"We've been working on safety for 50 years and RUST is still in diapers" The developers of RUST WERE C/C++ developers and they took all that knowledge (that you imply is exclusive to C/C++ developers), learned from C's mistakes, and built a better language. RUST didn't start from scratch on safety, it started from where C/C++ are at and then went further.

15:33 does rust have anything in the charter? Response: "[rust should be ] secure by design" > gets ignored

29:49 they got put on trial for illegal vendor lock-in in the trains right? Software that geofences who can do maintenance. That is not a math error.

This talk is less about memory safety and more about hurdles with regards to Rust adoption in specific high-assurance industries.

50:50 Good type systems do eliminate a lot of input validation issues. Ada allows you to define numeric types with custom ranges that can be checked in compile time.

nice that they have invited programmers_are_human_too to this event

27:22 arm and x86 has to be 90% marketshare. Sure, if you have to you have to, but then the discussion becomes do we invest in creating our own certified rust toolchain for the hardware we want VS do we change our hardware VS use C. These pricetags might be comparable.

"We have been working on these problems for 50 years, we have accomplished a lot and Rust is here in diapers..." ...oh please. Just *what* have you accomplished in 50 years ? There aren't even basic spatial memory safety features like bounds checking as easily usable / default. Look, I like C, I really do, I write C everyday, but this has to be one of the most arrogant and least humble talks I've ever seen 🤯...edit. Anyway, it's nice that even C and C++ folks are starting to *really* take these things seriously now that finally a credible threat (Rust) has arrived (Turbo Pascal had modules in the 80's, Free Pascal has had bounds checking / overflow checking for a looonnggg time etc etc) 😂...edit. spatial.

One item left out from the memory safety list is (arguably) data races.

I think the point the speaker is missing is that c has been around since before I was a kid, but no amount of tooling or programmer skill has reduced the critical bug rate. The only way to get secure C is for the code to be old enough that the security issues have manifested. He keeps pointing to solutions that either are shown to not be effective by or decades of experience, or which rely upon things that may happen some time in the future. I am not saying Rust is the solution to all and everything. But at least it genuinely does areas memory safety, and through lifetimes, let's you express complex correctness contracts in ways the compiler will check. And yes, Rust likely would have prevented croudstrike, because if the system was written in Rust, the type system would have caught it ideally at compile time but definitely at test. You can't just cast things in Rust. You couldn't have had something expecting 21 args and give it 20 without a type of an index error.

47:00 "[basically] all [vulnerabilities are] input validation failure". Then input validation takes on the scope of the entire program, and now we just made input validation basically the idea of the formal contract. A results in B and only B. Then C is bad at resulting in contracts as the programmer intended them if they had known the full scope and consequence of the program.

Most of the time the problem is not C itself, it is libc and the broken parts of diverse handling APIs that maybe where a good fit in the 70s and 80s, but are now becoming a fever-dream. For instance strstr() and strtok() returning pointers. Some std-lib implementations nowadays have easier and less error-prone APIs, for instance in returning indexes instead of pointers everywhere limiting the use of pointers. Some parts even silently just add a 0-terminator when given a "string literal". This can get messy, and nowadays caching is your friend and APIs should not destroy it with unneccesary pointer mumbo-jumbo. Somebody from the CCC ("Chaos Computer Club"), the biggest whitehat hacker-club in Europe, funnily even stated: "What were they smoking?".

Having learned programming using assembler and ALGOL back in the late 1970's/early 1980s, having used compiled languages like Coral, Ada, Lucol, PL/M for safety critical (avionic), military and secure systems, having used C for a year in the PC application world, I was pretty shocked to find people starting to adopt C for embedded and safety critical systems. I could not understand how anyone could even think of deciding to use such an ill-defined language for what should be deterministic systems. So much undefined behaviour, implementation defined behaviour, etc. Hardly a language at all. Now that we have more rigorously defined languages with a priority of correctness built into their design I feel it is pretty much professional negligence to select C or C++ for new safety critical code today.

He makes great points, not sure why he's getting so much flack.

This is disappointing to the point where I'd like to unsee it and get my time back.

"Rust won't fix developer discipline." Wow, just wow. Rust never intended to fix developer discipline. The key point is you CAN'T fix developer discipline in the aggregate. This is where the C++ zealots missed the memo. In C++ you must be diligent, add in SANs to the workflow, patch in tools, manually manage your dependencies for building, etc. It requires a high level of discipline. Rust uses cargo to manage dependencies. Far less discipline necessary. No need to patch in SANs since the language and compiler already satisfy that niche out of the box. Far less discipline necessary again. C++ makes you focus on areas related to the language rather than your problem domain. Rust allows you to focus almost exclusively on your problem domain. If it compiles in C++, you've still got a long way to go. If it compiles in Rust, you're already 90% of the way there. Nothing can stop arithmetic or business logic errors, but those should be the only errors devs have to manage on their own. Use after free, race conditions for multiple threads, forgetting ownership on a struct member, etc. should be forbidden by the compiler, not "developer discipline". Developer discipline is how we got into this "security issues due to memory corruption mess" in the first place.

modern C++ will still be no.1 and its keeps improving. Billions lines of code are waiting to be refactored. Looking forward for the static analysis and profiles to further emphasize resource safety 🎉.

I'd take a borrow checker over a charter any day of the week. I also think someone on the C standards board shouldn't be relying on the audience to tell them 12 year old news about memory safe programming. I don't think the wolves are circling as closely around C as they are around C++, but in the race to provide these necessary safety features the standardization communities are napping at the start line. This talk focuses a lot on what automotive industry wants. Except, I don't much care about what they want. They suck. When I last worked with them they did the standard old-style practice of releasing huge numbers of changes very infrequently. It was a compelling narrative back in the day: slow and steady wins the race and all that. But it's also empirically wrong. It's not safe to bundle up a year of changes to eg both the foot-break and hand-break and ship them together. We have know this for a decade (DORA). And we know that having a 3 year big-bang change to Rust would be dumb, but the dumb part about that plan isn't the "Rust" part. I find that industry terrifying and we shouldn't let them dictate what the future looks like. It's also strange to assume that Rust programmer are new people with no experience of what we've been doing in industry for many years. If you can learn C or C++, you can learn Rust. Language syntax isn't the hard bit of programming, Rust is based on the lessons learnt through our experience in C++ and you won't suddenly develop amnesia and forget what you've learnt about writing safe(-ish) code up to this point. Programmers are apparently too dumb to learn a new language, but smart enough to be up-to-date with all the latest opt-in-only static check flags.

31:02 His comments around Java are outdated. People aren't using RMI / serialization nowadays, JSON is the norm. And anyone still needing to use object deserialization will have implemented whitelisting, which prevents the attack he describes.

If you know modern C++ then Rust isn’t too hard to understand. Hire competent programmers and they will learn whatever they need to learn.

What a disapointing talk. Even lying outright that rust would not prevent crowdstrike outage when in fact it would have prevented the outage.

Much of this talk is a strawman. No one is saying C and C++ should be "ejected from Earth", or whatever. Even staunch Rust advocates have no problem saying that C and C++ will be around for a very long time.

People underestimate how much critical and mature memory safe c and c++ code exists , just this one company I Know has millions of lines of code people use daily, it took decades to be composed, and it will take even more time in rust because it's slower to develop /write /compile, for no benefit

38:39 exactly - but the crufty ass systems do not - and you don't wait to build the solutions of tomorrow, tomorrow.

Tbh, 16:39 it'd be more compelling if it didn't come across so desperately defensive of C in the shadow of a looming crab butt. Thumbs up anyway for the topic and perspective, just not all that convincing imho.

Imagine being confident enough to give an hour long (bad-faith) talk principally revolving around a language / ecosystem you evidently don't know about. Smh

44:40 Well, software is a lot like cities. Some parts are really old, some are brand new. Some parts are really nice and some places should really be avoided. It is not strange at all. Change doesn’t affect everything at once and some things never changes :).

TLDW: C => Is very old; Rust => It's not so old.

Off to a bad start. Guilt-by-association:ing interest in memory safe languages with five eyes is *highly* disingenuous.

I would imagine the former CEO's of SEARS, Circuit City & Radio Shack would really enjoy this talk.

So the man that works at a place called Woven gives a talk that would make Ned Ludd proud. Who says the Universe doesn't have a sense of humor?

I know this was a more informal talk, but it might help if you listed your bona fides before tearing into the topic. The timeline slide, showing how long C/C++ has been used in safety critical applications compared to Rust (along with all the tooling/standards) was spectacular. That really drove the point home. Really great talk.

Rust doesnt fix any of the problems it asserts that all other languages suffer from All it does is restrict what the programmer can tell the computer to do .... and then claim that all of these restricted things must be "unsafe" ... and only Rust knows the proper way with how to deal with them It's like telling everyone that there is an invisible fire breathing dragon that lives in those hills over there, and once convinced ... sells a special amulet of dragon protection to all the villagers. Even the Town Mayor has bought into the BS story about the invisible dragon, and mandated that everyone should buy the amulet. A large number of the dimwitted have bought into the scam, and for the last few years they have been hurling abuse at anyone that questions their invisible dragon narrative

27:07 Zig... Binaries... Containers... How is it an argument?