I saw this article today:
https://shorturl.at/KMZ07
I saw this article today:
https://shorturl.at/KMZ07
Full URL: https://www.infoworld.com/article/3713203/white-house-urges-developers-to- dump- c-and-c.html
I saw this article today:
https://shorturl.at/KMZ07
But BASIC and Assembly are just fine. :-)
I saw this article today:
https://shorturl.at/KMZ07
Is the WH a good source for programming advice? :|
Re: US White House urges devs to dump C and C++
By: Ogg to Nightfox on Wed Feb 28 2024 07:06 pm
I saw this article today:
https://shorturl.at/KMZ07
Is the WH a good source for programming advice? :|
I was thinking that as well.. I wonder if they talked to anyone before suggesting developers drop C and C++.
https://www.infoworld.com/article/3713203/white-house-urges-developers
-to-
dump- c-and-c.html
Is the WH a good source for programming advice? :|
I saw this article today:
https://shorturl.at/KMZ07
But BASIC and Assembly are just fine. :-)
I don't doubt it. Managed languages have been big in security and enterprise app development, anywhere performance or hardware-access isn't the paramount priority, for a long time now. It's not to say that you can't have vulnerabilites in managed software (they happen all the time), they're just a different class of vulnerabilities that are generally easier to find and defend against or fix than the memory issues that plague C and C++ code bases.
It's honestly not bad advice for most projects (e.g. I don't think Apple accepts apps written in C or C++ in its app store). But keep in mind, Rust supports writing memory-unsafe code too. It's default mode is memory-safe, but it's still subvertable. So Rust might not be the cure-all they think it is.
Re: US White House urges devs to dump C and C++
By: Nightfox to Ogg on Wed Feb 28 2024 08:31 pm
Re: US White House urges devs to dump C and C++
By: Ogg to Nightfox on Wed Feb 28 2024 07:06 pm
I saw this article today:
https://shorturl.at/KMZ07
Is the WH a good source for programming advice? :|
I was thinking that as well.. I wonder if they talked to anyone before suggesting developers drop C and C++.
I don't doubt it.
Managed languages have been big in security and
enterprise app development, anywhere performance or hardware-access
isn't the paramount priority, for a long time now. It's not to say that you can't have vulnerabilites in managed software (they happen all the time), they're just a different class of vulnerabilities that are generally easier to find and defend against or fix than the memory
issues that plague C and C++ code bases.
It's honestly not bad advice for most projects (e.g. I don't think Apple accepts apps written in C or C++ in its app store). But keep in mind,
Rust supports writing memory-unsafe code too. It's default mode is memory-safe, but it's still subvertable. So Rust might not be the
cure-all they think it is. --
Re: US White House urges devs to dump C and C++
By: Digital Man to Nightfox on Wed Feb 28 2024 09:50 pm
I don't doubt it. Managed languages have been big in security and enterprise app development, anywhere performance or hardware-access i the paramount priority, for a long time now. It's not to say that you can't have vulnerabilites in managed software (they happen all the ti they're just a different class of vulnerabilities that are generally easier to find and defend against or fix than the memory issues that plague C and C++ code bases.
It's honestly not bad advice for most projects (e.g. I don't think Ap accepts apps written in C or C++ in its app store). But keep in mind, supports writing memory-unsafe code too. It's default mode is memory- but it's still subvertable. So Rust might not be the cure-all they th it is.
I've sometimes thought it shouldn't be much of an issue if you're always careful about how you write code.
There's that adage "the poor craftsman
blames his tools"..
One thing I like about C and C++ is they don't do
much to limit you, but I suppose that can be a blessing and a curse.
And human error is always a factor, so I suppose it's good when the programming language can help you avoid introducing bugs and vulnerabilities.
I saw this article today:
https://shorturl.at/KMZ07
But BASIC and Assembly are just fine. :-)
And, of course, COBOL!
I've sometimes thought it shouldn't be much of an issue if you're always careful about how you write code. There's that adage "the poor craftsman blames his tools".. One thing I like about C and C++ is they don't do much to limit you, but I suppose that can be a blessing and a curse. And human error is always a factor, so I suppose it's good when the programming language can help you avoid introducing bugs and vulnerabilities.
There is no single programming language that is the best tool for everything. For systems programming (OS kernels, device drivers, firmware), C and C++ are still tools of primary choice (though Rust is making some inroads here). But if I were to develop just about anything else that lives, privacy/security, or business operations depended upon, I'd use a managed language/environment.
When you take out the obvious political BS, which is slathered through out, the idea of migrating towards lower risk models by updated langauge selection makes sense.
Re: US White House urges devs to dump C and C++
By: Digital Man to Nightfox on Thu Feb 29 2024 01:43 pm
There is no single programming language that is the best tool for everything. For systems programming (OS kernels, device drivers, firmware), C and C++ are still tools of primary choice (though Rust i making some inroads here). But if I were to develop just about anythi else that lives, privacy/security, or business operations depended up I'd use a managed language/environment.
I suppose it would make sense to use a managed language/environment.
In some of the newer C++ standards, they've introduced some classes that are meant to help manage memory better for you though, suchas shared_ptr, unique_ptr, etc.. I've heard people say you can avoid using new &
delete (or malloc() and free()) and use those managed pointers instead.
I think another issue can be buffer overruns though, and I don't recall offhand if a managed language normally protects against that. In a
quick Google search, I found a page where someone said buffer overflow exploits are possible in C#, though it's harder to produce them in C#.
code that appears to work for _years_ can suddenly stop
doing so when you update a point revision of your compiler.
It's madness.
code that appears to work for _years_ can suddenly stop doing so when you
update a point revision of your compiler. It's madness.
It's also the reason so many commercial and open source "linters" (static analyzers) and run-time analysis tools exist today (primarily, for use with C and C++ projects) - detecting undefined behavior, security issues. The unsafety of C and C++ have kept a lot of people busy for a lot of years. :-)
I've definitely seen what you're describing though - hey this worked before I upgraded the tools, it must be a bug in the tools! <sigh> It's almost never a bug in the tools. :-(
Re: Re: US White House urges devs to dump C and C++
By: tenser to Nightfox on Sat Mar 02 2024 02:30 am
code that appears to work for _years_ can suddenly stop
doing so when you update a point revision of your compiler.
It's madness.
It's also the reason so many commercial and open source "linters" (static analyzers) and run-time analysis tools exist today (primarily, for use with C and C++ projects) - detecting undefined behavior, security
issues. The unsafety of C and C++ have kept a lot of people busy for a
lot of years. :-)
I've definitely seen what you're describing though - hey this worked before I upgraded the tools, it must be a bug in the tools! <sigh> It's almost never a bug in the tools. :-(
Sysop: | digital man |
---|---|
Location: | Riverside County, California |
Users: | 1,042 |
Nodes: | 15 (1 / 14) |
Uptime: | 255:56:32 |
Calls: | 500,352 |
Calls today: | 25 |
Files: | 95,205 |
D/L today: |
21,151 files (2,804M bytes) |
Messages: | 465,989 |
Posted today: | 3 |