government everywhere is the same i think they just do it to extract the money even my government does the same lol

Works out if you've got people who like to work for free :)

Lol the people do the work for free and they pocket 17 million. Good job!

It sounds like the Czech Republic learned from Google and their Summer of Code program (and hackathons). And, of course, Google is not the only company sponsoring hackathons. That said, imagine if we trained doctors by having them hack for free on people before they were licensed. Ignoring the disturbing connotations of unqualified surgeons, I'll point out that some of the software hackathon participants are among the best programmers I've seen, particularly in the hackathons where professional programmers participate because they are short and over a weekend.

@@ascensionacademy3418 "they" being tax payers... Somehow that's a bad thing?

It makes it so that there are far less ways for a bad programmer to cause problems, and eliminates all the serious problems

The folly of JavaScript some might say is that it stopped gatekeeping coding from from bad programmers

It can save you from 70% of security bugs which are due purely to memory safety issues.

@@Jason9637 Hahahahahahahhhahaha ahahahahaha. Thanks I needed that good laugh

​@@tdk99-i8nAs a bad programmer, I concur. But man, JS allows you to get away with such insane amounts of stuff that wouldn't fly in any other language that I kinda have a soft spot for it.

That's interesting, because one of the things that's been keeping me back from really diving into coding at all, is that constant need to create updates. I mean, if the update is truly needed, then so be it, but otherwise that 'finished' aspect sounds nice.

I think some zealots are required to push forward new standards.

@@LoneHawk You are correct, but this particular take is very close to the truth: When your end goal is strictly defined, it is possible for a software package to reach a stage where it is done and needs no maintenance. Rust makes this easier than most other languages because it guarantees you that you haven't made any memory related bugs or exploits. Of course you can still have bugs in the behavior of your solution, or requirements might change, or Rust might eventually reach a point where they need to make a breaking change. This also applies to other languages, you'll just have a higher barrier to reach "done" and dependencies are often more volatile due to the chicken and egg problem (if it's harder to reach "done" then your dependencies are more likely to go through breaking changes which means your package will also need updates to leverage the improvements in your dependencies)

You will never get javascript developers to accept this. "This library is dead, it hasn't been updating in years" "But its a test-passing implementation for a spec that hasnt been updated in a decade" "No, it needs constant updates!"

he is wrong. I really hate that guy. he's the reason I ended up getting into rust eventually, when I found his videos I dived in. He lied about everything

And 500billion dollars later, the effort has lead to more bugs than before and/or it is abandoned.

@@niclash Still Better than the military

@@Mempler Yeah, I forgot that the military needs an additional trillion dollars or two to do the same for all mil software.

@@Mempler DARPA is pretty military adjacent.

Army uses LISP I think

I wish ElasticSearch was not written in Java

Or goddamn jenkins @@JoseHenrique-xg1lp

@@JoseHenrique-xg1lpOk, why? Its not like it has the same memory security concerns as c or c++ as it is a gc language. Are you worries about null pointers or something? Or is the speed just too slow for you?

*Will Roper - Mark Rober is the popsci KZbinr. Thanks, will check it out!

@@nibblrrr7124 good catch

Fed contracts at my company are still usually fixed scope but state and local municipalities love having us use continuous delivery to get critical functions rock solid.

I do think for non safety critical code a more iterative approach would be advantageous. One of the major problems with this style of writing software is that it is very hard to adapt it to changing requirements. What happens is that fed up users develop hacks and kludges to half implement new features because it's too expensive to update the code. They may even end up using the software for things it wasn't intended for just because it's too expensive and burdensome to do things properly. This goes on until everything becomes such a tangled mess the government is finally persuaded to fund an upgrade.

Fascinating. Is there a word for this kind of thing, or more examples? I.e. guessing/reinterpreting why something was given a certain proper name, and which symbolism or metaphor the author intended to evoke. It's a special case of folk/false etymology, closely related to backronym, and maybe in the same ballpark as retronym and dead metaphor.

​@@nibblrrr7124 sort of like Python being named for Monty Python, yet using snakes for the logo.

​@@nibblrrr7124there actually is one in linguistics, i cant think of it right now though i will do some googling

habits are hard to die, people for a long time used the old methods and most resources are for the old methods therefore people will keep using these same old bad habits.

@@maxrinehart4177 and I’ll steal their job because of their skill issues

The issue is not that there's no way to write memory safe programs, its that you CAN write memory unsafe code. Using Rust makes sure nobody has to manually go through and verify everyone's code to make sure it's ok, because the compiler does that automatically.

​@@P-39_AiracobraNobody is "manually going through and verifying" code. Safety has been a solved issue in C/C++ for a long time. All of this is automated. We don't worry about this at all, which is why we didn't adopt Rust over the past decades, you know. Our problems are maintainability and interoperability. Rust is pretty much the last thing C/C++ engineers want. This detached-from-reality online-hype culture is really messing with people.

@@P-39_Airacobra > Using Rust makes sure nobody has to manually go through and verify everyone's code to make sure it's ok, because the compiler does that automatically. This is a fallacy. Rust prevents some memory safety concerns but it does not prevent unsanitized input, memory leaks or unchecked uninitialized memory. On top of that, if you need something to be more performant and effcient, chances are that you have to resort to unsafe code in some cases - this does not mean unchecked code, but it does mean that it's allowed to work with the raw pointers and the compiler can only help you in very specific cases. Write any type of cyclic data structure in Rust, and you'll likely come to the conclusion that it's not that easy without some unsafe code, or end up with less than much less efficient solution due to the compiler adding additional runtime checks. What Rust does help with is manage unsafe code in blocks, rather than globally. But it does not prevent it.

You're just built different. I can go way faster in Go for web services. I can write Rust... just not good Rust.

@@OldKing11100 Its difficulty is always overstated. The trick is having learned patterns and not unnecessarily complicating your solution.

Yeah I don't buy it either. The only thing that is slow is a full build. But the programming workflow in rust is more compiler driven than "compile and then run it" driven. So if you are doing rust "right", you are spending a lot of your time doing incremental compiles and modeling your data in a way that if it compiles it probably works first try. You fix most of your issues by fighting with the compiler on an incremental build until it doesn't give you errors (errors that would have happened at runtime in another language). And that loop is fast. You still run tests, but it isn't the 90% of your time that a traditional test heavy workflow is in another language.

@@OldKing11100a lot of it is just getting used to it and getting your flow down I used to be faster in python but I can now do better rust code in the same time as python. In the end it takes time to get to the speed of a lang you’ve been using for awhile

i feel the same way as well. i think initially it can be slower but once you get comfortable it's fairly fast. i'm faster with go but i prefer writing rust code.

Rust cult infiltrated the government, RuSt iS SaFe LaNguaGe.

Stop thinking and drink the cool aid

It's pretty easy to translate C to Rust Code, people like you didn't even tried it once but have strong opinions xD Makes no sense. Because of Rusts abstractions it's even less Code in the end

@@ITSecNEO Yeah no lol. In C we make our own data structures and string types. Even just determining wether to rewrite those to the Rust builtins or keep the bespoke implementation is an incredibly complex decision. Then you have pointer-heavy code, gotos, longjumps, custom allocators, platform-specific data types, opaque structs, inline assembly... And then in rust you need to reachitect the entire application to make use of traits, pattern matching, operator overloading, slices, modules etc, all while appeasing the borrow checker. It's not happening.

@@pokefreak2112 You can already transpile C to (unsafe) Rust - all you have to do then is to go through all that generated code and convert it to idiomatic and safe Rust. It's a lot of work, yes but also very doable and many have done so actually. It's one of the standard Rust challenges to convert some legacy C-lib to Rust ;) Also not all code will be difficult, that really depends.

That's literally why Ada was created.

They will use an LLM… what could go wrong

Or Good Old-Fashioned AI that actually proves equivalence according to specified criteria, using search and formal logic. LLMs might actually be a great way to provide better heuristics (i.e. possible solutions to try out), but I hope it doesn't mostly rely on it end-to-end. Automated theorem proving & co aren't as sexy, so maybe they wanted to benefit from the ML hype?

It might work if they parse the C to an abstract syntax tree, use LLM to convert to a Rust abstract syntax tree, then render to Rust source. The C preprocessor will give them grief. I wrote a 6000 subroutine C program that converted a domain specific language to another DSL and preserved the conditional compilation from the preprocessor. I was lucky that both had a preprocessor. Rust does not.

I think they put it for the buzz effect

@@JeffBartlett-kj6sq rust does have a preprocessor, its macro system, and it sits somewhere between a traditional c style tokenizer and template expansion build tools found in c++, but it also extends beyond that in its expressiveness. a famous example is a macro from a library that takes in an SQL query, tests it for correctness, and then produces rust code to express that query, all within rust's build tools.

Don’t judge LLM’s based on prior experience if it’s not recent, I find gpt4o to actually write very decent code. Especially if I get it to debug itself. Literally 10x faster than I can actually even type it myself

Some projects were started before async

Meh, add enough crates in and create enough or your own macros and structure and it just gets slower and slower.

You should still do fully raw builds for production code

Sync is better in some ways if you're not really going to be I/O bound, and because of the way async code is internally represented it tends to make compile times absolutely explode on large projects if you're not careful to set up some boundaries to prevent the type explosion

@@Vin50000 That is the default behavior in Cargo

@@_stix That's not a real solution. If you think like this developers will do the bare minimum to comply with whatever quality standard they're being held to and won't put in any effort beyond that. If you want actually good software you should create an environment where developers feel intrinsically motivated to do a good job, fast compile times are a part of that.

@@pokefreak2112 Keep in mind that unless you have a truly massive codebase, most of the compile time will be spent on your dependencies. Because Rust uses incremental compilation, you only have to compile those dependencies once, so the effect on iteration speed isn't as high as it seems.

You clocking out for compile times or passing that cost onto your customer? If the latter, I bet the customer cares.

⁠@@pokefreak2112I never have been in an environment where I am intrinsically motivated to do a good job. I still exceed expectations even when I have to fight the behemoth so I am allowed to do the right thing. Maybe that’s because I am a professional and take pride in my skills and craft. I don’t know what you are smoking.

@@kiseitai2 Pride is an intrinsic motivator.

I believe it was phased out because it was an incredible pain to code in it. I remember it took 45 minutes to compile a 300 line programs. Granted it was when the student were all compiling simultaneously. It's still longer than C. Once Borland came up with TurboC, everything else faded into obscurity.

It always baffles me how completely oblivious the figure heads at the top can be. Of course, change is hard and costly, and in the beginning it always looks like things are not improving. But long term, the cost of not changing is always higher. It's like if a heavy smoker started going jogging, and then after like 3 days, decided that his lungs are in poor shape because of the exercise.

Sounds like a training issue

I don't know how they're planning to do it, but personally I would use LLMs to recognize idioms in C code, and figure out which Rust idioms to translate it into. But then use a hand-written translator (that you know will produce equivalent code) to actually convert the C to Rust, using the "strategy" laid out by the LLM. That way, if the LLM fails, you'll just get "weird" code that uses very different idioms than a human programmer would, but that still compiles and still produces the same result as the original C code.

Go or (procedural-style) Java/C# would at least be more straightforward to translate, if your main concern is memory safety. Though, given my near-zero experience with production C code, maybe I'm underestimating how often it involves actually clever pointer pro gamer moves, instead of just implementing string processing and trees etc. the hard way. Embedded probably more often, and there the performance hit of these VM languages would be a concern. In either case, there you'd also have trouble translating those into Rust.

Those kinds of tools already exist for C anyway, both static and dynamic analysis. The paper makes the disingenuous argument that such tools aren't enough even though they're already better than what the Rust compiler provides and more feature complete.

No where does it state that they are "better".

@@jakelexington7610 Was that supposed to be directed at me, because I see no one else even using the word better. If it was, then you may need to reread what I wrote to come to actually understand it.

@@nibblrrr7124 I have a lot of experience with production C code, and it tends to do lots of things like casting pointers to integers and back, or using unions (sometimes just to optimize storage, but sometimes for type punning purposes). And all sorts of other stuff. Even well-written code would be difficult to translate, and the majority of "production" C code I've seen (especially if it's been around a while) is quite horrifying. There's also the fact that Go, Java, and C# use a garbage collector. C uses manual memory management, which is inherently unsafe (e. g. use-after-free bugs). Rust makes manual memory management safe, but to do so it requires coding in a certain way, and adding a lot of annotations to code (i. e. "borrowing" versus ownership).

Define “already works.” They’ve clearly identified the millions of lines of legacy code as a national defense liability. Do you want our power grid, communication systems, weapon systems, etc. running millions of lines of code riddled with exploitable memory bugs? The number of domestic and foreign cyber attacks will only increase going forward, and I would prefer our critical infrastructure to not be so vulnerable, thanks. Read up on DARPA. They have pulled off some of the greatest technological innovations in history. I’m very glad that people much smarter than you and me are trying to tackle these issues, just let them cook.

Yeah, that’s the part that worries me but attempting to refactor as much of the C stack as possible is not a bad idea. I just don’t agree with using llms. They obviously do not understand machine learning.

@@kiseitai2 "attempting to refactor as much of the C stack as possible is not a bad idea" as I said, if a billion lines of legacy code already works, why would you even think about changing it. there's nothing wrong with c. why waste the taxpayers money funding something useless that doesn't even need to exist when there's so much inflation going on for example

Well, it's DARPA. If it isn't filled to the brim with scientists given all the moneys and told to channel their wildest ideas into something plausibly useful for the Pentagon, then what in the world are they actually doing? And I will also remind you that they have a bunch of AI powered projects in the works from Wikipedia, let alone stuff that's classified.

Are they going to prove that the translator works?

IDK about Spanish, but as to Hindi: Maya OS.

Atleast hindi is phonetic so you don't have different pronunciation for similar spellings

🎯

Big companies such as Microsoft don't have enough top 10% programmers, so Rust is a great choice for them.

@@anotherelvis we need to stop this myth that “it’s ok for top 10% developers (whatever that means) to use unsafe tools.” No amount of skill or experience prevents people from writing memory bugs in these languages. Tell me you’re inexperienced without telling me you’re inexperienced.

It's atleast better than nothing tho, a lot of bugs go away just from using rust, but yes they do still exist. But it's better if you have less bugs than more bugs xD Not saying rust is the holy grail, async rust sucks ass. That's a reason why Prime moved on

I had a recruiter last year with the DOD ask if I could get a top level security clearance to do something rust related. I wonder now if this is what they were preparing for.

usajobs.gov, sam.gov if you are the contracting company

@@grantgreer6525 which one?

Not predominately, but it is on occasion used for web development. There are transpilers that convert to JS as well as compilers to wasm.

@@anon_y_mousse I understand what you’re saying but that’s not what we’re talking about here. Show me 1 Web Development job post that lists C as a required skill.

@@grail9558 There aren't many, but they do exist. Although, most, but not all, jobs that require C and revolve around the web space are generally about maintaining old code, generally stuff that only runs on the server or is itself the server software.

so why not set rules for which, how, why and when things should be done? and there you go, rust is already obsolete in the hands of anyone who already has had such rules in place. fads like unsafe languages masquerading as safe ones get tiring -- and safety, mind you, is everything relating to the final product, not just whether you can do something "dangerous" in a language or not. hope the us gov't has fun with the code monkeys that can't even program strcpy() themselves.

LLMs is only one suggested option. I don't get why the comments are full of people thinking its just an LLM.

@@thegoldenatlas753 because other methods for cross-compilation and translation are well tested and mathematically provable. That provability is critical when the entire reason for this exercise is security.

At least in DoD, few 'important' systems can in fact be iterated, unless one considers deployments every 2-4 years (if you're lucky) 'iteration'. The closer you get to the pointy end of the spear, the longer the software deployment cycles, IME--except in a few restricted cases. It wasn't unusual to miss a deployment cycle because the platform wasn't available because it was redeployed to go blow something up or fill a gap due to some other mechanical failure. Furthermore the more extensive the changes, the more likely it is your accreditors will insist you go through much more extensive testing cycles, taking more time and increasing the risk in the schedule. Back in the day it was pretty amusing explaining to BigTek leetcrowds that iterative testing on missile software wasn't a good idea... they started out pretty officious and condescending towards us gubmint project managers and developers, and when it was pointed out that their 'majik bullits' weren't going to Solve World Peace they were kind of resentful. It's not like you can just push the "Reload" button over and over on the "Declare War!" web page... That being said for the stuff I was doing we'd demonstrated C2C24 (compile to combat in 24 hours) (circa 2019) on the sekret squirel system we were doing exercise demos for. Deployment these days (well, 'those' days) is rarely a technological problem, strictly speaking--it's thoroughness of testing & functional confidence and keeping various accreditation weenies happy. Good Times.

Rust unsafe is not that crazy. It just add 5 possibility: - Dereference a raw pointer - Call an unsafe function or method - Access or modify a mutable static variable - Implement an unsafe trait - Access fields of a union When you use unsafe its on very defined part of the code, most of the time it one line. Project that allow unsafe code, require the code to be commented, with proof that its a still safe to do it that way. And that remove 0 mechanism that make Rust great. Also most people will never use unsafe code by themself.

I think it's not so much about Rust being safe, but rather Rust having the potential to work well with ML/LLMs. Nobody would touch those low-priority legacy C codebases otherwise. Too expensive. In this case it also won't matter how unreadable Rust code or generated Rust code is.

@@dryk-sdjberg surely LLMs are safe

@@koteelok2014 Let's give up and stop securing our IT systems. It is too difficult.

People always misunderstand unsafe word in rust bruh

Oh, agreed that websites shouldn't be written in Rust. There are plenty of high-level garbage-collected languages that are better suited for that. But there is a lot of low-level code written in C that could probably benefit from being ported to Rust, however it is done. I could be wrong, but personally I think the failure of Ada is that it never achieved much traction outside of government contracting, and related fields. Rust is already quite successful, so I think it makes a lot of sense for the government to use a language that others are already using, rather than inventing their own as they did with Ada.

Python has parts of it being rewritten in rust actually.

I guess null pointer exceptions causing crashes is less of a condidentiality/integrity risk than e.g. buffer overflows causing memory dumps or remote code execution? Obviously just as bad for the "availability" part of the infosec trinity, and the integrity of systems if not necessarily data.

Memory safety accounted for 70% of all major vulnerabilities.

guy actually just said "hi, i glow"

@@freedomgoddess glow red white and blue

@Fedsmoker come deal with this man

@@Thegamecheats RIP kzbin.info/www/bejne/mKmXhY13opyiY6csi=xluqjVUCUnOyIwJT

Can you please let us know when the legacy COBOL stuff the nice tax people use will be migrated. Again.

Please Google what DARPA is before commenting

@@williamkaiser6075thanks for this comment, I didn’t knew

Those tools have existed for decades yet issues still arise, why not move to a language that is safe by default where these kinds of issues can't even occur?

shadow stack support is new in Linux (6.6-6.10 and higher kernel i think), and fairly new at hardware level, no one enables them because its fairly new, there is soo much c code why not start by making c safer with no to little modifications, vs rewriting everything, which is practically impossible?

@@rcoder01 Because the issues you feel like you are talking about don't occur as often as you think and if they do they are caught long before making it to production. Safety is a solved problem. So is performance. We worry about maintainability and interoperability. Which is why we never adopted Rust and likely never will. Rust is pretty much the exact opposite of what we need ; )

Why not start there? The point is that they don't want to spend money on human resources rewriting low-priority legacy code. Rust + ML is perfect for this use-case. Honestly, I think Rust may have finally found it's niche.

no need to rewrite, compile c with safety features on, increase safety of running c apps without changing code

I mean, I don't think C++ compilation speeds are much better then Rust's, would love to see a good comparison. As for the C/C++ being good enough, well, it already exists and seems to be insufficient, and if real world analysis shows that Rust will be better then it's a good move.

@@basilefff No, it's just that people compile hundreds and thousands of translation units and that is really slow. One translation unit loads much faster. I use a 3-file header, on for a header with no code, one for header with code, and another for inline header implementation. I'm not sure how much this helps my compilation speed compared to single translation unit with inline header impl, but at one point in time it was faster..

@@CaleMcCollough I mean, sounds insane and nightmarish to maintain, but if the benefit is there, nice

@@basilefff C++ Has never been known for being nightmarish to maintain. C++ is harder to WRITE, but well defined systems are easier to maintain than loosely defined ones.

@@CaleMcCollough I disagree, I personally find making changes to SFINAE code dreadful. But I wasn't talking about C++ in general, I was talking about your system of 3 headers + (presumably) source files. It sounds like A LOT to maintain

Try Go. Similar feel, government approved. 😊

Same, have you ever noticed all the fad languages evolved to look like c over time?

@@RustIsWinning what a looser, or better, what an impostor!

@@RustIsWinning lol i,m not even 30 and still this rust revolution isn't happenjng. good luck converting linked lists.. internet is built on those 😁

@@RustIsWinning they have it cause your rust is glued to C. i know what are cve and everyone with a beain can avoid creating vurnerabilities. it is the prigrammer's responsibility to not screw up. now go back scripting, i have some programming to do.

@@RustIsWinning lmaoooo, no arguments, claim your opponent is a clown and slip aside like the worm you are. also i cry with my paycheck as an embedded engineer.

Wrong

@@jakelexington7610 disagree

Damn.

Because it's harder to find Ada programmers. Also, I'm not sure how well Ada can do meta-programming and generic code.

"1983 - In honor of Ada Lovelace's ability to create programs that never ran, Jean Ichbiah and the US Department of Defense create the Ada programming language. In spite of the lack of evidence that any significant Ada program is ever completed historians believe Ada to be a successful public works project that keeps several thousand roving defense contractors out of gangs."

Write a piece of code, compile, test, debug, write more, repeat.

@@anon_y_mousse I see, but I would describe that with different word

@@XCanG What word would you use?

Pri kio vi parolas?

@@neniugrava as a duvine being of some type maybe, but idk if i understanf you fully. It's all based on the Trinity and fractals you can store in computer chips

🎉😂❤​@@neniugrava

Excalidraw

If you don't know what hot reloading is or why Rust is utterly incapable of the same in terms of iteration speed, then go look it up. Web servers on the other hand can be kept up once they're running and iteration is as simple as :w on the file you're editing then alt+tab to the browser window.