Announcement

**ssokolow** · 30 September 2022, 10:13 AM

Originally posted by Weasel View Post

Sounds like a skill issue. Having proper design and API documentation/contracts must be difficult, I guess. (and yes I'm talking about internal APIs to the project, not exposed to others)

OK, it's a skill issue. That means the world's supply of sufficiently skilled programmers can't meet demand, even with Microsoft and Google and the like trying very hard to hire them.

I'm reminded of this quote:

Honestly, after more than 25 years of C (and C++), I’ve become very frustrated with the average C code I seen in the wild. OpenSSL is fairly typical, in a lot of ways. So much C code has buffer overflows, numeric overflows, memory leaks, double frees, undefined behavior, and an an endless number of bugs. There are exceptions—djb’s code is quite good, dovecot seems reasonable, OpenBSD audits aggressively—but when I dive into most C code, I expect problems… I’m tired. I don’t want to rely on programmers practicing constant, flawless vigilance.

-- emk @ https://www.reddit.com/r/rust/commen...not_a/ds0u68p/

Originally posted by Weasel View Post

But protected mode doesn't protect an own process from itself, and that's fine. It's quite literally using the "design" I advocate for. So idk what your point is, it proves mine.

Which is where Rust comes in. It does protect a process from itself as long as you assign use of unsafe to the programmers who know how to use it correctly, design APIs such that no set of inputs causes your unsafe code to violate memory safety, and slap a #[forbid(unsafe_code)] onto the modules that less skilled programmers are allowed to touch.

Announcement

OpenJDK Java's Native Wayland Support Progressing

Comment