US Government declares the safest programming language

SO @doce3609 lol

If C gets Illegal ill invent something different than C, maybe with better tools for articulating Objects and Problems very fast.. I dont have a Name yet but because its based on C im thinking of something with a plus.

Just learn Odin.

We still have ASM superpowers. And if ASM gets disallowed too, we'll just hide ourselves inside a Rust unsafe block and do very naughty things, like using the ASM macro. :P

Lmao

that'd be fun

a lot of us 400-pound hackers are pretty good C programmers!

Lol

@@Kane0123 "C jobs built America. C powers everything. We love C here in West Virginia, folks. Not Biden. Rusty Joe they call him. They do call him that don't they? Sleepy and rusty."

"I here to use rust you have to identify as lgbtq+zxtruq and give up your guns, they say. Thats not going to happen in C, I wont allow it. I liked it before it was cool, and now they dressed it all up in drag and call it c++, you here about this folks, its a shame, so sad"

Lmao

Rust made a memory leak inside his brain

If he doesn't will the rest follow?

Wym, all he does is free memory. Bro tries to free Stack allocated memory sometimes. He's trying to update his hardware to rust

Hahaha 😆

no they got a back door.

@@sixbutton9 Rust still uses the LLVM, so there's still a lot of undefined behavior and unsafe things for years to come.

@@monad_tcp
There is no UB in normal safe Rust code (and if there is it would be fixed eventually).

@@lawrencemanning
😆

@@diadetediotedio6918 define "normal"

Elaborate

@ed2145 I'll write it in very simple words, since you seem to not understand what the problem could be... if computer in rocket stop, thing can go boom! people go ouch, thing is no no. Capiche?
Like, look, I mean no disrespect, but seriously, I think it is very clear that if your on board computer stops for a while on any aerospace related field, then you are going to have a lot of problems, because the computer is meant to keep up to date at all times. It is a critical system that could completely fall appart if it cannot perform the very precise operations and flight adjustments it has to perform at all times... This applies to satellites, rockets, planes, anything, you name it... or would you feel safe having something fly overhead knowing its onboard computer could suddenly decide to just freeze for a few nanoseconds just for the whole thing to fall on top of you? Yeah, that's what I thought.

@@tiranito2834 I'm starting to think that all the people not understanding why GC would be bad for spacecrafts just don't understand how GC works.

@@anon_y_mousse Yeah, they must think its some kind of miracle device capable of cleaning up their memory in an instant and that there is no overhead to it. "GC is the secret ingredient in the magic sauce of memory management. It just works."

@@anon_y_mousse That's the sad reality of the way GC works. Out of sight out of mind.

What are e we talking about? Critical software that has become infrastructure or critical software that is a product of a company?

Basic input validation is so much easier to do in Rust, though. If I want to parse JSON (or any other of dozens of serialization formats) into a Rust struct I just import Serde and derive deserialize on my struct and it writes the parser for me. It then forces me to check to see if the parse succeeded or failed, and if it succeeded I now have a reference to a fully instantiated and syntactically correct instance of my struct without a null pointer in sight. If I want to add semantic analysis, I could then write a simple parser that parses MySerdeStruct into Result. Alternatively, if I wanted to do it all in one go I could instead just implement the Deserialize trait for my struct and bake in the semantic analysis. Boom, if I have an instance of MySemanticallyCorrectStruct anywhere in my program it's now guaranteed to have been instantiated, validated, and point to a valid location in memory.

Users will read the guide, so validation isn’t important.

@@Kane0123 I agree. You should educate your users. After all. User Input should always be correct so you can trust it at all times in your code.

@@rahzaelfoe3288 You do realize that Serde is a library, not a language, don't you? And there are libraries to do the JSON parsing and validation in C++, you don't have to write all the code yourself.

Well, there are Java VMs developed that are suitable for real time systems. Not very popular, expensive, and mostly used in military/ some automotive. There is one called "Jamaica VM" and one developed by "ptc". But Java is still extremely memory hungry. I would like to have my IoT device being able to run on battery a few years.... and without crashes.

GCs also require a good amount of speed and memory themselves to manage that space-grade hardware may not have. space-grade processors need to be much simpler and thus probably much slower in order to be less prone to errors when exposed to space. dynamically allocating and deallocating memory in space can also be a big problem when communication timing is an absolute critical essential in space for a variety of reasons and dynamically managing memory can lead to unpredictable timing.

There's ways to enter during garbage collection. I can think of three without looking at the code in question.

😂🎉

You don't have to listen to them, there are many others that have said this before them.

You don't have to hear them but they're just repeating what people who has nothing to do (as far as we know) with NSA have been saying from the very beginning: never trust in the programmer

I think also they might not run leading to running out of memory.

​@@eldrago19Try that again

Focusing on security makes it harder to get things working.

So true, that's why we wrote our blazing fast JS engine in JS

@@fotnite_ xzibit.gif.js

Yeah, why isn't the linux kernel being rewritten in js?

Nah, PHP is the most secure. After all, what hacker is going to infiltrate PHP code? Hmmm ... by that logic, Intercal has to be ideal for truly secure code.

@@Galahad54 of course, it stands for Pure Hack-Proof

In a parallel universe where America isn't the definition of Capitalism/Globalism/Imperialism exactly that happened.
Richard Stallman got a medal of honor there.

too based for the gov i'm afraid

Why would they do that? Closed source is superior from certain points of view.

@@markojojic6223 Facts are not points of view. Security through obscurity is a farce

true, the only reason the us gov can confirm rust is memory safe is because the compiler is open sourse

Yeah the government will not tell me what language to use

Typical C programmer (no shade).

@@malusmundus-9605are you being sarcastic? Couldn't tell these days 🤷‍♂

calling the cops

"C gives the programmer too much freedom. We need more security! I hereby declare C to be a terrorist organization!"

heyeyey slow down your horses - nobody said anything about using! The white house is talking - and that's the only they ever do

once the nsa endorses rust, is the day ill stop using it.

@@pluto8404 why

I haven't done video games, but do lots of GUI and OOP is a must, type hierarchy just looks natural

@@mizu_7422 they planted 5g bugs into my esp32

the c in c stands for crime

@@guyblack9729what about c++

@@guyblack9729 what do the rest of the other letters stand for?

@@bruhzzerPropaganda.

If only it wasn't one of the most compatible languages out there with extensive tooling and libraries. I don't think it's going anywhere anytime soon.

VOP - virtue_signaling oriented programming. It is the future.
RUSTRANNY ZISTAS. GO GO GO!

Watch them try to make a list of all C programmers and leverage their ISP's to cut their internet service and deny them plane flights.

New paradigm Yay

the eu supports a ton of FOSS, like... idk, gnome. so yeah. often enough that's actually something i love

always knew there's something not right with rust

Thanks for reminding me that I'm old.

how did it take over the world, most programmers never even heard of it

history repeats itself
rust++

That is not how I remember it.
The US government did not create Ada. They held a kind of completion to find a language that would be suitable to use n all MoD and other government procurement. The idea was to get out of the situation where every vendor used a different language and they therefore had hundreds of languages in all kind of projects. Ada won that competition and subsequently it was mandated on all new government contracts.
Far from being popular pretty much all programmers I worked with who had to use it did not like it. They complained it was too complex, too verbose, too slow. As a result the mandate was lifted only a few years later. With the result that everyone flocks dot the new shiny C++ as a supposed improvement over their beloved C. Ada still hangs on in safety critical systems though, like avionics.
Ada never took over the world, it was rarely used outside military and safety critical applications.
I get the idea that the government learned something and would not be so daft as to mandate a particular language, for example Rust. However this document certainly serves to push the software world to more reliable and robust languages that are memory safe.

@@Heater-v1.0.0 I think you missed the obvious sarcasm in that line of "took over the world", because we all know it did not.

Indeed, I'm more concerned about being secure from government intrusion than the other way around.

@@undeadpresident I really don't mind the NSA having all sorts of dirty tricks. Just so long as they don't share them with the FBI! Unfortunately, it's hard to tell if they do or not, besides the fact that the FBI is constantly whining about encryption.

I agree

@@undeadpresident Governments are the number 1 producer of malware, governments everywhere are just criminal organizations

@@TapetBart ok, mastermind, how is your posting on the internet going to prevent the NSA from stockpiling zero days? They aren't really sensitive to public sentiment.
Not that the FBI is, either. Are you saying it's not worse for civil liberties for the agency in charge of law enforcement in the USA to have these sorts of capabilities? Because, of course, it is far worse for the FBI to have access, rather than just the foreign intelligence agencies. (except for the CIA, they can't keep anything a secret)
BTW, I believe the phrase you are looking for is "room temperature IQ", not "room level IQ"

Damn, those 12 programmers downloaded crates 60 billion times, while creating 141 000 crates. Very impressive.

13, I started learning it.

I really like cargo and can‘t quite follow your problems since I‘ve never migrated a project to rust, but here‘s a trick: if you need to know what cargo is doing behind the scenes, you can use cargo build -v or even cargo build -vv. It will show you the commands run. Hope this helps

@@ZwiebelgianYeah… get back to us when you’ve tried to integrate it into a CMake or Ninja or Makefile project. I’ve done it. It sucks. It can be done, but it sucks.

Ewww make files.

@@airman122469 yeah those commads are extremely verbose, good luck nonetheless. If you really want it to change, try posting a bit more formally in one of rusts official channels

Build with Bazel when the project is either large , polyglot, or both.

They preffer Cisco spying them than Huawei

Rust is MIT/Apache 2.0 license

@@ameknite I am not talking about rust the language, but any program written in rust that MAY be GPL licensed.

​@YandiBanyu ahhh, that is not much of a problem in rust, most libraries are not GPL, the standard is MIT/Apache 2.0 and the majority check for the licenses using cargo-deny

That's a huge license issue for certain pieces of software, not everyone wants to statically link everything.

@@heavymetalmixer91 If you want dynamic linking with Rust, you're out of luck. That isn't a supported feature yet.

I think that's what Byarne Stroutstroup said too. He was implying something like; in C++ we should be allowed to use memory unsafe features only by manually adding those unsface compiler flags. All the safest features should be enforced by default in the first place. If that does become a reality for future compiler versions, most of the vulnerabilities can be eliminated.

"I will defeat Donald Reagan this election!"

Yep.

rust foundation wants to take your 🔫🔫 per the TOS. Now we know who they really are.

Assuming he has memory to begin with

@@godspeed2145 it's just leaked over the past 80 years

His memory is FINE, it's just his output stream buffering.

His memory is great, his brain just runs on Python

They also created the ADA programming language, that why it became so popular and took over the world

@@virtuosisimo never heard of it

CIA probably added a backdoor to the rust compiler

@@shallex5744 that's my point xD

U r a tinhat

This! And just because rust is "Memory Safe" Doesn't mean there aren't issues with it. Kinda like how Alpine Linux is "more secure" than other distros because there are fewer eyes on it.

You are missing the point, cherry picking these examples and cases. A lot of hardware and software gets picked apart due to memory issues and overflow.
The fusee gelee exploit that made every Nintendo switch vulnerable was caused due to a memory overflow bug, for example

@user-lp8eo5cd1h You are entirely missing the point and are bike-shedding. Expecting programmers to have a borrow checker in their head is inherently flawed.

@@C4CH3Sisn’t that just down to poorly managed code? With some finessing with rust you could most likely fuck with it in a similar way. It’s just not been exploited yet thanks to low use.

​@@OGNordusing rust makes it nearly impossible to write a huge class of bugs.
You can argue "poorly managed code," but if there's an option that makes such bugs impossible without specifically choosing to use an escape hatch, then you're simply going to have less bugs.
I'd rather have a complier enforce bugs to not exist rather than rely on the human to do that check, humans who miss stuff, who make mistakes.
Yes you can write insecure code in rust. But it's much harder or impossible to write a very important class of bugs in rust. And even if it is possible, you have to go well out of your way to do so.

Another problem with the "skill issue" argument is that Apple, Microsoft, Linux, Google, etc have essentially unlimited resources and decades of experience and yet they are still experiencing these issues.

This is a LCD defense argument. Which sounds remarkably like projection.

The government operates with timelines and budgets that enterprises do not. They could absolutely establish a licensing criteria for federal dev work and create associated acceptance testing paradigms that far exceed those sustainable in private industry in the interest of national security. They literally plan to spend $20 billion to replace chinese made CRANES in our ports due to security concerns…

@@NinjaRunningWildLCD defense? As in the screen type? Could you elaborate, I find OP's argument quite compelling.

@@semitangentDo you understand mathematics?

@@semitangent lowest common denominator. In this case making an argument to defend the effort of the least skilled who posses a basic level of aptitude which is the lowest common denominator among all developers. Rather than expecting better from everyone.

Is it smart to post this information to the internet?

@@Walter_ If we do our jobs right

In one sense, C is neither memory safe nor unsafe, because that's in the hands of the programmer. On the other hand, if the security problem is located in the possibility of making unsafe programs, then C itself can be considered unsafe.

Your Dad was smart and knew that the only way to be "safe" in certain ways was to give up on Turing completeness. One can afford that for science and aerospace systems, but it's a rather hard way to make a living as an app programmer.

In space you need realtime operations. You can't have that with a GC.

U have a hat made out of tin

Yes. Ada came from Defense, including its design; Rust came from the developer community and is simply being _recommended_/adopted by government, among others.

​@@oluseyisonaiyaI don't really see the difference.

@@oluseyisonaiya implying rust isn't heavily political and compromised from the start lol

Never heard of it in real life: so competition currently non-existant.

@@samuele5931 tuple is one example. Zig ships with a compiler that can compile C and C++, its memory safe and simple so I think its a pretty strong competitor because of the way it sets it self up for rewriting legacy C and C++ codebases. It would be simpler to rewrite in Zig than Rust

@@samuele5931 Bad take
Uber use it
My company use it and we're responsible for a very popular software to manage datacenters and servers

I agree. If Zig continues to perform and stabilize, I think it will start replacing C, and maybe some low-level C++ areas like games/graphics. Rust will need to compete with Golang to pick the corpse of C++

The costs can largely be optimized away in a language like Rust. Hardware changes aren't really necessary as the cost is already negligible.

This comment is highly underrated.

Yeah but @LowLevelLearning discusses this in the video: 70% of major security issues are related to memory management. Even though that leaves 30%, eliminating 70% itself (after 35-50 years) would itself be a monumental achievement.

@@GEfromNJ I don’t have data on the matter, but I’d easily bet on that figure not including social engineering as a vulnerability.
So, even if we take at face value Rust’s claim to memory safety, it still wouldn’t lead to a particularly more secure digital environment. It could indeed solve a major class of vulnerabilities, but it’s also the class of vulnerabilities that only highly sophisticated attackers use, so it probably is the less frequent in volumes of attacks. A vast network of Internet crawlers brute forcing common default credentials for unsecured IoT devices is, to me, a more worrisome class of attacks, because of its scale and low floor to access it. And it’s a kind of vulnerability that can only be removed by making cybersecurity due diligence standards mandatory.

@@Vaalin In response to the claim that Rust prevents a lot of vulnerabilities, saying something like "yeah, but it doesn't prevent all vulnerabilities" is not really a counter argument. Memory safety issues undeniably make up a huge chunk of software vulnerabilities and using Rust helps to prevent those from occurring.

It’s almost like profit seeking behavior is inherent to capitalism

Can you be 100% sure? You know the German saying: "Even a blind chicken does occasionally find a corn."

@@stzi7691 Hahaha... True.
However, I don't think this is the case with Rust. Largely because I don't think Rust is anywhere near as "safe" as people think it is. I mean, there are videos floating around now, which show people breaking the borrow checker and causing memory leaks, which most people seem to think cannot happen.

@@roberthoople wow rust has bugs? well back to writing assembly, be sure to push ur registers to the stack before overwriting them!
how is this a good point in ur mind? rust provides a lot of checks that avoid most vulnerabilities in C programs, it not being 100% effective isnt an own to it being safer

​@@yandere8888 LOL. My actual problem with Rust are it's childish fanbois, and the diaper stink they bring to every programming conversation on the internet, not so much the language's on-by-default safety features themselves.

@@roberthoople ah yes the adult thing of not using a language cuz u dont like the other ppl who use it
what?

Thus, moving into a new language that offers it out-of-the-box appears to be a good 'solution' for this.

@@diadetediotedio6918 lmao no thanks

"What's a unique pointer?" ~ most people who shit on C++ for being unsafe.

​@@diadetediotedio6918One of the reasons I like rust more than C is cargo, it's so nice to have a built in build system that just werks and doesn't use archaic scripting languages, I never have to search for libraries and compare which one is better at what, just cargo add tokio, done, multithreading

Exactly. Devs don't use them. Unless it's "built in" they will continue not to use them. We have 50 years very clearly demonstrating this is the case.
That's why languages which are more memory safe by default are generally better for ensuring everyone is producing secure applications. Especially when we, as users, are often forced into using proprietary software built by developers we've never met. I'd prefer that they have some decent guard rails when writing programs that are responsible for handling my personal data.

If you lean on a motorbike you'll crash

Because making a house truly fireproof is mad expensive and has negative side-effects. It's much cheaper and better to teach the occupants how not to set the house on fire.

maybe try dealing with the corruption first starting with the financial system

!Remind me in 50 years

It still gives us a peace of mind that we haven’t created an exploit unintentionally. Reducing the attack surface helps us target the next class of exploits.
Besides it also helps us avoid unintentional memory bugs in regular use.

@@mma93067 rust still has CVEs. It’s not full proof and relying on the claim of full proof is the same as having assumptions about your code.

@@mma93067 Rust still has CVEs. It’s not a cure all, and believing it to be has the same effects as making assumptions about your inputs.

Sure, social engineering is the biggest problem these days, but to say that memory safety doesn't matter is incredibly hyperbolic. Even if it doesn't cover all or most vulnerabilities, reducing the attack surface by 5% is nothing to scoff at.

Actually, it does still matter how safe the language is because attacks still exist which target those insecurities of the language.
Also, the idea that every language is safe as long as you do everything absolutely perfectly with absolutely zero assumptions is an overly naive solution. We already know that nobody is going to write perfectly secure code all the time. Crossing your arms and saying "well they people should code perfectly" isn't a solution.

Rust is bloated, not as minimalistic as C.

@@TheDarkBusinessman >c
>minimalistic
have u seen libc?

Exactly!
That just shows that the paper is not about "memory safety" but just used this buzzword because it's what Rust is selling.
I don't know what is going on, but there's something very weird about the entire Rust hype. And the government taking sides like this just makes it even weirder.

For me it isn't about whether or not it is or isn't a skill issue because if you do anything wrong ever it could be considered a skill issue. I think that having a language that nearly completely prevents certain kinds of skill issues releasing in working production code is a good thing.

and an even better way to introduce new bugs

Because you are literally allowed to write a C compiler if you want. With Rust, I'm not so sure, it's trademarked so making a compiler and saying its for the Rust (TM) language might as well get you sued these days.

​@@tiranito2834??? The rust compiler is OS, obviously. There are alternative ones, there just isn't reason to use them yet. If there's ever issues with rustc obviously it will be forked and a new one will be the default compiler choice, if there's demand for it.

@@clairel34 Except you can't call it a Rust(TM) compiler without permission.

SOC analysts just got even worse at our jobs

Is the alternative to build your own compiler from scratch? I don't really understand this argument.

@@ultimatedude5686 you fell into internet falacy 17: assuming something is an argument. And falacy 18: assuming it was a personal attack against you. And falacy 19: being offended by it.
I was merely poking fun at the idea that delegating responsibility automatically yields better results.

@@Terrados1337 I was using the word argument very loosely. I didn't find what you said offensive, I just disagreed with the point you're making. Delegating responsibility to much larger and more well-maintained codebases (like the compiler and the standard library) is generally a good idea.

Exactly -- lousy coders do not become good by being given safer toys. If anything, this will result in even more bad code due to the perceived "safety".

@@rusi6219 Thank you. Perfectly Said!!!

I am more concerned that rust is also being used to create malware/exploit

​​@@YandiBanyu oh it is, and will continue to be (there are already "hacking" courses that use Rust on youtube). You can't touch hardware without security concerns. Unless the government wants to rebuild everything from the ground up, it will continue to be that way.

@@YandiBanyu Which is even more reason to use Rust for the possibly targeted good software as well, as a counter measure.

@@jongeduard I am not saying do not write software using rust. Both can exist at the same time. I am merely pointing out that malware too can be created using rust.

@@YandiBanyu Oh no problem, I did not think or intent that either. I just emphasized the importance. I actually liked your comment instead.

If the NSA and WH said to breathe air are you gonna hold your breath

@@danm524 yes.

Shook. Need the NSA and WH to approve junk food, praise social media, and hate on voting then.

@@ekmekdelikanli1408 r u still holding ur breath

That only saves us from data corruption from high energy cosmic radiations.

i guarantee you are a sub par programmer.

Sure and I can guarantee you’re one as well, which just proves my point. The difference between me and you though is that I don’t think it’s impossible for me to be trash at something

@@afgor1088 Projection. Thanks for confirming. Also, ad hominem. We accept your surrender.