[Info-vax] Rust as a HS language, was: Re: Quiet?

Fri Apr 8 15:20:35 EDT 2022

On 2022-04-07, Dan Cross <cross at spitfire.i.gajendra.net> wrote:
> In article <t2na4b$sdf$1 at dont-email.me>,
> Simon Clubley  <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>>On 2022-04-07, Dan Cross <cross at spitfire.i.gajendra.net> wrote:
>>> I wonder where you are seeing that.  Seriously.  I know and/or
>>> have worked with a number of members of the Rust community for
>>> several years (members of the core, language, and tool teams,
>>> for about 3 years), and they're quite gracious in admitting that
>>> it's not the right solution for everything.
>>
>>That's nice to hear.
>>
>>As for where I am seeing it, it's more of a combined overall impression
>>made up of gushing articles and what appears to be more like an organised
>>religious cult (:-)) showing up at the usual places online.
>>
>>For example, articles that, instead of taking a balanced approach, spend
>>the first 95% of the article saying how great and perfect Rust is, and only
>>in the last 5% (if at all) start mentioning in passing the unsafe stuff
>>"for when you really need to do that stuff".
>
> Could you perhaps provide a citation to one of these articles?
>

Interesting question. I obviously can't remember the locations of
the articles I found in the past, so I looked at a small sample of
articles returned by Google to see if I had problems with them.

Comments below.

https://dev.to/katholder/pros-and-cons-of-rust-language-313i

Obviously a gushing user type writeup with non of the serious
analysis and flaws such as unsafe code you would expect to see.

https://codilime.com/blog/why-is-rust-programming-language-so-popular/

Mentions briefly unsafe mode but doesn't make it clear that you can
invalidate _all_ the unique features and guarantees in Rust when you
use it. It makes it sound like it's some obscure thing that only affects
writing to memory like in C or C++. It also has this little gem:

|Rust's dual-mode model is one of its biggest advantages. In C++, on the
|other hand, you never know you've written unsafe code until somewhere down
|the line your software crashes or a security breach rears up.

Seriously ? In Rust unsafe mode, you have the same problem and C++ has
a number of features that allow programmers to build more robust self
checking code (although I wish, for example, [] was bounds checked and
that it wasn't delegated to .at() to enforce bounds checking. at() would
have been better as the unchecked version so you had to make a positive
decision to do that).

https://www.infoworld.com/article/3218074/what-is-rust-safe-fast-and-easy-software-development.html

Based on the complete bypassing of Rust's unique features seen in the
CVEs when running in unsafe mode, the following is either wrong or at
least misleading depending on how you look at it:

|Rust lets you live dangerously if you need to, to a point. Rust's safeties
|can be partly suspended where you need to manipulate memory directly, such
|as dereferencing a raw pointer a la C/C++. The key word is partly, because
|Rust's memory safety operations can never be completely disabled. Even
|then, you almost never have to take off the seatbelts for common use cases,
|so the end result is software that's safer by default.

Can never be fully disabled ? There are a set of CVEs that say otherwise.

BTW, in a related article at that site, the following Rust CVE was
disclosed:

https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html

Not the first time I have seen that type of mistake elsewhere. Interesting
that Rust can have the same problem and that it wasn't detected until now.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.