Comments by "Anony Mousse" (@anon_y_mousse) on "Rust Is Coming to The Linux Kernel and I'm Not Sure How to Feel" video.

  1. To clarify, it's not that C, or for that matter C++, are unsafe languages, rather that too many programmers are unsafe. Rust doesn't actually provide a guarantee about safety, regardless of what its proponents will say, but it makes it slightly more difficult to do certain unsafe things by mistake. However, if you have to use an unsafe keyword, already a design mistake there, then you're going to be without certain protections. If you have to abstract around the use of the unsafe keyword it separates your code in an unnatural way that will make it harder to debug. So either you overuse the unsafe keyword and constructs that go with it, or you abstract. Neither is good, especially at kernel level. What we really need is better programmers who actually understand the underlying hardware and can write safe code. The most prevalent errors that programmers make are ones that are super easy to prevent, regardless of language. At least if you're not a dingus.
    11
  2.  @wrockd  You missed a whole bunch of points and made a pointless long-winded response, but you also answered your own question. The majority of developers these days are dinguses. That's why we have languages like Python, Java, C#, Go and now Rust.
    2
  3. @Kiryu Kazuma Totally missed the point of what I said.
    1
  4.  @doktoracula7017  Better as in they've been taught all the techniques they would need to write good code and have gotten into the habit of adequately utilizing those techniques. There are bad kernel developers, yes, otherwise we wouldn't keep having the CVE's that we have. Mostly from buffer overflows too. A lot of people just don't know how to use a buffer correctly, to read input from external sources and how to check that it's correct. No programmer is perfect, but the simplest thing causing the most problems show that a lot of people still don't understand the most basic of things. Using a language which alleviates that challenge won't make for a better product, it'll make for a ticking time bomb. I'd go so far as to say such developers that make these mistakes should be excised from kernel development.
    1
  5.  @mk72v2oq  The point about different optimization levels is no longer valid. Don't write tricky code, write good code and the compiler can safely optimize well. This does require you to know about how the compiler does its job, as well as how the computer works, but if you don't know both what are you doing writing code for a kernel? The point about Rust was addressed in my original post, reread it.
    1
  6.  @wrockd  I didn't say all, I said the majority. And your assertion that any bug is inevitable is completely false. Things are worse now in terms of security than they were in the past because there's more malicious people in the world, case in point Rustaceans. It's not that code was necessarily written better, in fact I'd argue that most code was never well written, we just got lucky and it didn't blow up in our faces. Thinking that a new language will be a panacea is not only dangerous thinking, but it's completely false. Also, a lot of Python's usage for science and ML happens to be backed up by libraries written in C. Why? Because the majority of people using it for such purposes don't actually know how to program, so they write awful code that needs to be sped up by someone more knowledgeable.
    1
  7.  @williamdrum9899  Depends on what you meant. The usual example I see where people attempt to take the address of a float, cast it as a pointer to int and dereference it to acquire the bits actually does have code that will be generated. Since you have the floating point co-processor semantics on x86 chips it may (as in depending on the compiler's code generation) have to retrieve the number from the floating point stack. If on the other hand you mean interpreting some randomly constructed bit representation as a float so you can convert it to an int, then that too would require an instruction or two. Also, it should really be an unsigned char array for absolutely correct standard compliance and copied using memmove() or memcpy().
    1
  8. @Christopher Grant Pretty much all hashing algorithms have been written in C already. So why at this stage in the game would anyone write one from scratch at all when they can just use a library which has already been debugged for decades that's also written in C.
    1
  9. @Christopher Grant And can you point to an example of a new device utilizing a new algorithm, one that literally has not been implemented anywhere else, that is written in something other than either assembly or C?
    1
  10.  @diadetediotedio6918  Just to be clear, no. The thinking that using a different tool will make you safer when you have no clue what you're doing is what is destructive and is absolutely destroying the world. Participation trophies for the teams that didn't win is what has gotten us here, along with so many other things. If you're incapable of understanding a concept, you absolutely can not master that subject and have no business being in an industry where mastering that subject is key to success. Failure to understand that is why we have Rustaceans.
    1