| ▲ | foobiekr 4 hours ago | |||||||
I am looking at the results of a mass vulnerability scan as I type this. Half of the bugs in one case are in fact (binary) parser errors for hand-written parsers. These really should not exist in any language - but in C it's particularly bad. Kaitai Struct or something similar would broadly have prevented these. Rust would help here, but less than a parser generator (because it could automate error checking insertion for things that aren't just out of bound access). However, half of the vulnerabilities are logic errors in terms of what I would call RBAC enforcement, incorrect access permissions, and so on. Rust won't help at all with any of these. | ||||||||
| ▲ | jiggawatts 4 hours ago | parent [-] | |||||||
I was just working on a system best thought of as a “dinosaur”: written almost entirely in C (and a bit of PERL) and running on an appliance with BSD as the kernel. It’s full of bugs and has had a string of RCE vulnerabilities published recently, probably because of Mythos. Working with it day to day I get this feeling that the tech stack used results in a system that’s… clumsy and constrained. Little things give me that impression, and I can’t quite put it in words, but it’s thirty years of experience working with dozens of languages and platforms speaking here. Using C makes you clumsy. It makes you trip over things other languages don’t. It makes it obscenely difficult to do even simple things. It’s like trying to put a delicate ship into a bottle while wearing oven mitts. Switching to a better language isn’t just about the specific capabilities of its compiler, it’s also about what it enables in the humans using it. | ||||||||
| ||||||||