Conversation

Replying to

and

Sure, danger of sharp knife/memory-unsafe code decreases as code base matures, but... Google's Chrome team aren't there yet twitter.com/newsycombinato Neither is SSH twitter.com/TheHackersNews Even when safeguards catch problems, it's easy to mess up the fix

Quote Tweet

Tavis Ormandy

@taviso

Mar 27, 2019

This was interesting, a minor bug report from a fuzzer was fixed incorrectly leading to a far more serious bug that the fuzzer never found. I don't know what the lesson is, but ¯\_(ツ)_/¯ /cc @hanno twitter.com/ProjectZeroBug…

Replying to

There will always be bugs in software and hardware. This being said, our civilization is litterally built on C/C++ systems (Linux, Windows, Databases, iOS, Android) from people who deal with very sharp knives. Much of our crypto infrastructure is written in assembly.

Replying to

That infrastructure will always collapse and that much of it is old is no excuse for not following modern construction norms, question is if SW can self-regulate or regulators need to step in. Some low-level primitives will always exist, asm in crypto to prevent timing attacks...

Replying to

I would love for something like Swift/Rust to replace C/C++ in system engineering but, for the time being, our software stack needs C/C++. And don't sell C/C++ short: we have amazing tools to alleviate their failings. cc

Replying to

Assuming one language does take the throne from C/C++, even the ultimate winner may have a significantly smaller niche than C/C++ ever had - for a large part of their life they were used as general purpose languages rather than just "system" or "perf matters" languages.

Replying to

yes and this is a good thing

Replying to

Agreed. Hopefully we'll be left with a systems language focused on system stuff. My bet is on Rust or a future entrant. Swift is an Apple thing and Apple things usually stay Apple things. Of course, if Apple takes over the world, we'll all be writing OSes in Swift I guess.

Replying to

it has to be Rust or something new, unless I'm wrong about Swift or unless Swift evolves quite a bit

Replying to

Swift has all the best engineers. :-)

Replying to

Rust has some great engineers and researchers working on it too. It's the first mainstream usage of region types, and lots of innovation / research has had to happen to make that work well. Cyclone laid some of the earlier groundwork for it too. I'm sure others will build on it.

Replying to

Whether or not Rust displaces C substantially, it making these features usable enough to have widespread adoption makes it very successful. It's still pushing the boundaries of the region typing model, including very nice libraries designed around it, safe data parallelism, etc.

8:33 PM · Mar 28, 2019Twitter Web Client

Replying to

Yes, Rust is also way ahead of Swift market-validation for systems-level stuff with examples like Dropbox's file system, AWS's Firecracker virtualization tech, Fastly's new WASM runtime and the Redox OS

Replying to

C is irreplaceable. Even more than C++. (These are two very different language.) The portability of C is unbeaten. There is a C compiler for *everything*. Rust may have the power of LLVM, but that may not be enough.

Replying to

No one is arguing C or Asm will completely go away. Just that memory-unsafety shouldn't be introduced where it doesn't add real benefit. Rust is just a continuation of the replacement of C that has already been done for most new development by garbage-collected languages.