this post was submitted on 26 Feb 2024
169 points (97.2% liked)
Programming
17492 readers
53 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m going to probably be downvoted to Hell, but I disagree wholly that it’s the language’s fault that people can exploit their programs. I’d say it’s experience by the programmer that is at fault, and that’s due to this bootcamp nature of learning programming.
I’d also blame businesses that emphasize quantity over quality, which then gets reflected in academia because schools are teaching to what they believe business wants in a programmer. So they’re just churning out lazy programmers who don’t know any better.
There needs to be an earnest revival of good programming as a whole; regardless of language, but also specifically to language. We also need to stop trying to churn out programmers in the shortest time possible. That’s doing no one any good.
That’s my two cents.
You are getting downvoted, because this is factually proven wrong by studies and internal analysis of several huge companies (e.g. google/android and microsoft). A huge number of exploitable bugs are preventable using memory safe languages, nowadays even without performance costs (Rust).
Apart from that your point is orthogonal to the point of the post. You can have better trained coders and have them use better, safer technologies.
We could also just train every driver more thoroughly including mental training and meditation to make sure they are more calm and focussed when driving and we maybe wouldn't need seatbelts anymore. But:
Gently, I would ask you to think about yourself in a future role where you have too little time, and are under too much pressure, and you haven't gotten enough sleep, and you're distracted on this particular day, and you happen to make a mistake, leave out a line, forget to fix a section of code you were experimenting with...
And even if you, a paragon of programming power and virtue, would never find yourself able to be hurt by your tools, you must surely know that mortals have to work with them as well, right?
Even the best programmers are going to make mistakes at times. Saying the solution is to just be perfect all the time is impossible.
Memory safety issues were a thing even before bootcamps and "bootcamp culture".
Even if you fix expertise, intention, and mindset - the entire workfield environment and it's people - mistakes still happen.
If you can categorically evade mistakes and security and safety issues, why would you not?
Considering that even the best programmers in the world can't write correct programs with C/C++, it's wrong to absolve those languages of the massive level of memory safety bugs in them. The aforementioned best programmers don't lack the knowledge needed to write correct programs. But programmers are just humans and they make or miss serious bugs that they never intended. Having the computing power to catch such bugs and then not using it is the real mistake here. In fact, I would go one step further and say that it isn't the language's fault either. Such computing power didn't exist when these languages were conceived. Now that it does, the fault lies entirely with the crowd that still insist that there's nothing wrong with these old languages and that these new languages are a fad.
Heartbleed, that famous cve written by a bootcamp grad
While I agree wholeheartedly with the idea that we need to emphasize quality over quantity, so long as software pays well there will be people who don’t care. In my university I’ve met a fair few people that complain about having to learn about compilers, assembly, and whatnot because “I’ll never need to know that in my actual job”. While to some extent in the United States you can blame the fact that classes just cost a ton, I think it’s a sad reality that, barring some key change in the way our whole education and economic systems work, there will be unimaginative apathetic people that will ruin things for the rest. Plus people are fallible or something I dunno. But yeah void pointers are my jam because I don’t have to wait precious clock cycles making new ones jk.
All programmers make mistakes that cause memory safety errors if the language doesn't protect them. This is a well documented fact, not an opinion.
Absolutely. The problem is, most programmers are mediocre. So sadly the protection of stupid people tends to take cultural precedence.
Please show me a single "good" programmer who is working with C/C++ and hasn't had a single memory bugs in a decade.
Check out Eskil Steenberg. He's mostly a game dev, but he has some really good talks.
And you know with 100% certainty he hasn't had a single memory bug in his last decade of developing?
He has written his own libraries and programs to ensure these things don't happen.
What you people need to understand is that these problems have been solved before Rust. They just weren't baked into the language. And so people made mistakes.
https://www.youtube.com/watch?v=pvkn9Xz-xks
I'm not saying Rust is not always the better choice. Of course not. I'm just oh-so-weary of this rewrite-the-world zealotry a lot of people have about it.
You mean grown-ups?
No, children.
People who are about memory safety are children? Bruh.
That is very much not what I said, bruh.