From nobody Sat Sep 07 19:11:45 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X1N4j0nWtz5WMQk for ; Sat, 07 Sep 2024 19:11:49 +0000 (UTC) (envelope-from paulf2718@gmail.com) Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X1N4h3SwZz4kcW for ; Sat, 7 Sep 2024 19:11:48 +0000 (UTC) (envelope-from paulf2718@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=alxmlxTB; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of paulf2718@gmail.com designates 2a00:1450:4864:20::32f as permitted sender) smtp.mailfrom=paulf2718@gmail.com Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-42c7bc97423so33770025e9.0 for ; Sat, 07 Sep 2024 12:11:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725736307; x=1726341107; darn=freebsd.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=xP8mApGyJNXoz+d22/x7e74AaoYDILB7O6UvON02HmU=; b=alxmlxTB7Dv8N5EuvhPLrIhls95H+uxsSoNidRhzmMjCrpWE85m8228/fDTBFYMcVY xI23pswBqGaMgFnXgUc5HKQ6Qfc2HQqVJolmSvro0Pz3ME/aAGSb/81OV5kWpgaB8BQH xiwxILHsqmd7fe9hh268VgLp1cN9soO98o9GaxMkIaSkEQGyM39WZrSQXwIJzs8aQBUA N9rs0RL96A3XNYl7mI7ZR+Ilj4gdwLLOnyuVetmcCBOkRUYc4dbDdQPTSAP9CCXVeKi3 azAvPFZf7EA37Ge5wr2yeaaUgP0lg8fK5o/AnxIzFMp3kTjdIa6Hzw/0iKwD3mJHs6WP cTRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725736307; x=1726341107; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xP8mApGyJNXoz+d22/x7e74AaoYDILB7O6UvON02HmU=; b=pLq5C/H9gDBdnEDAZxlFrCR4zis5cY1d7R2TtuH8AWaNwu+AEX45RdIaDmxi6PbAXT NREZiE+vf462rtfKPnwUfSp38R/0UrgtBxJqhoOuwLCSvIKGdy5NDvGiwOcEB5aRcdpF FEBM4QcUukF1395MeltohNasj07Z9keDyIBX/9kAOb5vPRu8VYtH4j4+KW1K8Woe72Q5 uyw2vzyPP5w2RVuq0h8FHGPe+wIQBs+B5oJOU6dN30mlWaULx4odoSvBTnwjrTJ/PnMy dxatSzSrE5yhV7GZcGI86RH9oARKLnrGxXuAyNy1s3WdvglE9zpcIJmgbxeGnq++5Qzy 0Utg== X-Gm-Message-State: AOJu0YyWCunTleVfBavS+StD4oX6hLvQESooP2opPwtfhJZdiZOslxKP 7DqiwbExweC5btlOndtVAkXU8JzKiIBwY2liNfpmSvQUMv493Bc5rHtLcw== X-Google-Smtp-Source: AGHT+IHXlBY4BFcYhpbkOQOqOZpJd9/v5XMiW3FmU5FblckVUMvUgIm9j2dYIGe95DXyNRJh9+1Dhg== X-Received: by 2002:a05:600c:1d9f:b0:42c:b220:4769 with SMTP id 5b1f17b1804b1-42cb2204a93mr5605005e9.32.1725736306609; Sat, 07 Sep 2024 12:11:46 -0700 (PDT) Received: from ?IPV6:2a01:cb15:801f:7500:1aa9:5ff:fe16:2efb? ([2a01:cb15:801f:7500:1aa9:5ff:fe16:2efb]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42ca05c2845sm55448845e9.3.2024.09.07.12.11.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 07 Sep 2024 12:11:46 -0700 (PDT) Message-ID: <65faacbe-f165-4ed7-a018-d7ec1913a13f@gmail.com> Date: Sat, 7 Sep 2024 19:11:45 +0000 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: The Case for Rust (in any system) To: freebsd-hackers@freebsd.org References: Content-Language: en-US From: Paul Floyd In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.98 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.994]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32f:from] X-Rspamd-Queue-Id: 4X1N4h3SwZz4kcW On 05-09-24 18:09, Alan Somers wrote: > By now I expect that most of you have seen the long list of new > security advisories that just came out. Strikingly, all were the > result of memory handling errors. And none of them wouldn't have > happened if their respective programs had been written in a > memory-safe language. > [^1]: while not memory-safety bugs, Rust's lints actually make > ignoring errors like this pretty difficult. So I consider these bugs > to have been preventable. There is an analogy to be made with the motor industry. A lot of drivers (and the motor industry) resist any new safety regulations. We don't need seat belts! Speed limits are only for unskilled drivers! Manufacturers were against seat belts lest it harm sales by making people think cars are dangerous. Drivers felt them unnecessary because of their overconfidence. It's not just legislation that have improved matters. Individuals and non-profit organizations have also had a big effect. Ralph Nader's "Unsafe at any Speed" and Euro NCAP have radically improved automobile safety for the better. I think of C as being the Austin Metro of computer languages. When the Euro NCAP ratings first came out the Metro got a one star rating - the lowest of any car at the time. Sales cratered and the car was soon withdrawn from the market. There have already been several posts saying that we don't need nappies. We don't need seatbelts or airbags or ABS or any of the other safety features either? If the EU and US do regulate then it may be the thin edge of the wedge. The Euro NCAP tests have evolved to become tougher as time goes by. Legislation continues to improve. Even motorsport where speed is of the essence is heavily regulated. In Formula 1 the number of fatalities has dropped from over 1 a year in the 1950s and 1960s to less than one per decade in the 2000s and 2010s. Finally, I don't think that denial is in any way an answer. There's not going to be any silver bullet. I do think that C is unfit for purpose and should be replaced. I'm much more of a C++ expert than any other language (specifically in this thread Rust). C++'s unfortunate lack of a well defined ABI makes it difficult to use for kernel development. I do recommend it for userland though. In the past the BSDs blazed the trail with the development of UNIX features. In the future is FreeBSD going to be stuck in the C mud whilst the rest of the world moves on? A+ Paul