Conversation

Notices

1. Embed this notice
   ThePhD (thephd@pony.social)'s status on Saturday, 20-Jul-2024 23:03:05 JST ThePhD

   Finally, a global computer problem that's not rooted in C for a change.

   • Embed this notice
     Kit Rhett Aultman (roadriverrail@signs.codes)'s status on Saturday, 20-Jul-2024 23:03:02 JST Kit Rhett Aultman

     in reply to

     @thephd As a cranky aging C hacker, I do mostly agree with this and I've been slowly working through writing a Rust kernel for RISC-V to get used to Rust more and more. And I do think the time is coming. There are lots of things I'd now write in either Rust or Go. Linguistically, this is the way forward.

     There are still some things I wish Rust would focus more on. IIRC, the ABI is still not in a state where you can distribute a dynamic library and trust it'll link every time.

   • Embed this notice
     ThePhD (thephd@pony.social)'s status on Saturday, 20-Jul-2024 23:03:03 JST ThePhD

     in reply to

     LEt'S GO BAYBEEEE IT'S A LOGIC ERROR IT COULD PROBABLY HAPPEN IN EVERY LANGUAGE THE COPIUM CAN OFFICIALLY CONTINUE THAT C AND C++ ARE FINE!

     https://www.crowdstrike.com/blog/technical-details-on-todays-outage/

   • Embed this notice
     ThePhD (thephd@pony.social)'s status on Saturday, 20-Jul-2024 23:03:03 JST ThePhD

     in reply to

     A lot of people think I'm being sarcastic here, which is fair because I only went toe-to-toe against people on Twitter and didn't do much here, so I'll state my full opinion below anyhow:

     I would agree with anyone about not wanting to replace C (or C++). But, C has been alive for 50 years (or just 35 from C89) and Rust has been alive for just barely under 10 (since Rust 1.0). Even if you measure the last 10 years of Rust versus the last 10 years of C or C++, one of these languages is making leaps and bounds ahead in providing people better primitives to do good work.

     SafeInt secured pretty much all of Microsoft Office from some of the hardest bugs back in, around, 2005. C++ still lacks safe integer primitives; C only just got 3 functions to do overflow-checked math in C23, after David Svoboda campaigned for years. Rust just... has them baked into the standard library, for all the types you care about, too.

     Similarly, people have been having memory issues in C and C++ for a while too. Most of the way to get better has been clamping down on static analysis and doing more testing, but we're still getting these errors. Meanwhile, teams writing Rust have been making way less errors on this in all the openly-published data from corporations like Google, and privately we are hearing a lot more about people taking complex financial and parsing code and turning it into Rust and having a fraction of the issues.

     Even if I want to see C doing better, I have to acknowledge we were (a) too slow and not brave enough to do the things that could fix these portions of the language; (b) have fundamental design issues in the language itself that make ownership impossible to integrate as part of the language without breaking a ton of code; (c) do not provide good in-language tools and keep depending on vendors to "do the right thing" (i.e. adding or expanding U.B. and then just saying "vendors will check it" rather than taking responsibility with our language design); (d) are moving monumentally too slow to address the needs of the industry that many people -- especially security people -- have been yelling about since the mid 90s.

     As much as I just want to pretend that I can write off every developer with "haha lole skill issue test better sanitize better IDIOT", if the root cause on this bug is "there was some C and/or C++ code that looked nominally correct but did batshit insanity in production", we absolutely will have problems to answer for. This doesn't absolve CrowdStrike for cutting 100s of workers and playing fast and loose, this doesn't excuse the fact that hospitals went down and people likely dead from lack of access to care, this doesn't change that it's abhorrent to have unmitigated hardware access in Ring0 just for a "security product", which has been the trend of every app wanting to plug in its own RootKit-like tool just for the sake of "app security" lately (League, NProtect, School Exam Spyware, etc.). There's a LOT of levels of "what the fuck have we let happen?" in play here, but I don't control those other levels.

     I'm responsible for C, so I'm gonna look at the C bit. Other people responsible for the other parts of this stack should, hopefully, take sincere responsibility for those parts. (I doubt it, though, lmao.)

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     ThePhD (thephd@pony.social)'s status on Saturday, 20-Jul-2024 23:03:04 JST ThePhD

     in reply to

     I'm chillin' baybeee.

   • Embed this notice
     ThePhD (thephd@pony.social)'s status on Saturday, 20-Jul-2024 23:03:04 JST ThePhD

     in reply to

     .. No. No no, no no no no...

     Wait wait wait wait wait!!!

     https://x.com/snicoara/status/1814184181863526504

   • Embed this notice
     Børge (forteller@tutoteket.no)'s status on Sunday, 21-Jul-2024 03:37:32 JST Børge

     in reply to

     • Patricia Aas

     @thephd I have no idea what any of this means, but I feel like maybe @Patricia might be interested, so I'm tagging her :)

   • Embed this notice
     John de Largentaye (jlargentaye@mas.to)'s status on Friday, 02-Aug-2024 11:10:53 JST John de Largentaye

     in reply to

     • Kit Rhett Aultman

     @roadriverrail @thephd unfortunately, i don’t expect we’ll see a Rust ABI anytime soon.

     Here’s a superb article explaining the work Swift (Apple) invested into implementing features to make an ABI *possible*

     https://faultlore.com/blah/swift-abi/

     I just don’t see Rust having either the use-case or sponsorship to implement anything similar.

     (maybe Microsoft if they fully commit? I won’t bet on it)

   • Embed this notice
     Kit Rhett Aultman (roadriverrail@signs.codes)'s status on Friday, 02-Aug-2024 11:10:53 JST Kit Rhett Aultman

     in reply to

     • John de Largentaye

     @jlargentaye @thephd This was a hell of a read, and I'm going to have to reread it soon after having metabolized my first reading.

     This really contextualized to me the cavalier attitudes about ABI stability I'd encountered. I'd just attributed it to a "move fast break things make language features" mentality. And it's...kinda fine, but it feels like there's a lot I can't "rewrite in Rust" if I'm limited to static linking. I guess the support of a C ABI is a kind of compromise for now.

   • Embed this notice
     Kit Rhett Aultman (roadriverrail@signs.codes)'s status on Tuesday, 03-Sep-2024 13:55:22 JST Kit Rhett Aultman

     in reply to

     • Botahamec

     @botahamec @thephd I mean, yes you can get durable dynamic linkage on any functions you declare C linkage for, but that's really not the point.

   • Embed this notice
     Botahamec (botahamec@mas.to)'s status on Tuesday, 03-Sep-2024 13:55:23 JST Botahamec

     in reply to

     • Kit Rhett Aultman

     @roadriverrail @thephd C is the ABI