Originally posted by willmore
View Post
Announcement
Collapse
No announcement yet.
Curl 8.4 Released For Addressing A Big Security Vulnerability
Collapse
X
-
Last edited by stormcrow; 11 October 2023, 02:32 PM.
- Likes 2
-
Big shocker that it wouldn't have happened by using a memory safe language. Looking at all of the clowns who continually hate on rust because they're too old or too bad at their job to learn new programming languages.
I wonder if they are the type to complain about a new hard hat comes out that reduces risk of injury due to falling objects by 10% with literally no consequences. "If you just don't get hit then you don't have to worry!!!!!!!!!!!!!"Last edited by AlanTuring69; 11 October 2023, 04:31 PM.
- Likes 4
Comment
-
Originally posted by ClosedSource View PostRust is an obvious solution to several issues. But it does have some handicaps. C's advantage is that it's essentially frozen in time. You'll rarely come across code that your C compiler is too old to compile. Then different versions of your C compiler will behave relatively similarly.
Languages like C++ and Rust are a moving target. It would be difficult for an LTS solution to find a compromise between keeping up with Rust releases to allow even backported Curl patches to compile while making sure all their stable (which might be old) software still compiles.
New language features that break compatibility are added via language editions. But a binary can contain object code built from multiple language editions.
- Likes 4
Comment
-
Originally posted by AlanTuring69 View PostBig shocker that it wouldn't have happened by using a memory safe language. Looking at all of the clowns who continually hate on rust because they're too old or too bad at their job to learn new programming languages.
I wonder if they are the type to complain about a new hard hat comes out that reduces risk of injury due to falling objects by 10% with literally no consequences. "If you just don't get hit then you don't have to worry!!!!!!!!!!!!!"
Yes, this wouldn't happen with Rust, Ada/SPARK, or any other memory safe language. And this is a reason why a transition to safer tooling is necessary for the industry. But it also wouldn't have happened if the programmer had done his job in the first place and actually reviewed the code. This is clearly pointed out in the CVS announcement. If this had been a programming logic error rust wouldn't have saved them.
- Likes 1
Comment
-
Originally posted by ClosedSource View PostC's advantage is that it's essentially frozen in time. You'll rarely come across code that your C compiler is too old to compile.
Then different versions of your C compiler will behave relatively similarly.
Languages like C++ and Rust are a moving target. It would be difficult for an LTS solution to find a compromise between keeping up with Rust releases to allow even backported Curl patches to compile while making sure all their stable (which might be old) software still compiles.
- Likes 4
Comment
-
Originally posted by ClosedSource View PostC's advantage is that it's essentially frozen in time. You'll rarely come across code that your C compiler is too old to compile. Then different versions of your C compiler will behave relatively similarly.
The C standard itself leaves a great deal up to implementation details. Historically, DEC C wasn't strictly compatible with Sun's C nor IBM C, while MS C will differ from LLVM & GCC. GCC and LLVM definitely implement different parts of the C standard as their code bases grow. Generally speaking, complex or idiomatic C written for GCC won't compile under Visual Studio without changes, and vice versa... and neither one are entirely compatible with Intel's C compiler either. Sure if you stick within the same compiler lineage you'll (possibly - and I mean possibly because things change - errata, deprecation, subtly altered behavior) be ok, but that same C code may not be portable to any other platform or build suite on the same platform nor different generations of the same hardware. Even when C compilers are feature complete with the same version of the standard C89, C11, etc. that doesn't mean they're strictly compatible in all ways with each other - implementation details and extensions will always be the fly in the ointment (and good luck writing performant complex code without -isms).Last edited by stormcrow; 11 October 2023, 08:34 PM.
- Likes 5
Comment
-
Originally posted by moltonel View Post
You wish. And let's not even talk about hardware where the only available compiler is an abandoned ten year old fork of gcc.
Emphasis on "relatively". Between UB, differences between arches, and regressions, you need some pretty solid testing to distribute to a new hardware/os/compiler. Ever wonder why Linux distributions take months to upgrade gcc ?
Rust/C/C++ are all equally careful about not breaking backward compatibility, So you can upgrade your compiler to suit programs using new language features, without worrying about old programs no longer compiling.
- Likes 2
Comment
-
Originally posted by moltonel View Post
He does name Rust as the obvious rewrite language. And mentions that a partial/gradual rewrite is already kinda-sort-of very slowly happening.
- Likes 2
Comment
-
-
Originally posted by ClosedSource View PostRust is an obvious solution to several issues. But it does have some handicaps. C's advantage is that it's essentially frozen in time. You'll rarely come across code that your C compiler is too old to compile.
Languages like C++ and Rust are a moving target.Last edited by oleid; 12 October 2023, 08:53 AM.
- Likes 2
Comment
Comment