÂÂÃ
‚Â
? ?gogery­chwy
rn
­drobwllÃ
ƒƒƒ‚­llanÂ
? ?ƒƒƒƒ‚­tysilioÂÃ
? ?ƒ‚­gogoÂÂÃ
ƒƒ‚­goch
 by: Blue-Maned_Hawk - Sun, 3 Mar 2024 22:11 UTC

Lawrence D'Oliveiro wrote:

> On Sun, 3 Mar 2024 08:54:36 -0000 (UTC), Blue-Maned_Hawk wrote:
>
>> Lawrence D'Oliveiro wrote:
>>
>>> Nowadays, POSIX (and *nix generally) is undergoing a resurgence
>>> because of Linux and Open Source. Developers are discovering that the
>>> Linux ecosystem offers a much more productive development environment
>>> for a code-sharing, code-reusing, Web-centric world than anything
>>> Microsoft can offer.
>>
>> I do not want to live in a web-centric world.
>
> You already do.

That does not change the veracity of my statement.

--
Blue-Maned_Hawk│shortens to
Hawk│/
blu.mɛin.dÊ°ak/
│he/him/his/himself/Mr.
blue-maned_hawk.srht.site
Every time!

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<pan$4fc39$61bdfbef$3ca9a71a$af842694@invalid.invalid>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3199&group=comp.lang.c%2B%2B#3199

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!bluemanedhawk.eternal-september.org!.POSTED!not-for-mail
From: bluemane...@invalid.invalid (Blue-Maned_Hawk)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 22:14:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <pan$4fc39$61bdfbef$3ca9a71a$af842694@invalid.invalid>
References: <us0brl$246bf$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 22:14:31 -0000 (UTC)
Injection-Info: bluemanedhawk.eternal-september.org; posting-host="8fc3359f876d939f003426d125c51518";
logging-data="2870731"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19OnLBUaA3HiQSg6uNCFuh87eT1e+SNyNE="
User-Agent: Pan/0.154 (Izium; 517acf4)
Cancel-Lock: sha1:pjJDUnNK7zIfUQYJ1s77zVcTtQ8=
X-Face: LlanfairÂÂÂÂÂÂÂ
­pwllgwyngyllÂÂÂÂÂÃ
‚Â
? ?gogery­chwy
rn
­drobwllÃ
ƒƒƒ‚­llanÂ
? ?ƒƒƒƒ‚­tysilioÂÃ
? ?ƒ‚­gogoÂÂÃ
ƒƒ‚­goch
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACh0lEQVRYw71Z21bD
MAzzevbfkr4cHjrSXJyL044+MDa6WLEl2SkvkrZ1AbAvXO+bUGSCPYnsuIVGMpm
ZLnjX718GhAKNsp8lON2F9VrhELwIgJlBepkZjA78rVK+FkmNhEJK76UsJlz8+E
rJsjrpYouhLo/SC6qPHgakFOR8wV9+8rCfO/I/oVnmUZUp42/LW2XkLj9TCFNM9
jp5g2EmHZgpYZjCOkYU7sXVogRylJqpdggoFLG1g09Flah/7kErCxzR9HgXPYsq
0glb9cxjIz2Vsk9AmAoCSxECpD713joMKjQqLAtmMqJmXjdVvlMnMQCVITotJd1
z+fh1f1NNo+vuc1KnhWUmY7t03vydTud9BbXCtN3L2PL3bK7JCNG0GHzuZxafyB
fxevCxpm1vrwZltqw6SILCcdoCE6PGQC8wZWDA9Or7Qp5s3lAZezys0nDazs9S9
R0TjwEiksRxLkNPC1NMMWPs1bj0Ei0Yuo+JVtFLuzP1NRJ16qXWN8DhhtmS4PDg
O6mqRxs4bEJrYt087mSIow/1VzW2oFlMQuiuIy/KsUagvhdw6hSjJGlIavbLF8x
j3X47bccLcUSi0dkWh1nUZNhANT1tHKUXrNxNLbd9KPb9wDDVrKwmPQMOPQ1oy6
k5I1DwzDeRJd3jVIhDAUxq3ngzJG4CCkNXZxZVMcjefoK2J0gUY2S3rxz/RuTFx
2zHd9U+obimJXMG4edsk/2j5pTU5G1MmzbRLxkfq5EiT1GGsidvMGzi+1goGb2l
GCrN+nGnV8xj3q3JLRDVPL96vUc7Z4aJ3TN1mVqWAMJMfG+Jxh6TQqP+92iZkCU
xtglds1AB6r0aiSHKcnFck+p/c/0CbacFLQcajGcAAAAASUVORK5CYII=
 by: Blue-Maned_Hawk - Sun, 3 Mar 2024 22:14 UTC

Frankly, i think we should all be programming in macros over assembly
anyway.

--
Blue-Maned_Hawk│shortens to
Hawk│/
blu.mɛin.dÊ°ak/
│he/him/his/himself/Mr.
blue-maned_hawk.srht.site
You have a disease!

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us2spc$2niko$2@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3200&group=comp.lang.c%2B%2B#3200

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m....@gmail.com (Chris M. Thomasson)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 14:15:09 -0800
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <us2spc$2niko$2@dont-email.me>
References: <us0brl$246bf$1@dont-email.me>
<pan$4fc39$61bdfbef$3ca9a71a$af842694@invalid.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 3 Mar 2024 22:15:09 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94e9d5597f4e0fa95e2b2f85a560c55a";
logging-data="2869912"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/loaR8qRSnDz7foKQrFEXvy7Sqr4hYZXU="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:W+lmB0cppd61qPqsIOe6Xc1U96Q=
In-Reply-To: <pan$4fc39$61bdfbef$3ca9a71a$af842694@invalid.invalid>
Content-Language: en-US
 by: Chris M. Thomasson - Sun, 3 Mar 2024 22:15 UTC

On 3/3/2024 2:14 PM, Blue-Maned_Hawk wrote:
> Frankly, i think we should all be programming in macros over assembly
> anyway.
>
>
>

lol! :^D

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us311p$2of1i$2@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3201&group=comp.lang.c%2B%2B#3201

  copy link   Newsgroups: comp.lang.c comp.lang.c++
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c,comp.lang.c++
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 23:27:54 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <us311p$2of1i$2@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us0m5r$25tj3$1@dont-email.me>
<us0qs9$2adp7$2@dont-email.me>
<pan$65c41$a9839f31$d08c6b33$ea3463ce@invalid.invalid>
<us2lh2$2ltj3$6@dont-email.me>
<pan$34b38$e07da3d7$ec6829a6$737b9404@invalid.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 23:27:54 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ebd4c9541601cb1e1312dcde6a0cb96a";
logging-data="2898994"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/gsEIh627YLfDZpj7joS0E"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:rOAD7EI1ro7A0V+OTJ8hQLNWTdY=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 23:27 UTC

On Sun, 3 Mar 2024 22:11:14 -0000 (UTC), Blue-Maned_Hawk wrote:

> Lawrence D'Oliveiro wrote:
>
>> On Sun, 3 Mar 2024 08:54:36 -0000 (UTC), Blue-Maned_Hawk wrote:
>>
>>> I do not want to live in a web-centric world.
>>
>> You already do.
>
> That does not change the veracity of my statement.

That doesn’t change the veracity of mine.

Re: "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

<us3155$2of1i$3@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=3202&group=comp.lang.c%2B%2B#3202

  copy link   Newsgroups: comp.lang.c++ comp.lang.c
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo...@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.lang.c++,comp.lang.c
Subject: Re: "White House to Developers: Using C or C++ Invites Cybersecurity
Risks"
Date: Sun, 3 Mar 2024 23:29:42 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <us3155$2of1i$3@dont-email.me>
References: <us0brl$246bf$1@dont-email.me> <us1lb5$2f4n4$1@dont-email.me>
<us2lfh$2ltj3$5@dont-email.me> <us2s96$2n6h3$6@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 3 Mar 2024 23:29:42 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ebd4c9541601cb1e1312dcde6a0cb96a";
logging-data="2898994"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19I+4yJIdLaIwrZ9XSlwp5u"
User-Agent: Pan/0.155 (Kherson; fc5a80b8)
Cancel-Lock: sha1:7nMi4TdpZ3hEoX0KU9K1JjKGOHQ=
 by: Lawrence D'Oliv - Sun, 3 Mar 2024 23:29 UTC

On Sun, 3 Mar 2024 14:06:31 -0800, Chris M. Thomasson wrote:

> On 3/3/2024 12:10 PM, Lawrence D'Oliveiro wrote:
>
>> On Sun, 3 Mar 2024 12:01:57 +0100, David Brown wrote:
>>
>>> It is not languages like C and C++ that are "unsafe".
>>
>> Some empirical evidence from Google
>> <https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html>
>> shows a reduction in memory-safety errors in switching from C/C++ to
>> Rust.
>
> Sure. Putting corks on the forks reduces the chance of eye injuries.

Except this is Google, and they’re doing it in real-world production
code, namely Android. And showing some positive benefits from doing
so, without impairing the functionality of Android in any way.

Not like “putting corks on the forks”, whatever that might be about
....


devel / comp.lang.c++ / "White House to Developers: Using C or C++ Invites Cybersecurity Risks"

Pages:1234567
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor