GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 11:33:20 JST Paul Cantrell Paul Cantrell
    • Ben Cohen

    This bang-on post from @airspeedswift is not getting the attention it deserves:
    https://mastodon.social/@airspeedswift/111234020859557888

    In conversation Monday, 16-Oct-2023 11:33:20 JST from hachyderm.io permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Ben Cohen (@airspeedswift@mastodon.social)
      from Ben Cohen
      Percentages add up to 100. As segfaults and exploits due to buffer overruns or use-after-frees decrease, the proportion of bugs that come down to logic errors will increase. If the way you achieved memory safety (or performance) means your code is so ceremony-heavy that it starts to impact correctness, because you can't so easily see what it is actually trying to _do_, this is unfortunate. Think about this now, not once we get there.
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:09:21 JST Paul Cantrell Paul Cantrell
      in reply to
      • chris martens
      • Ben Cohen

      @chrisamaphone @airspeedswift
      Yes, in C/C++, which still accounts for a •substantial• portion of new code written, and of code in production, and of critical vulnerabilities.

      The C++ world in particular has been in turmoil in recent years over the battle between “just don’t write bugs” vs “mitigate with better tooling” vs “C/C++ are the cigarettes of p-langs.” This in particularly set the cat amongst the pigeons:

      https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF

      In conversation Monday, 16-Oct-2023 12:09:21 JST permalink
    • Embed this notice
      chris martens (chrisamaphone@hci.social)'s status on Monday, 16-Oct-2023 12:09:22 JST chris martens chris martens
      in reply to
      • Ben Cohen

      @inthehands @airspeedswift … i feel like i’m missing some context. memory safety is generally taken as a given in most contexts, except where fine grained control is considered necessary, so where are folks arguing about this? rust vs c or something?

      In conversation Monday, 16-Oct-2023 12:09:22 JST permalink
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:11:21 JST Paul Cantrell Paul Cantrell
      in reply to
      • chris martens
      • Ben Cohen

      @chrisamaphone @airspeedswift
      I think it’s hard for those of us who haven’t done serious work in C or C++ for ages (~25 years in my case), or who never have at all, to appreciate just what a large portion of the greater software development world those few remaining memory-unsafe languages still occupy.

      In conversation Monday, 16-Oct-2023 12:11:21 JST permalink
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:12:24 JST Paul Cantrell Paul Cantrell
      in reply to
      • autism :verified:

      @jeff
      Yeah, no, sorry. This is wildly, fantastically, pants-on-head incorrect. You have a whole new set of very •different• problems.

      In conversation Monday, 16-Oct-2023 12:12:24 JST permalink
    • Embed this notice
      autism :verified: (jeff@misinformation.wikileaks2.org)'s status on Monday, 16-Oct-2023 12:12:25 JST autism :verified: autism :verified:
      in reply to
      • chris martens
      • Ben Cohen
      @inthehands @chrisamaphone @airspeedswift you have the same problems in "safe" languages like rust, they just lie about it.
      In conversation Monday, 16-Oct-2023 12:12:25 JST permalink
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:14:33 JST Paul Cantrell Paul Cantrell
      in reply to
      • autism :verified:

      @jeff You’re wrong. There’s even a study.
      https://dl.acm.org/doi/10.1145/3466642

      In conversation Monday, 16-Oct-2023 12:14:33 JST permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: dl.acm.org
        Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs | ACM Transactions on Software Engineering and Methodology
        from LyuMichael R.
        Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the ...
    • Embed this notice
      autism :verified: (jeff@misinformation.wikileaks2.org)'s status on Monday, 16-Oct-2023 12:14:34 JST autism :verified: autism :verified:
      in reply to
      @inthehands go look at the CVEs for the rust stdlib in the last 2 years and tell me i'm wrong.
      In conversation Monday, 16-Oct-2023 12:14:34 JST permalink
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:42:36 JST Paul Cantrell Paul Cantrell
      in reply to
      • chris martens

      @chrisamaphone No apology needed, and I hadn’t read any such implication in what you said! Happy I could help shed light.

      In conversation Monday, 16-Oct-2023 12:42:36 JST permalink
    • Embed this notice
      chris martens (chrisamaphone@hci.social)'s status on Monday, 16-Oct-2023 12:42:37 JST chris martens chris martens
      in reply to
      • Ben Cohen

      @inthehands @airspeedswift sure, i completely acknowledge that it isn’t a world i’m privy to, hence asking for the context i was missing. i didn’t mean to imply “cases in which finer-grained control is necessary” was a small proportion of cases (though i likely would have underestimated them). that this is an ongoing conversation in the c++ community was i think the key info i was missing. thanks for explaining!

      In conversation Monday, 16-Oct-2023 12:42:37 JST permalink
    • Embed this notice
      Paul Cantrell (inthehands@hachyderm.io)'s status on Monday, 16-Oct-2023 12:44:25 JST Paul Cantrell Paul Cantrell
      in reply to
      • Zorro Notorious MEB 😡

      @AlgoCompSynth
      The irony is something like generating audio on a Pi is totally something a memory-safe lang could do. Opening the door to memory errors for no reason!

      In conversation Monday, 16-Oct-2023 12:44:25 JST permalink
    • Embed this notice
      Zorro Notorious MEB 😡 (algocompsynth@ravenation.club)'s status on Monday, 16-Oct-2023 12:44:29 JST Zorro Notorious MEB 😡 Zorro Notorious MEB 😡
      in reply to

      @inthehands Case in point for the latter - the Raspberry Pi Pico examples for generating audio via PWM or an I2S DAC.

      In conversation Monday, 16-Oct-2023 12:44:29 JST permalink
    • Embed this notice
      Zorro Notorious MEB 😡 (algocompsynth@ravenation.club)'s status on Monday, 16-Oct-2023 12:44:30 JST Zorro Notorious MEB 😡 Zorro Notorious MEB 😡
      in reply to

      @inthehands Oh, we appreciate it, but it falls into the class of accepting the things we cannot change.

      I've never had to learn C or C++ and now I have no desire to either. And I am coming to the conclusion that a project whose only documentation is C source code is a waste of my time.

      In conversation Monday, 16-Oct-2023 12:44:30 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.