US Government declares the safest programming language
ฝัง
- เผยแพร่เมื่อ 26 ก.พ. 2024
- White House issues report about the future of cybersecurity and programming. Specifically: the Rust Programming Language.
www.whitehouse.gov/wp-content...
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
🙌 SUPPORT THE CHANNEL 🙌 Become a Low Level Associate and support the channel at / lowlevellearning
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
C Programming Language, 2nd Edition: amzn.to/3OKh3q2
C++ Crash Course: A Fast-Paced Introduction: amzn.to/3qdZILK
The Rust Programming Language, 2nd Edition: amzn.to/3MHaS36
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: www.linktr.ee/lowlevellearning
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord - วิทยาศาสตร์และเทคโนโลยี
go learn C before its illegal 😞 lowlevel.academy
SO @doce3609 lol
If C gets Illegal ill invent something different than C, maybe with better tools for articulating Objects and Problems very fast.. I dont have a Name yet but because its based on C im thinking of something with a plus.
Just learn Odin.
We still have ASM superpowers. And if ASM gets disallowed too, we'll just hide ourselves inside a Rust unsafe block and do very naughty things, like using the ASM macro. :P
Lmao
Trump is going to come out for C.
"Lots of hard working C miners here today. C is a great language. I've written a lot of C. Nobody writes more memory safe code than I do."
that'd be fun
a lot of us 400-pound hackers are pretty good C programmers!
Lol
@@Kane0123 "C jobs built America. C powers everything. We love C here in West Virginia, folks. Not Biden. Rusty Joe they call him. They do call him that don't they? Sleepy and rusty."
"I here to use rust you have to identify as lgbtq+zxtruq and give up your guns, they say. Thats not going to happen in C, I wont allow it. I liked it before it was cool, and now they dressed it all up in drag and call it c++, you here about this folks, its a shame, so sad"
Apparently, Joe forgot to free his memory.
Lmao
Rust made a memory leak inside his brain
If he doesn't will the rest follow?
Wym, all he does is free memory. Bro tries to free Stack allocated memory sometimes. He's trying to update his hardware to rust
Hahaha 😆
So the NSA has finally collected enough zero-days that they're now allowing recommendations in favor of Rust?
no they got a back door.
@@sixbutton9 Rust still uses the LLVM, so there's still a lot of undefined behavior and unsafe things for years to come.
@@monad_tcp
There is no UB in normal safe Rust code (and if there is it would be fixed eventually).
@@lawrencemanning
😆
@@diadetediotedio6918 define "normal"
Garbage collectors are generally not used in aerospace because most garbage collectors temporarialy stop code execution for a short period of time and stopping code execution, even for a small amount of time, on a rocket that is accellerating very very fast is not a good idea
Elaborate
@ed2145 I'll write it in very simple words, since you seem to not understand what the problem could be... if computer in rocket stop, thing can go boom! people go ouch, thing is no no. Capiche?
Like, look, I mean no disrespect, but seriously, I think it is very clear that if your on board computer stops for a while on any aerospace related field, then you are going to have a lot of problems, because the computer is meant to keep up to date at all times. It is a critical system that could completely fall appart if it cannot perform the very precise operations and flight adjustments it has to perform at all times... This applies to satellites, rockets, planes, anything, you name it... or would you feel safe having something fly overhead knowing its onboard computer could suddenly decide to just freeze for a few nanoseconds just for the whole thing to fall on top of you? Yeah, that's what I thought.
@@tiranito2834 I'm starting to think that all the people not understanding why GC would be bad for spacecrafts just don't understand how GC works.
@@anon_y_mousse Yeah, they must think its some kind of miracle device capable of cleaning up their memory in an instant and that there is no overhead to it. "GC is the secret ingredient in the magic sauce of memory management. It just works."
@@anon_y_mousse That's the sad reality of the way GC works. Out of sight out of mind.
"Skill issues" but programmers still won't follow basic input validation lmao
What are e we talking about? Critical software that has become infrastructure or critical software that is a product of a company?
Basic input validation is so much easier to do in Rust, though. If I want to parse JSON (or any other of dozens of serialization formats) into a Rust struct I just import Serde and derive deserialize on my struct and it writes the parser for me. It then forces me to check to see if the parse succeeded or failed, and if it succeeded I now have a reference to a fully instantiated and syntactically correct instance of my struct without a null pointer in sight. If I want to add semantic analysis, I could then write a simple parser that parses MySerdeStruct into Result. Alternatively, if I wanted to do it all in one go I could instead just implement the Deserialize trait for my struct and bake in the semantic analysis. Boom, if I have an instance of MySemanticallyCorrectStruct anywhere in my program it's now guaranteed to have been instantiated, validated, and point to a valid location in memory.
Users will read the guide, so validation isn’t important.
@@Kane0123 I agree. You should educate your users. After all. User Input should always be correct so you can trust it at all times in your code.
@@rahzaelfoe3288 You do realize that Serde is a library, not a language, don't you? And there are libraries to do the JSON parsing and validation in C++, you don't have to write all the code yourself.
I'm not a C coder, just an old sysadmin. I think automated garbage collection is prone to periodic pauses when resources are freed up, so an RTOS would be subject to mysterious timing issues.
Well, there are Java VMs developed that are suitable for real time systems. Not very popular, expensive, and mostly used in military/ some automotive. There is one called "Jamaica VM" and one developed by "ptc". But Java is still extremely memory hungry. I would like to have my IoT device being able to run on battery a few years.... and without crashes.
GCs also require a good amount of speed and memory themselves to manage that space-grade hardware may not have. space-grade processors need to be much simpler and thus probably much slower in order to be less prone to errors when exposed to space. dynamically allocating and deallocating memory in space can also be a big problem when communication timing is an absolute critical essential in space for a variety of reasons and dynamically managing memory can lead to unpredictable timing.
There's ways to enter during garbage collection. I can think of three without looking at the code in question.
The White House is the trusted authority that I always look for guidance from when I am trying to decide what language to use in my next project.
😂🎉
You don't have to listen to them, there are many others that have said this before them.
You don't have to hear them but they're just repeating what people who has nothing to do (as far as we know) with NSA have been saying from the very beginning: never trust in the programmer
The sentiment about not having GC for space use could be due to avoiding GC pauses.
I think also they might not run leading to running out of memory.
@@eldrago19Try that again
"up until recently, security was an afterthought"
(That implies that it no longer is)
* IoT has entered the conversation *
Focusing on security makes it harder to get things working.
This is ridiculous - everyone knows that the only choice for not only a memory safe but memory efficient stack is pure javascript
So true, that's why we wrote our blazing fast JS engine in JS
@@fotnite_ xzibit.gif.js
Yeah, why isn't the linux kernel being rewritten in js?
Nah, PHP is the most secure. After all, what hacker is going to infiltrate PHP code? Hmmm ... by that logic, Intercal has to be ideal for truly secure code.
@@Galahad54 of course, it stands for Pure Hack-Proof
The Whitehouse should write a similar statement regarding open source being safer than proprietary and closed source
In a parallel universe where America isn't the definition of Capitalism/Globalism/Imperialism exactly that happened.
Richard Stallman got a medal of honor there.
too based for the gov i'm afraid
Why would they do that? Closed source is superior from certain points of view.
@@markojojic6223 Facts are not points of view. Security through obscurity is a farce
true, the only reason the us gov can confirm rust is memory safe is because the compiler is open sourse
I'm a aerospace engineering student and write code for a satellite project. I can tell you that the institute of space systems at my uni is currently in the process of transitioning from C++ to Rust. So yes, there will soon be satellites with Rust code onboard.
Understood, will keep using C
Yeah the government will not tell me what language to use
Typical C programmer (no shade).
@@malusmundus-9605are you being sarcastic? Couldn't tell these days 🤷♂
calling the cops
"C gives the programmer too much freedom. We need more security! I hereby declare C to be a terrorist organization!"
white house using Rust before GTA 6 is crazy 💀
heyeyey slow down your horses - nobody said anything about using! The white house is talking - and that's the only they ever do
once the nsa endorses rust, is the day ill stop using it.
@@pluto8404 why
I haven't done video games, but do lots of GUI and OOP is a must, type hierarchy just looks natural
@@mizu_7422 they planted 5g bugs into my esp32
C is illegal now
the c in c stands for crime
@@guyblack9729what about c++
@@guyblack9729 what do the rest of the other letters stand for?
@@bruhzzerPropaganda.
If only it wasn't one of the most compatible languages out there with extensive tooling and libraries. I don't think it's going anywhere anytime soon.
Gotta love politician driven development 😥😥
VOP - virtue_signaling oriented programming. It is the future.
RUSTRANNY ZISTAS. GO GO GO!
Watch them try to make a list of all C programmers and leverage their ISP's to cut their internet service and deny them plane flights.
New paradigm Yay
the eu supports a ton of FOSS, like... idk, gnome. so yeah. often enough that's actually something i love
always knew there's something not right with rust
The last time the USA goverment tried to influence on software development they created a programming language called ADA, then it became popular and took over the world (psic). That happened at the same time that C++ was brooding, before most of us where born
Thanks for reminding me that I'm old.
how did it take over the world, most programmers never even heard of it
history repeats itself
rust++
That is not how I remember it.
The US government did not create Ada. They held a kind of completion to find a language that would be suitable to use n all MoD and other government procurement. The idea was to get out of the situation where every vendor used a different language and they therefore had hundreds of languages in all kind of projects. Ada won that competition and subsequently it was mandated on all new government contracts.
Far from being popular pretty much all programmers I worked with who had to use it did not like it. They complained it was too complex, too verbose, too slow. As a result the mandate was lifted only a few years later. With the result that everyone flocks dot the new shiny C++ as a supposed improvement over their beloved C. Ada still hangs on in safety critical systems though, like avionics.
Ada never took over the world, it was rarely used outside military and safety critical applications.
I get the idea that the government learned something and would not be so daft as to mandate a particular language, for example Rust. However this document certainly serves to push the software world to more reliable and robust languages that are memory safe.
@@Heater-v1.0.0 I think you missed the obvious sarcasm in that line of "took over the world", because we all know it did not.
The problem they note is real and serious, but until they start punishing intelligence agencies for asking for backdoors I will not take them seriously. Put your money where your mouth is. Don't complain but refuse to pay the price (of not getting to infringe on people's privacy).
Indeed, I'm more concerned about being secure from government intrusion than the other way around.
@@undeadpresident I really don't mind the NSA having all sorts of dirty tricks. Just so long as they don't share them with the FBI! Unfortunately, it's hard to tell if they do or not, besides the fact that the FBI is constantly whining about encryption.
I agree
@@undeadpresident Governments are the number 1 producer of malware, governments everywhere are just criminal organizations
@@TapetBart ok, mastermind, how is your posting on the internet going to prevent the NSA from stockpiling zero days? They aren't really sensitive to public sentiment.
Not that the FBI is, either. Are you saying it's not worse for civil liberties for the agency in charge of law enforcement in the USA to have these sorts of capabilities? Because, of course, it is far worse for the FBI to have access, rather than just the foreign intelligence agencies. (except for the CIA, they can't keep anything a secret)
BTW, I believe the phrase you are looking for is "room temperature IQ", not "room level IQ"
All dozen Rust developers are having a blast right now.
Damn, those 12 programmers downloaded crates 60 billion times, while creating 141 000 crates. Very impressive.
13, I started learning it.
I like Rust, but for existing projects I have a few problems with it:
- integrating another build system (cargo) into an existing build system kinda sucks by itself, but it also creates another problem: porting your system module by module (instead of file by file) is really error prone and sucks even more
- using Rust without cargo sucks even more than integrating cargo into an existing buildsystem (to a point where I am not sure that's even supported); but at least it makes porting an existing code base easier
I really like cargo and can‘t quite follow your problems since I‘ve never migrated a project to rust, but here‘s a trick: if you need to know what cargo is doing behind the scenes, you can use cargo build -v or even cargo build -vv. It will show you the commands run. Hope this helps
@@ZwiebelgianYeah… get back to us when you’ve tried to integrate it into a CMake or Ninja or Makefile project. I’ve done it. It sucks. It can be done, but it sucks.
Ewww make files.
@@airman122469 yeah those commads are extremely verbose, good luck nonetheless. If you really want it to change, try posting a bit more formally in one of rusts official channels
Build with Bazel when the project is either large , polyglot, or both.
Every switch, every router, every bit of Cisco equipment must now be disconnected
They preffer Cisco spying them than Huawei
You know rust made me re-think the GPL license on static link. Since rust libraries are always compiled (statically linked), I wonder if we will ever see the issue in court and set precedence.
Rust is MIT/Apache 2.0 license
@@ameknite I am not talking about rust the language, but any program written in rust that MAY be GPL licensed.
@YandiBanyu ahhh, that is not much of a problem in rust, most libraries are not GPL, the standard is MIT/Apache 2.0 and the majority check for the licenses using cargo-deny
That's a huge license issue for certain pieces of software, not everyone wants to statically link everything.
@@heavymetalmixer91 If you want dynamic linking with Rust, you're out of luck. That isn't a supported feature yet.
Modern C++ can definitely be memory safe. Maybe not to the extent of Rust but still very safe. The problem is that the C++ compiler still allows you write legacy unsafe code. It would be nice to see an option across all C++ compilers that prevents clearly unsafe C++ code from compiling.
I think that's what Byarne Stroutstroup said too. He was implying something like; in C++ we should be allowed to use memory unsafe features only by manually adding those unsface compiler flags. All the safest features should be enforced by default in the first place. If that does become a reality for future compiler versions, most of the vulnerabilities can be eliminated.
Everyone after watching this video going back to work doing C.
Oh, shit, is this what finally derails the Rust hype-train?
"We're from the government, we're here to help!"
"I will defeat Donald Reagan this election!"
Yep.
rust foundation wants to take your 🔫🔫 per the TOS. Now we know who they really are.
be pretty cool if you did a retrospective of malware/exploits in the history of computer science. be able to compare the knowledge back then to now, and even the limitations of why such exploits were made/discovered
No jokes about Biden and memory integrity!
Assuming he has memory to begin with
@@godspeed2145 it's just leaked over the past 80 years
His memory is FINE, it's just his output stream buffering.
His memory is great, his brain just runs on Python
I think the Garbage Collection point is that, gb is non-deterministic
The government supporting it makes me a bit suspicious
They also created the ADA programming language, that why it became so popular and took over the world
@@virtuosisimo never heard of it
CIA probably added a backdoor to the rust compiler
@@shallex5744 that's my point xD
U r a tinhat
I've watched several of your videos now. The topic of Rust was my gateway into your channel, but so far I've found everything I've watched to be absolutely fascinating. I have subscribed and I am actively looking forward to your future content.
If i recall correctly heathcare devices typically also have constraints on using garbage collected language. I think in both cases it is the issue of lossing control over when/the interval between code execution as with garbage collected languages you dont know when it will be run or how much garbage needs to be processed
I've been a programmer for 40 years, 10 of which was in C/C++, and that Whitehouse paper didn't make sense to me. It jumped from saying "We need to make more secure software" to "Therefore, memory safe programming languages is the solution". I can write a program that puts passwords into a plain text file. That's a security issue but has nothing to do with memory. I can write a program that infinitely allocates memory and crashes the program. That has to do with memory, but has nothing to do with security. Then the article mentions events like the Morris Worm. The Morris Worm used "finger" to find people logged onto the computer. Not sure how that has to do with memory. I agree that Rust is better at memory management, but I'm pretty sure I can write an insecure program in it, regardless of it being better at memory management.
This! And just because rust is "Memory Safe" Doesn't mean there aren't issues with it. Kinda like how Alpine Linux is "more secure" than other distros because there are fewer eyes on it.
You are missing the point, cherry picking these examples and cases. A lot of hardware and software gets picked apart due to memory issues and overflow.
The fusee gelee exploit that made every Nintendo switch vulnerable was caused due to a memory overflow bug, for example
@user-lp8eo5cd1h You are entirely missing the point and are bike-shedding. Expecting programmers to have a borrow checker in their head is inherently flawed.
@@C4CH3Sisn’t that just down to poorly managed code? With some finessing with rust you could most likely fuck with it in a similar way. It’s just not been exploited yet thanks to low use.
@@OGNordusing rust makes it nearly impossible to write a huge class of bugs.
You can argue "poorly managed code," but if there's an option that makes such bugs impossible without specifically choosing to use an escape hatch, then you're simply going to have less bugs.
I'd rather have a complier enforce bugs to not exist rather than rely on the human to do that check, humans who miss stuff, who make mistakes.
Yes you can write insecure code in rust. But it's much harder or impossible to write a very important class of bugs in rust. And even if it is possible, you have to go well out of your way to do so.
The most aggravating part of the “skill issue” argument is that even if _you_ can write good safe c code it just takes 1 human miscommunication across an api boundary written by different people to create a CVE
Another problem with the "skill issue" argument is that Apple, Microsoft, Linux, Google, etc have essentially unlimited resources and decades of experience and yet they are still experiencing these issues.
I think the issue with garbage collection is that it can unpredictably change how long it takes code to execute, which is a problem for a real time system.
It may very well be a skill issue, but that doesn't make the problem go away!
The “skill issue” argument is made by people living in a bubble. I can appreciate the sentiment, but the reality is that the balance of supply and demand for programmers and margins necessary for businesses to operate simply will not always allow for every programmer to be a very good™ one.
This is a LCD defense argument. Which sounds remarkably like projection.
The government operates with timelines and budgets that enterprises do not. They could absolutely establish a licensing criteria for federal dev work and create associated acceptance testing paradigms that far exceed those sustainable in private industry in the interest of national security. They literally plan to spend $20 billion to replace chinese made CRANES in our ports due to security concerns…
@@NinjaRunningWildLCD defense? As in the screen type? Could you elaborate, I find OP's argument quite compelling.
@@semitangentDo you understand mathematics?
@@semitangent lowest common denominator. In this case making an argument to defend the effort of the least skilled who posses a basic level of aptitude which is the lowest common denominator among all developers. Rather than expecting better from everyone.
I'm glad. Just wish the syntax was simpler, like Go or Pascal.
Just wish they adopted the C philosophy of adding features every 30 years instead of every 3 months lmao.
C got presdefined bool types the other day... in C 23. We'll be using that in like 2084. (granted it had bools before, but not as part of the spec)
This is very interesting to me since the firm I work for takes a security first approach to everything we do. From the air gapped networks to the application code.
Is it smart to post this information to the internet?
@@Walter_ If we do our jobs right
Hard real-time safety/mission-critical systems not only do not use a GC, but they don’t use dynamic memory allocation either. Doing this eliminates a wide number of memory safety bugs, whilst also more easily achieving deterministic timing. Static memory allocation is a paradigm that really ought to be used more often tbh.
C and C++ are memory safe, but your code may not be.
rust's stdlib worries me more than strcpy does because very few stop to consider maybe the code isn't safe since even though they can't see any "unsafe blocks".
In one sense, C is neither memory safe nor unsafe, because that's in the hands of the programmer. On the other hand, if the security problem is located in the possibility of making unsafe programs, then C itself can be considered unsafe.
12:02 is the first time Rust is mentioned in case anybody wanted to know
My dad worked for NASA from 70s-late 90s working on Space storage systems. He had to create his own language to do the things (and presumably to adhere to those guidelines).
Your Dad was smart and knew that the only way to be "safe" in certain ways was to give up on Turing completeness. One can afford that for science and aerospace systems, but it's a rather hard way to make a living as an app programmer.
You can write safe c using a lot of static analysis and testing. However, there are not many developers with the ability and know-how. I know only a few developers who write safe code with c, and companies are unable to find additional capable people with good coding practices. When you draw the line additional effort usually does not make financial sense, which is why rust is on my to-do list, to write optimised safe code in one step without Misra checks analysis and weeks of testing.
I remember reading somewhere from Oracle I think that Java should not be used in space
In space you need realtime operations. You can't have that with a GC.
I never listen to anything the government says
U have a hat made out of tin
The US government declares a lot of things. If they would say that sky is blue, I’d still bother to re-check it myself.
We need to know secure way to do something, not only with language to write code but also algorithm how to resolve each problem.
I'm guessing that you are not old enough to remember ADA. Fourty years ago, the DoD required all new software to be written in ADA for all of the same reasons.
Will it be different this time?
Yes. Ada came from Defense, including its design; Rust came from the developer community and is simply being _recommended_/adopted by government, among others.
@@oluseyisonaiyaI don't really see the difference.
@@oluseyisonaiya implying rust isn't heavily political and compromised from the start lol
Zig has placed itself nicely to replace legacy C and C++ code. It'll be interesting to C how it competes with Rust in this space
Never heard of it in real life: so competition currently non-existant.
@@samuele5931 tuple is one example. Zig ships with a compiler that can compile C and C++, its memory safe and simple so I think its a pretty strong competitor because of the way it sets it self up for rewriting legacy C and C++ codebases. It would be simpler to rewrite in Zig than Rust
@@samuele5931 Bad take
Uber use it
My company use it and we're responsible for a very popular software to manage datacenters and servers
I agree. If Zig continues to perform and stabilize, I think it will start replacing C, and maybe some low-level C++ areas like games/graphics. Rust will need to compete with Golang to pick the corpse of C++
Could hardware be optimized to lessen the performance impact of things like runtime bounds checking? IMO such a thing should go hand in hand with the greater adoption of languages that have these safety features.
The costs can largely be optimized away in a language like Rust. Hardware changes aren't really necessary as the cost is already negligible.
They forget about Ada, which is memory-safe when used in certain profiles. The Boeing 777 still flies on Ada.
the government recommending Rust is way too suspicious
maybe i should use C instead
This comment is highly underrated.
Adopting Rust as a mainstream language won’t change the main factor behind code vulnerabilities: that companies do not care about security. Who cares if a class of memory related vulnerabilities is out of the equation if there’s IoT devices programmed with hard coded insecure root credentials and so on?
Yeah but @LowLevelLearning discusses this in the video: 70% of major security issues are related to memory management. Even though that leaves 30%, eliminating 70% itself (after 35-50 years) would itself be a monumental achievement.
@@GEfromNJ I don’t have data on the matter, but I’d easily bet on that figure not including social engineering as a vulnerability.
So, even if we take at face value Rust’s claim to memory safety, it still wouldn’t lead to a particularly more secure digital environment. It could indeed solve a major class of vulnerabilities, but it’s also the class of vulnerabilities that only highly sophisticated attackers use, so it probably is the less frequent in volumes of attacks. A vast network of Internet crawlers brute forcing common default credentials for unsecured IoT devices is, to me, a more worrisome class of attacks, because of its scale and low floor to access it. And it’s a kind of vulnerability that can only be removed by making cybersecurity due diligence standards mandatory.
@@Vaalin In response to the claim that Rust prevents a lot of vulnerabilities, saying something like "yeah, but it doesn't prevent all vulnerabilities" is not really a counter argument. Memory safety issues undeniably make up a huge chunk of software vulnerabilities and using Rust helps to prevent those from occurring.
It’s almost like profit seeking behavior is inherent to capitalism
"reactive" and "reactionary" mean very different things in case you didnt know (though describing security researchers as reactionary is kinda funny, and maybe a bit accurate too)
Hey, maybe the topic of the upcoming NIS2 directive might be interesting for you. It's not about secure software per se, but more so about secure systems and holding CEOs liable
Considering what the USA deems "good" these days, this isn't the glowing endorsement people think it is.
Can you be 100% sure? You know the German saying: "Even a blind chicken does occasionally find a corn."
@@stzi7691 Hahaha... True.
However, I don't think this is the case with Rust. Largely because I don't think Rust is anywhere near as "safe" as people think it is. I mean, there are videos floating around now, which show people breaking the borrow checker and causing memory leaks, which most people seem to think cannot happen.
@@roberthoople wow rust has bugs? well back to writing assembly, be sure to push ur registers to the stack before overwriting them!
how is this a good point in ur mind? rust provides a lot of checks that avoid most vulnerabilities in C programs, it not being 100% effective isnt an own to it being safer
@@yandere8888 LOL. My actual problem with Rust are it's childish fanbois, and the diaper stink they bring to every programming conversation on the internet, not so much the language's on-by-default safety features themselves.
@@roberthoople ah yes the adult thing of not using a language cuz u dont like the other ppl who use it
what?
“50 years later in a world of C with all these improvements to security how are we still writing vulnerabilities”
Devs, not using any of the improvements to security:
Thus, moving into a new language that offers it out-of-the-box appears to be a good 'solution' for this.
@@diadetediotedio6918 lmao no thanks
"What's a unique pointer?" ~ most people who shit on C++ for being unsafe.
@@diadetediotedio6918One of the reasons I like rust more than C is cargo, it's so nice to have a built in build system that just werks and doesn't use archaic scripting languages, I never have to search for libraries and compare which one is better at what, just cargo add tokio, done, multithreading
Exactly. Devs don't use them. Unless it's "built in" they will continue not to use them. We have 50 years very clearly demonstrating this is the case.
That's why languages which are more memory safe by default are generally better for ensuring everyone is producing secure applications. Especially when we, as users, are often forced into using proprietary software built by developers we've never met. I'd prefer that they have some decent guard rails when writing programs that are responsible for handling my personal data.
I agree about safety not being a skill issue. I'm all in for using Rust instead of C++. But to what level do you think that we have to constrain programmers? If programmers don't follow secure code guidelines and standards, there can always be security issues. Memory safety is not the only issue. Of course it's a big one. But what about the other issues?
Will they also fund a complete rewrite of Apache and Nginx in rust?
why build fireproof houses? seems like a skill issue if you set fire to it.
If you lean on a motorbike you'll crash
Because making a house truly fireproof is mad expensive and has negative side-effects. It's much cheaper and better to teach the occupants how not to set the house on fire.
MASA
Make America Secure Again
maybe try dealing with the corruption first starting with the financial system
Dude you look and sound just like my elements of computing systems lecturer. That’s crazy.
Suggest some memory safe languages without GC other than rust
!Remind me in 50 years
It doesn’t matter how safe your language is when 80% or more of data breaches are from social engineering and phishing. On the other hand, any language is safe as long as you make no assumptions about any input or write data and you have assertions in your code to check that data before any work is done with it.
It still gives us a peace of mind that we haven’t created an exploit unintentionally. Reducing the attack surface helps us target the next class of exploits.
Besides it also helps us avoid unintentional memory bugs in regular use.
@@mma93067 rust still has CVEs. It’s not full proof and relying on the claim of full proof is the same as having assumptions about your code.
@@mma93067 Rust still has CVEs. It’s not a cure all, and believing it to be has the same effects as making assumptions about your inputs.
Sure, social engineering is the biggest problem these days, but to say that memory safety doesn't matter is incredibly hyperbolic. Even if it doesn't cover all or most vulnerabilities, reducing the attack surface by 5% is nothing to scoff at.
Actually, it does still matter how safe the language is because attacks still exist which target those insecurities of the language.
Also, the idea that every language is safe as long as you do everything absolutely perfectly with absolutely zero assumptions is an overly naive solution. We already know that nobody is going to write perfectly secure code all the time. Crossing your arms and saying "well they people should code perfectly" isn't a solution.
So the list includes: Java, Go, Python, C#, Swift. - KlausGean
Why not making custom heap allocator and a framework where garbage collector keep track of reference of stack and free if it is not have existence in c++
Im staying with C although now I'm thinking of trying Rust maybe port over a couple small apps of mine and see how I feel.
Rust is bloated, not as minimalistic as C.
@@TheDarkBusinessman >c
>minimalistic
have u seen libc?
But, but, what about Zig?
Exactly!
That just shows that the paper is not about "memory safety" but just used this buzzword because it's what Rust is selling.
I don't know what is going on, but there's something very weird about the entire Rust hype. And the government taking sides like this just makes it even weirder.
You say it isn't a skill issue, and you also jumped on the 2019 metric of 70% of bugs are "memory bugs", but neither get at the root of exploitation. 1. What is the most common vulnerability type exploited by hackers? Is it memory bugs? Or is it misconfigurations and user error (skill issues). 2. Do you agree the barrier to entry in software development has been reduced in the last 50 years allow people with maybe less skill to develop and release software (skill issues)?
For me it isn't about whether or not it is or isn't a skill issue because if you do anything wrong ever it could be considered a skill issue. I think that having a language that nearly completely prevents certain kinds of skill issues releasing in working production code is a good thing.
Recommending to goim thru legacy code and rewrite it in anything is a good way to catch old bugs. Might as well RIIR while you're up in there
and an even better way to introduce new bugs
To be fair, while companies defintely rarely put enough money and effort into security, there still also are a lot of bad devs or devs that just don't really have a clue about security (and to be fair, some issues can be quite surprising and hard to spot if you're not familiar with them). Although that ofc still means, we should give them tools that make it difficult to make these mistakes in the first place.
WH? Does Biden have memory?
"The US government promotes Rust."
Wtf I hate Rust now.
As long as human write code, flaw code always written. That's why people fix bugs.
It's such a bad take
When we will have to manage legacy code of Rust people will be very confused and very unproductive
I rather stick to Go and Zig
the thing i dislike most about rust is that its managed or whatever you like to call it by a single entity, i feel like with c thats kinda different, theres tons of c compilers out there which just makes it feel less commercial for some reason
Because you are literally allowed to write a C compiler if you want. With Rust, I'm not so sure, it's trademarked so making a compiler and saying its for the Rust (TM) language might as well get you sued these days.
@@tiranito2834??? The rust compiler is OS, obviously. There are alternative ones, there just isn't reason to use them yet. If there's ever issues with rustc obviously it will be forked and a new one will be the default compiler choice, if there's demand for it.
@@clairel34 Except you can't call it a Rust(TM) compiler without permission.
Probably the worst recommendation you could possibly get.
So according to NSA, Rust is one of the memory safe language along side with C#, Java, Ruby and Swift lol
I can't wait to look at cyber security issues in an OS written exclusively in Rust
SOC analysts just got even worse at our jobs
"Use memory safe languages" is code for "have somebody else write your compiler so you can blame them when your calculator app leaks nuclear codes".
Is the alternative to build your own compiler from scratch? I don't really understand this argument.
@@ultimatedude5686 you fell into internet falacy 17: assuming something is an argument. And falacy 18: assuming it was a personal attack against you. And falacy 19: being offended by it.
I was merely poking fun at the idea that delegating responsibility automatically yields better results.
@@Terrados1337 I was using the word argument very loosely. I didn't find what you said offensive, I just disagreed with the point you're making. Delegating responsibility to much larger and more well-maintained codebases (like the compiler and the standard library) is generally a good idea.
Wdym It can't be a skill issue if it's been going on for 50 years? It's not like the same 10 people have been building all the software for 50 years.
Couldn't you just use Nim with reference counting in space?
Hilariously I am currently working on a cubesat project that is using Rust as its primary application level language!
Rust still sucks. And the U.S. government calling it out to use it just proves that it does indeed suck. It's not C and C++ fault that the developers of such cyber security systems didn't know how to use the language and just slapped together whatever it took to get the paycheck...
Exactly -- lousy coders do not become good by being given safer toys. If anything, this will result in even more bad code due to the perceived "safety".
@@rusi6219 Thank you. Perfectly Said!!!
The White House can't even decide which bathroom to go to.
You’re content is great! Keep up the hard work 💪
If rust gets good gpu support we r so cooking with it replacing everything.
It needs just that and a few compiler bugs fixed and u could lake the argument its the perfect languge.
(As much as that idea makes sense)
Changing to Rust will not stop cyber-crime. I want people to know that. It can help increase security generally, but it cannot change the dynamic we currently have. Black-hats will always have the initiative.
We should, at the very least, recognize that programming is an art, and preserve the use of "unsafe" languages for use in environments where safety isn't a concern (such as offline, single-player video games).
If the government wants to use Rust, let them have it. If they demand it for browsers and internet-related code, then so be it. They should not interfere with the freedom to use and create languages.
I am more concerned that rust is also being used to create malware/exploit
@@YandiBanyu oh it is, and will continue to be (there are already "hacking" courses that use Rust on youtube). You can't touch hardware without security concerns. Unless the government wants to rebuild everything from the ground up, it will continue to be that way.
@@YandiBanyu Which is even more reason to use Rust for the possibly targeted good software as well, as a counter measure.
@@jongeduard I am not saying do not write software using rust. Both can exist at the same time. I am merely pointing out that malware too can be created using rust.
@@YandiBanyu Oh no problem, I did not think or intent that either. I just emphasized the importance. I actually liked your comment instead.
If NSA and White House says you should use something, it is better not to use it.
If the NSA and WH said to breathe air are you gonna hold your breath
@@danm524 yes.
Shook. Need the NSA and WH to approve junk food, praise social media, and hate on voting then.
@@ekmekdelikanli1408 r u still holding ur breath
Ahh, just like that time when the NSA recommended Dual EC DRBG... Oh wai-
i heard using Rust prevents your senior cybersecurity policy analyst and foreign affairs desk officer at the White House, Charlie Kraiger from going out on Grindr dates.
You will use Rust, and you'll be happy.
they 100% found back doors
Memory safe hardware tends to be devices that enforce ECC checks.
Linus Torvalds called out Intel for being a major reason ECC memory isn't common
That only saves us from data corruption from high energy cosmic radiations.
There is already cubesat with rust firmware as far as I know: BSUsat is a cubesat of my uni
Rust is build using LLVM, which is written in C++.
While I agree with the sentiment of this video, C should never be seen as a bad language.
It’s a skill issue, most people are not smart, behind all jobs are people = you can guess the rest
i guarantee you are a sub par programmer.
Sure and I can guarantee you’re one as well, which just proves my point. The difference between me and you though is that I don’t think it’s impossible for me to be trash at something
@@afgor1088 Projection. Thanks for confirming. Also, ad hominem. We accept your surrender.
Wow, my Prius' ECM is programmed in C. I'm pretty sure most cars are the same. Although, I hear the Tesla Cybertruck has Rust now.
The point about a tracing garbage collector is that it comes with overhead, which actually sits in the way of real time performance, as described in the sentence before.
A GC has to dynamically track all used pointers to objects in memory continuously. In order to achieve this it must perform certain checks frequently, which cause very short but still real interruptions in code execution.
For software related to very precise scientific technology and measurements, this might be an actual issue. So I totally understand this point. So Go and C# cannot be used for example.