Thanks, lol. I hope they realize soon that Rust is not forced to be used. Also the US government didn’t even talk about Rust only, but memory safe languages and listed Rust as an example.

There’s no such thing as a language that’s advantages outweigh the security risks of rushed development to convert decades of tested code.

Who said or suggested that anyway? Other than bringing this up now. Who says to convert decades of tested code to rushed code of new language?? Do people read the stuff before they reply?

Google is using Rust more and more in Android, Chromium. So its in Googles direct interest to have a better interoperability between Rust and C++. https://www.theregister.com/2024/03/31/rust_google_c/ and https://www.techradar.com/pro/google-hails-move-to-rust-for-huge-drop-in-memory-vulnerabilities are articles talking why Google likes using Rust.

with a generous $1M contribution from Google

1M only? Google pays 500M (half a billion Dollar) to their rival Mozilla Firefox. Each year. I don’t want to make this a Mozilla thread, just want to say they could have done more than just a million Dollar for Rust. Given that Google uses Rust as well.

But there is context to it:

The report on Product Security Bad Practices warns software manufacturers about developing “new product lines for use in **service of critical infrastructure or [national critical functions] **NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.”

It’s for new products that are very important to critical infrastructure and need to be safe as possible. The article writer seem not to be aware of this context:

Take Rust in Linux, for example. Even with support from Linux’s creator, Linus Torvalds, Rust is moving into Linux at a snail’s pace.

Because Linux is the biggest software in the entire world and they do lot of stuff their own way. Rust is integrated slowly for future new projects. It makes sense to move in snail pace. The government doesn’t suggest the Linux project to stop using C entirely. The government “recommends” to start new projects in memory safe languages, if it is a critical software. That makes sense to me.

You see, people who’ve spent years and sometimes decades mastering C don’t want to master the very different Rust. They don’t see the point.

No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

After all, they can write memory-safe code in C, so why can’t you?

Nonsense argument, and false too. If that was the case, why do we have memory safe languages? Clearly people make mistake, old and new. Besides Linux is not the only software in the world.

Converting existing large codebases to memory-safe languages can be an enormous undertaking.

Nobody says old code should be rewritten in Rust. Neither the government, nor the Rust programmers in Linux suggest that. It’s not about rewriting code in memory-safe languages, its about new projects.

Either this article is a misrepresentation or misunderstanding. Or I misunderstand the article or government. I don’t know anymore…

C++ innovates often first and adapts it into mainstream. And its kind of a swiss-army knife. You don’t need to use and learn everything, just pick what you need. Unless you need to get into an old existing code base…

Just an idea: The language could be divided into multiple standard levels, where each level has more features and functionality. It would be essentially a “restricted”, “standard” and “full” version of the language, where full is basically what it is now and the others are constrained versions with less functionality (no multiple inheritance and what not rules). But at this point, if you don’t use the language in its full, why bother with it at all? Just thinking a bit…

Rust: The Phantom Menace

deleted by creator

I knew it! I always had this gut feeling that a byte has 8 bits. /s

If the domain .io ever gets unusable, then all it needs for Rust / creates.io is to change the respository setting in the configuration of your project to point to new location. Maybe this could be done automatically through an update of Rust tools. It will probably cause headache for automated build systems and for newcomers, but overall its not as bad of an issue as it looks like, I think.

But I agree on that it wasn’t a good idea to use .io and .rs as their backbone. It should have been .com or .org in example, where you know wouldn’t go away ever. Not a fan of country level domains for important projects.

I just found nvim-ufo - “The goal of nvim-ufo is to make Neovim’s fold look modern and keep high performance.”

I don’t think folding code parts is a default feature that everyone needs. Vim has folding already and I never use it. To me it is kind of pointless. If the code is messy, then you probably should split it up into several files. There is also a better way to me, through listing jump points on the side (such as function definitions). But its good to have extensions to provide that functionality if you rely on.

The second option is clearly superior

No, the first option is clearly superior. I don’t like collapsed code, its hiding stuff and doesn’t help in anything to me. Its better to see the entire context. The same list of function definitions can be displayed in a more useful jump list on the side (in my opinion).

But maybe its a question of implementation. I would like to see advancements in this field, to see if it is more useful than the current features we have to fold methods and functions.

According to TIOBE (note can be found if you scroll down a bit):

The programming language SQL was added to the TIOBE index in 2018 after somebody pointed out that SQL is Turing Complete. So although this language is very old, it has only a short history in the index.

I read further and there is some clarification if you scroll down to “Very Long Term History”. Visual Basic and (Visual) Basic are two entries, where Visual Basic refers to “Visual Basic .NET” since 2014. And (Visual) Basic from the 90s to 2014 is a collection of all Basic dialects, which includes Visual Basic .NET. Color me impressed how to confuse people.

There is a difference between “Visual Basic” and “(Visual) Basic” in the table above. Until 2010, “(Visual) Basic” referred to all possible dialects of Basic, including Visual Basic. After some discussion, it has been decided to split “(Visual) Basic” into all its dialects such as Visual Basic .NET, Classic Visual Basic, PureBasic, and Small Basic, just to name a few. Since Visual Basic .NET has become the major implementation of Visual Basic, it is now called “Visual Basic”.

I can’t take https://www.tiobe.com/tiobe-index/ seriously: Visual Basic on place 7 of most popular programming languages right after JavaScript? More popular than Go, Rust, PHP and SQL? Haskell is more popular than TypeScript (scroll down to see other places)? TIOBE isn’t a good metric, as they only check a few websites and a few engineers:

The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. Popular web sites Google, Amazon, Wikipedia, Bing and more than 20 others are used to calculate the ratings.

Once a developer starts charging for his product, the code is no longer open-source–it’s proprietary, which falls under completely different licensing rules.

This is wrong. Open Source does not mean its free of charge. You can copy and fork the code and do whatever you want with it (including selling). And the developer has the right so sell the product too. This does not mean its proprietary, if the license and the code is Open Source.

Because people think Open Source means free of charge, is the problem why the Open Source developers have a hard time to make money and a living.

“Torvalds complains” makes people click.

Suggestion: A new file extension .pyt to indicate its threaded code meant for the free-threaded mode enabled (no GIL). The current implementation is that there is a secondary binary python3.13t, because its not compatible with regular Python interpreter.

global interpreter lock disabled + JIT Compiler = Python becomes self conscious

I’m super curious. This was long in the making and finally people can test it. I still have to read the details, so I’ll spare you with my questions at the moment. I wonder if these will become the default in the future and how it compares against compiled languages. Hopefully it doesn’t take too long for Arch to upgrade.

Then why do you bring that up, after the argumentation that people did not want to learn? Look I try to be constructive. There are people who do not want to learn, but saying that all security issues is to attribute to that is wrong. Lot of the best engineers and programmers do their best, long time experts and groups, who still make mistakes.

What i"m saying is, that your example is not applicable in this discussion, because you are not writing systems programming for operating systems (such as Android or Windows or Linux), which are used by millions of people and ton of hackers try to find vulnerabilities. The best programmers in C and C++ make these mistakes that Rust would prevent (or make it much easier to find and eliminate).

That’s the point. It’s not about these experts not wanting to learn or not caring. We are not talking about the typical programmer for a website for company x or a fake game programmer for Android.