[Info-vax] Rust as a HS language, was: Re: Quiet?

Arne Vajhøj arne at vajhoej.dk
Wed Apr 6 15:23:40 EDT 2022 

On 4/6/2022 2:18 PM, Simon Clubley wrote:
> My point is that this all-new all-singing programming language that
> will save us all (according to its creators) is released with all
> these new and unique features that make Rust better than anything
> else out there for security (also according to its creators).
> 
> People then start using this language to create libraries and manage
> to still write code that compromises these new safety features, hence
> making the library unsafe, but unsafe in a way that is unique to Rust
> because it manages to violate the guarantees that the language says
> it gives you.

Total BS.

Rust provide exactly what it says it provides.

There are different levels of guarantees for normal Rust code
and Rust code marked unsafe.

As far as I know then Rust meet those guarantees.

If you know otherwise then file a bug report.

Rust could not be used for what it is used for without the unsafe
option.

Having a risk in 1% of the code (clearly marked as such) is way better
than having the risk in 100% of the code.

> And before you say it, I know Rust is not unique in this and that is
> exactly the point. Just as you have to do when writing code in other
> programming languages, you still have to know what you are doing when
> writing Rust code or you can still write code that has security issues
> within it.

Obviously. No language can prevent all programming errors.

> And my attitude-free serious point is this: Rust brings some new ideas
> to the table and they are ideas that are worth exploring. But at the
> end of the day, it's just another tool with some more features built in
> that can help you write more secure code and make it harder for you
> to screw up.

Yes. That is sort of the whole point in the evolution of programming
languages.

> Unfortunately, listening to people pushing the general Rust hype, they
> would have you believe that Rust is some super-language that will instantly
> solve all your security problems, even in code written by novices, if you
> just start writing code in it and manage to get your code to compile.

I don't think I have ever met someone like that.

Example?

> That's not true and it's not true for any language that we have created.
> It's just that there are some languages out there that make it a _lot_
> harder to screw up in than in other languages and for which you can write
> much safer (NOTE: much safer, _not_ safe) code more easily.
> 
> But you can still screw up even in those languages if you try hard enough
> and if you don't really know what you are doing and that applies to all
> languages we have ever created including both Ada and Rust.

Yes.

Arne

More information about the Info-vax mailing list