Too much kool-aid
Too much kool-aid
Posted Feb 13, 2025 10:15 UTC (Thu) by alx.manpages (subscriber, #145117)In reply to: Too much kool-aid by roc
Parent article: Maintainer opinions on Rust-for-Linux
I only work with single-threaded projects at the moment. That aspect is not very appealing to me at the moment.
> * The callee can be sure that it is not responsible for freeing `s`
Consistent use of the [[gnu::malloc(free)]] attribute can help with that too.
---
Look, Rust does have very good ideas. I don't claim it doesn't. But:
- You can improve your C code's safety significantly just by designing good APIs and self-limiting to a subset of the language.
- As a longer-term goal, you can probably add those Rust features to C.
In the end, a safe language is a language that prevents you from accidentally granting rights to an attacker.
You may call it luck, but I have been refactoring shadow-utils at a very high rate (including complaints by packagers that were worried that such rate of churn would introduce security vulnerabilities almost certainly) for quite a few years already. So far, I have introduced 0 remote holes in a heck of a long time (at least, for what we know). The code is now significantly safer than it was before I started. The more I refactor it, the safer I feel when doing so. You just need to follow some rules, and at least you'll have a hard time introducing a vulnerability. It's not impossible, but it's all a compromise.
I know the language so damn well that that offsets the theoretical benefits that Rust could give me. People talk their mother tongue better, even if it's significantly more complex than other languages, because they know it by heart. They say Norwegian is similar to English but simpler (and thus easier), but we speak English because we already know it. Would it be better if there was a big-bang change in the world to make Norwegian the global language? Maybe it would help learners in the long term, but we'll agree that it's not a good idea. The same holds for Rust and C, IMO.
Plus, for a setuid-root set of programs (which is what I'm mainly working on at the moment, apart from the Linux man-pages project), a logic error is as bad as a buffer overflow. If I toggle a conditional and grant root privileges to a random user in su(1), I've screwed as badly as if I would have caused the worst UB. That also diminishes the reasons for using Rust, _in my case_.
Posted Feb 14, 2025 23:33 UTC (Fri)
by mathstuf (subscriber, #69389)
[Link] (6 responses)
I hope your projects survive you moving on. Projects using arcane knowledge to hold themselves up are at risk of becoming like one of the `roff` implementations (`nroff`?): inscrutable to even the other Unix prophets so as to be left alone after the original author's untimely end[1].
[1] At least if my memory of a BSD podcast which interviewed Bryan Cantrill where it was mentioned is accurate.
Posted Feb 14, 2025 23:45 UTC (Fri)
by alx.manpages (subscriber, #145117)
[Link]
That's a valid concern. I try to educate the other co-maintainers and regular contributors on those matters. But I should be more careful on that effort, just in case.
Posted Feb 15, 2025 23:40 UTC (Sat)
by mirabilos (subscriber, #84359)
[Link] (4 responses)
J�rg Schilling (rip.) also used to maintain a fork, similarily.
Posted Feb 17, 2025 7:32 UTC (Mon)
by mathstuf (subscriber, #69389)
[Link] (3 responses)
Here's the source of my claim as well: https://www.youtube.com/watch?v=l6XQUciI-Sc&t=5315s
Posted Feb 17, 2025 21:23 UTC (Mon)
by mirabilos (subscriber, #84359)
[Link] (2 responses)
No, we’re talking about the 32V-based one.
Posted Feb 17, 2025 21:55 UTC (Mon)
by excors (subscriber, #95769)
[Link] (1 responses)
Posted Feb 17, 2025 22:42 UTC (Mon)
by mirabilos (subscriber, #84359)
[Link]
Too much kool-aid
C arcange knowledge, bus factor
Too much kool-aid
Too much kool-aid
Too much kool-aid
https://mbsd.evolvis.org/cvs.cgi/src/usr.bin/oldroff/nroff/ still shows some of the horrors.
Too much kool-aid
Too much kool-aid