Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Programming

Tor Project Hopes to Replace 'Complex', 'Fragile' C Code With Rust (yahoo.com) 107

CoinDesk reports that "A project is in the works to make the Tor Client more adaptable and easier for third parties to use, with some help from Zcash Open Major Grants (ZOMG)." ZOMG announced on Tuesday that it is awarding the privacy-focused Tor Project a $670,000 grant to continue to develop Arti, a Rust coding language implementation of the Tor Client... Arti should make it simpler for third parties to embed and customize the Tor Client than the current implementation in the C coding language... "Arti is a project to make an improved version of Tor that will be more reliable, more secure, and easier for other software to use," said Nick Mathewson, chief network architect and co-founder of the Tor Project. "We hope that within the next several years, Arti will become the preferred implementation of the Tor protocols...."

"Onion routing has just had its 25th anniversary in May, and although Tor is a great set of privacy tools, the C program 'tor' itself (note the lowercase t) is beginning to show its age," Mathewson said. "We've found over the recent years that the complexity of the existing C code, and the fragility of the C language, make it unnecessarily difficult to improve the code while maintaining our security and privacy guarantees....

"Roughly half of Tor's security issues since 2016 would have been impossible in Rust, and many of the other issues would have been much less likely, based on our informal audit," he said...

The funding will go toward developer salaries as they develop Arti. Mathewson said the goal with this round of funding is to advance Arti to the point where it is ready for general use, testing and embedding.

This discussion has been archived. No new comments can be posted.

Tor Project Hopes to Replace 'Complex', 'Fragile' C Code With Rust

Comments Filter:
  • poor craftsman (Score:5, Insightful)

    by DrWho42 ( 558107 ) on Sunday July 11, 2021 @12:46PM (#61572627) Homepage
    Maybe it's not a popular opinion, but it should be said: He's a poor craftsman who blames his tools.
    • Yup, I have seen so many total rewrites that result in a square wheel: Wayland, Gnome...
      • by bn-7bc ( 909819 )
        Well altho Wayland might not be there yet X11/Xfree86 was showing its age a bit and maybe it was time to try somthing new. I'm no expert on the subject, I can only go with what I've heard, and apparently X11 whas not that great at interacting with 3d (don't know the details on why tho)
        • by Uecker ( 1842596 )

          Not really. Wayland is essentially using the same design as used in X for local graphics, but removed of a lot of old stuff. That this make everything better or faster is largely propaganda. Simplifying stuff would be fine and welcome if not for the fact that this breaks decades of compatibility, introduced a lot of new problems which were already solved a long time ago in X, and does not have one of the most useful features of X: network transparency. Improving X, e.g. having disconnect and reconnect, or

      • Yup, I have seen so many total rewrites that result in a square wheel: Wayland, Gnome...

        Which is maybe why, instead of doing a total rewrite and starting their own operating system, these people are starting with Linux and just attempting to improve it. Is that perhaps possible?

      • by Kisai ( 213879 )

        Yep yep. Remember Netscape throwing out Netscape to produce Mozilla/Firefox which resulted in losing two years of competitive pressure on MSIE, practically cedeing it to MSIE until Chrome came along.

        The general rule for programming is. If it can't be done with C alone, then it's not portable, performative at all.

        C++, Rust, Pyhton etc have their places, but more frequently than not, people switch to less performative programming languages to save on compiler time, at the cost of the program running at 100's

    • Yes, true professionals drive nails in using bottles of nitroglyCerin.
    • Re:poor craftsman (Score:5, Insightful)

      by Tailhook ( 98486 ) on Sunday July 11, 2021 @12:54PM (#61572659)

      And yet we stupidly endeavor to build better tools.

      • Better tools aren't a bad thing, but really we need better idiots to use those tools.
      • Rust isn't better for anything, it's a childish scripting language with functions for everything and the kitchen sink, and it performs worse than Visual Basic. Name something for which it is needed other than lining the pockets of IT companies. Nothing worthwhile is written first in Rust and it's just another buzzword used to sell services and server rental, not a practical choice for development. It's worse than PHP, even.

    • Re: (Score:3, Insightful)

      Maybe it's not a popular opinion, but it should be said: He's a poor craftsman who blames his tools.

      Came here to say pretty much this. I'm a hardware guy and haven't done much programming but I've done enough to question that "fragile C" assertion. I can see the code being fragile if it was sloppily written, but that's not the fault of the language itself. There's been plenty of solid, reliable, long-lived C code written over the decades, yet all of a sudden C is fragile? I don't buy it.

      • Re: (Score:2, Insightful)

        The older the code is doesn't necessarily make it safer. There have been security vulnerabilities found in the Linux kernel that were over 15 years old at the time of discovery. You'd figure one of these superhuman C programmers that never make mistakes would have spotted them much earlier, but here we are. However, if it were written in a more modern language that wouldn't even compile if these mistakes were present, these vulnerabilities would never have existed.

        • Re: poor craftsman (Score:4, Interesting)

          by boa ( 96754 ) on Sunday July 11, 2021 @01:34PM (#61572765)

          Modern language? Ada has been around almost as long as C, and is considered by many to be quite safe.

          • Ada has been around almost as long as C, and is considered by many to be quite safe.

            My understanding is that Ada isn't well suited for kernel development. I don't know the exact reasons as I don't know the language, nor do I know kernel development that well, so you might take the word of an actual Linux kernel developer instead:

            https://www.youtube.com/watch?... [youtube.com]

            • Ada is fine for low level coding. Itâ(TM)s just no one knows it and mobile wants to learn it except some language hoarders and people needing to maintain old ada code bases
              • The main reason they give is they say that in Ada, deallocation of dynamic memory requires manually tracking lifetimes, which opens you up to use after free errors. So not really memory safe after all.

        • Re:poor craftsman (Score:5, Insightful)

          by gweihir ( 88907 ) on Sunday July 11, 2021 @01:35PM (#61572773)

          And then there are routinely really bad security vulnerabilities discovered in other languages than C. The problem is not the language.

          • What seems ridiculous to me is that we are still having sql injection exploits written. That problem was solved 20 years ago.

            • Re:poor craftsman (Score:4, Insightful)

              by gweihir ( 88907 ) on Sunday July 11, 2021 @01:58PM (#61572849)

              What seems ridiculous to me is that we are still having sql injection exploits written. That problem was solved 20 years ago.

              Indeed. The problem that was not solved so far is how to make sure people writing code have a clue as to what they are doing. Most do not.

              • Yeah, that's basically the great big gaping hole in the arguments regarding moving anything to Rust (or to any other language, for that matter). In the end, it's the programmers' expertise in writing the language that matters most.

                What new holes are going to be introduced by programmers rewriting all their code in a language with which they are less familiar?

            • What seems ridiculous to me is that we are still having sql injection exploits written. That problem was solved 20 years ago.

              6ofone. The problem is the fact that the program is doing EXACTLY what the writer intended it to do....?

        • Re:poor craftsman (Score:5, Insightful)

          by fahrbot-bot ( 874524 ) on Sunday July 11, 2021 @01:38PM (#61572791)

          The older the code is doesn't necessarily make it safer.

          The same can be said for the newer code -- perhaps even more so as it's less proven.

          There have been security vulnerabilities found in the Linux kernel that were over 15 years old at the time of discovery. You'd figure one of these superhuman C programmers that never make mistakes would have spotted them much earlier, but here we are.

          Were these programmers tasked with proactively reviewing millions of lines of code? As things evolved? No. The issues were found and corrected when they were found / exploited. No one can test/debug every scenario up front.

          However, if it were written in a more modern language that wouldn't even compile if these mistakes were present, these vulnerabilities would never have existed.

          You're assuming all these issues were "mistakes" that the compiler could/would find. Often they're programming decisions that are perfectly valid code, or the issues arise because something changed up/down stream.

          It's true and you're correct that *some* things could be solved / prevented by simply using a more stringent language (like Rust vs. C) but that won't necessarily solve everything, or even guarantee solving the major things. It will, however, generate completely new code that will have to be re-proven all over again, probably with new bugs and issues. It's a cost/time/quality trade-off. Some things may be worth completely redoing in a different and/or new(er) language, some redoing in the same language and some simply updated in place. Unfortunately, the best path to take for some (many?) can't be determined up front.

          • by LIGAFF ( 225383 )

            I was assured that enough eyes make all bugs shallow, and that literally tens of millions of linux users are competent C programmers.

      • Re:poor craftsman (Score:4, Insightful)

        by gweihir ( 88907 ) on Sunday July 11, 2021 @01:34PM (#61572763)

        Same here. C is not "fragile" in any way. The mess some people write in C is, but these people will create a fragile mess in any other language, because they do not have what it takes.

        • Same here. C is not "fragile" in any way. The mess some people write in C is, but these people will create a fragile mess in any other language, because they do not have what it takes.

          More modern languages like C++ can automatically detect situations like out of bounds array indexes, write an error log, and abort.

          That's the sort of thing I want in critical software, not just to continue as if everything was OK.

          • Re: (Score:3, Informative)

            by gweihir ( 88907 )

            You do not understand the problem.

            • by ytene ( 4376651 )
              I’m not suggesting that I do understand the problem - so if I get this wrong feel free to correct me - but it seems like there are subtle elements to what we’re saying.

              For example, it is true to say that the C language, as a language, can produce perfectly robust, secure and performant code.

              But at the same time, it’s probably also true to say that there are other languages out there which, thanks to language design features, make it harder for a less skilled developer to make a mista
          • by tomz16 ( 992375 )

            Same here. C is not "fragile" in any way. The mess some people write in C is, but these people will create a fragile mess in any other language, because they do not have what it takes.

            More modern languages like C++ can automatically detect situations like out of bounds array indexes, write an error log, and abort.

            That's the sort of thing I want in critical software, not just to continue as if everything was OK.

            Yeah, the natural path here is to take your currently-working C code, plop it into C++, and then iteratively start replacing the "critical" bits with managed memory / containers. IMHO, Rust is no better in terms of security or speed than modern, idiomatic C++. And C++ has the maj

            • by gweihir ( 88907 )

              Actually, you seem to have no clue what C++ can and cannot do. An array index out of bounds is not something the language can detect in C or C++, because that situation is dependent on the intent of the coder and neither the compiler not the run-time system cannot know what that is. Also, since when do C++ code come with a standard, always present way to log errors to a file? It does not.

              You may be talking about some specific library here, but safe containers can be done and are available in C as well.

              Serio

              • by gweihir ( 88907 )

                Hmm. Maybe you messed up the quoting in your reply?

              • Actually, you seem to have no clue what C++ can and cannot do. An array index out of bounds is not something the language can detect in C or C++

                Seriously, stop trying to push your agenda with lies.

                C++ can throw an exception on this code:

                std::vectora(10);
                a[11] = 0;

            • Yeah, the natural path here is to take your currently-working C code, plop it into C++, and then iteratively start replacing the "critical" bits with managed memory / containers.

              This.

              • I agree a modern c++ could be just as robust. However since I donâ(TM)t know the architecture of tor, a rust rewrite might actually be quicker if they start fresh and the developers are experienced in rust. All the old farts in slashdot never want to change lol
          • by gweihir ( 88907 )

            Actually, you seem to have no clue what C++ can and cannot do. An array index out of bounds is not something the language can detect in C or C++, because that situation is dependent on the intent of the coder and neither the compiler not the run-time system cannot know what that is. Also, since when do C++ code come with a standard, always present way to log errors to a file? It does not.

            You may be talking about some specific library here, but safe containers can be done and are available in C as well.

            Serio

            • An array index out of bounds is not something the language can detect in C or C++,

              Partly correct, but missing the point. If you're actually writing C++, instead of just throwing your C code into a class, you won't be using an "array". The standard library comes with good number of excellent data structures, and you'll be using one of those instead. If you do actually need an array, you'll use a vector. A vector will throw if you access if out of bounds using ".at". You will also design your program so you're not using integer indexes into containers unless you absolutely have to.

              but safe containers can be done and are available in C as well.

              If you d

              • by Uecker ( 1842596 )

                You can have your compiler check your bounds in C and generate a trap for out-of-bounds accesses.

                void foo(int N)
                {
                    int a[N];
                    a[N] = 1; // traps with right compiler flag.
                } /app/example.c:5:4: runtime error: index 10 out of bounds for type 'int [*]'

                https://godbolt.org/z/rnvojMx6... [godbolt.org]

                • Only for very limited scenarios.

                  • by Uecker ( 1842596 )

                    I am not sure what you mean. Basic arrays can be bounds checked as I just showed you. Advanced data structures in a library are accessed using wrapper functions and can also be bound checked. So what is missing according to your opinion?

          • More modern languages like C++ can automatically detect situations like out of bounds array indexes, write an error log, and abort.

            I'd rather have the compiler / development toolchain detect that an out-of-bounds was possible (while giving you ways to do the job where it ISN'T possible) and abort the build, rather than have it go to the field and some day die with a kernel panic or other error message.

            Gosh, isn't that the sort of thing Rust is all about?

      • by Sigma 7 ( 266129 )

        I'm a hardware guy and haven't done much programming but I've done enough to question that "fragile C" assertion. I can see the code being fragile if it was sloppily written, but that's not the fault of the language itself.

        The issue is that some core C functions, which aren't deprecated, tends to be dangerous by default.

        scanf("%s") - is how most people were taught to use the function. No width specifier, and that allows an instant buffer overflow. Programmers could write their own parsing function, but tha

      • I always think this saying is misunderstood. A good craftsman doesn't blame his tools because he ensures he has the right tools and that they are properly maintained. It doesn't mean that good craftsman don't care about their tools.

    • He's a poor craftsman who blames his tools.

      Ok, maybe, but there's also no denying that some tools are just inadequate for heavier jobs.

      It's like saying a craftsman is poor because the hand-drill he was using didn't do a great job at making holes, when power drills exist...

      • by gweihir ( 88907 )

        C is suitable for a lot of things, as many large and successful projects show, including the largest software project ever, namely the Linux kernel. Blaming C is just another dishonest attempt by the Rust fanatics to push their fetish.

        • Re: (Score:3, Insightful)

          by Joce640k ( 829181 )

          C is suitable for a lot of things, as many large and successful projects show, including the largest software project ever, namely the Linux kernel.

          Sure, it could also have been written in assembly language, or even hexadecimal.

          That doesn't mean it couldn't have been written better and with far less effort using a more suitable language.

          • by Pimpy ( 143938 )

            Large parts of it are written in assembly, too, due to architecture-specific code. Rust isn't going to do anything for you there, either. At this point, Rust is more like a solution looking for a problem. It's not substantially different from those idiots who wanted to write device drivers in Perl via CORBA 20+ years ago, who also made a lot of the same arguments as the current rust fanatics. I have no doubt rust can be great for certain things, but to suggest that the kernel is fragile and isn't using the

        • C is suitable for a lot of things, as many large and successful projects show

          Curious which of those used by millions of people have in fact avoided security bugs?

          I would argue there is a separate definition of safe and successful, just because millions use soemthing does not mean it's safe.

          But as more and more things exist entirely on a virtual base, the safety is a thing that starts to be a lot more vital than simply the metric that a lot of people use soemthing and it doesn't crash often.

          The time for play

    • Maybe it's not a popular opinion, but it should be said: He's a poor craftsman who blames his tools.

      Sure, a great craftsman can do good work with nearly any tool. However, when you do this for a living, projects get handed off between teams. Original authors get promoted or seek new opportunities. Contributors add things from all over the globe. People you will never meet extend your current product or take it over. Maybe a large company buys you out and expands your team with their employees.

      When your team is tiny and there's no money on the line, do whatever you like. When you make money and ne

    • Re:poor craftsman (Score:5, Insightful)

      by ArmoredDragon ( 3450605 ) on Sunday July 11, 2021 @01:12PM (#61572691)

      Maybe it's not a popular opinion, but it should be said: He's a poor craftsman who blames his tools.

      Think more along the lines of putting a hand guard on a circular saw. Sure, it's easy to avoid cutting your fingers off without one, but mistakes happen. The hand guard makes them a lot less likely.

    • Did anybody else read the headline as "Tor Project Hopes to Replace 'Complex', 'Fragile' C Code With Complex, Fragile Rust Code"?

    • by gweihir ( 88907 )

      There are oodles of poor craftsmen around in software, the morons that desperately cling to the hope that Rust will finally make their code not suck are just one faction.

    • Re:poor craftsman (Score:4, Insightful)

      by Phillip2 ( 203612 ) on Sunday July 11, 2021 @02:55PM (#61572987)

      That's because a good craftsman chooses his tools carefully and makes sure that they are right for the job.

    • Re: (Score:3, Insightful)

      Contrary to this idea, I hope nobody expects a craftsman is able to do his best work with shitty tools and materials. If it were so, then why doesn't everybody just use the shittiest and cheapest?

    • by tomhath ( 637240 )
      Although in this case, it's a poor craftsman who is blaming other people's tools.
    • Re:poor craftsman (Score:5, Interesting)

      by Junta ( 36770 ) on Sunday July 11, 2021 @04:26PM (#61573207)

      C is supremely tedious without necessarily providing benefit for it, and a lot of inconsistent approaches to development. Frequently needing to pass the length along with any data. Having to check every index before trying to use it. Is this function going to take a pre-allocated struct, or does it allocate new data. As the calling function, do I have to free memory allocated by the called function, or am I forbidden from freeing it because it's part of some static memory that the called function is reusing?

      This all produces maintenance problems. Recently I uncovered a vulnerability in a C application owing to assumptions about index validation. At one point the author wrote function a, but it was only called by b. Because of that, he only bothered to check the index in b, because a was an internal function. Later, another developer wrote function c and needed a again. In this case c didn't need to process the parameter, so he just passed it through to a without checking, because there was no document saying that a required it to be checked for it to be safe. It was a detail that didn't seem significant at the time.

      Another time I found a memory leak in a python application. It was due to C code returning some data to python, and the newly allocated memory was returned to python as a memoryview. So the C function couldn't free the memory since it was destined for python calling code and neither would python free the data. The developer *thought* that python would free memory if 'given' to python by the function call, but actually python won't do that, so the developer would have had to have provided a 'cleanup' function. But even if they did that, good luck getting a python developer to bother to explicitly call a cleanup function reliably, even if available, because that's not a tedium that is common to inflict on python developers.

      There are a lot of details that have to be meticulously tended to, and a need for overwhelming clarity in communication about ambiguous issues that if not agreed upon can overflow, corrupt stack, or leak memory. With no good upside to these freedoms. Compared to a C-ish language, but with index bounds baked in as mandatory and memory allocation and freeing handled in the logical fashion, you get the upsides of C like strategy but without the messiness.

    • by vadim_t ( 324782 )

      That mindset has long been removed from the places where safety actually matters.

      Eg, when an aircraft crashes, we don't just go and blame the pilot. Sometimes airplanes do weird, confusing things that pilots have trouble dealing with in a critical moment. Which is why we research what happened, and try to come up with solutions other than "the pilot should have done the right thing". Even in the cases where it's clear a pilot was just screwing around and did something they shouldn't have we often come up wi

    • Wrong rust in superior in every way from a security standpoint to c. Itâ(TM)s like using a hammer as a hammer (rust) rather than using the handle of a screwdriver (C) to drive nails. Even a rewrite in c++ would be better.
    • Maybe it's not a popular opinion, but it should be said: He's a poor craftsman who blames his tools.

      Every craftsman starts out as a poor craftsman. Some get better with experience.

      But to do that they need a workbench and set of tools that lets them work, make mistakes, and learn from the mistakes. (It is said in some branches of engineering that "Expertise is directly proportional to value of equipment destroyed (during learning).")

      There are tradeoffs here. The upside to padded rooms is that they don't l

  • by fahrbot-bot ( 874524 ) on Sunday July 11, 2021 @01:22PM (#61572717)

    We've found over the recent years that the complexity of the existing C code, and the fragility of the C language, make it unnecessarily difficult to improve the code while maintaining our security and privacy guarantees....

    It's one thing to try and address code that is "fragile" because of the latitude C allows programmers -- which is more a fault of the programmer than language -- in another language that may be more stringent (like Rust), but another thing entirely to rewrite code in another language simply because it's "complex". (a) There's no guarantee the fresh code will be any less complex and (b) this new code has to be re-proven -- especially if redone in a different language, that may have different idiosyncrasies. The latter also applies to rewritten "fragile" code, but with the consideration that it may be less so because of the constraints of the new language. Finally noting that all this could simply be addressed in the current C implementation -- but I guess that doesn't sound as sexy on a grant proposal...

    • by gweihir ( 88907 )

      Indeed. They will just swap one set of well-known and well-understood problems for a new set which is far less understood. I fail to see how that is a good thing.

      • Indeed. They will just swap one set of well-known and well-understood problems for a new set which is far less understood. I fail to see how that is a good thing.

        It's a good thing if you're working on "Arti":

        ZOMG announced on Tuesday that it is awarding the privacy-focused Tor Project a $670,000 grant to continue to develop Arti, a Rust coding language implementation of the Tor Client...

    • by Junta ( 36770 )

      It depends on the codebase and I don't know the Tor codebase to specifically say whether it's along the lines of how you are thinking, but there is an alternative.

      Long lived codebases can grow in very awkward ways, particularly with many hands. Chunks of functions that are awkwardly organized, unnecessarily convoluted compared to if the big picture was known from the beginning of coding. A rewrite is sometimes more straightforward than reworking a complex codebase.

      The latitude that C offers inflicts a need

  • by Rosco P. Coltrane ( 209368 ) on Sunday July 11, 2021 @01:31PM (#61572753)

    If you run Tor securely to browse the web, you need the Tor browser. The Tor browser is essentially a declawed Firefox with all the possible features that can be used to deanonymize you disabled removed - chief of which is Javascript of course.

    When you use the Tor browser in truly secure mode, the web is as good as unusable. If you don't use the Tor browser, then all you have is a false sense of security, as the NSA, Google and various other Big Data sumbitches have no trouble linking your traffic to your real persona. And that's exactly how they like it.

    If you are a spy or a dissident and you do use Tor securely to connect to Tor-friendly services setup specifically for that purpose (be it http or some other protocol), then yes, it's a useful tool. If you're an ordinary internet dweller seeking to escape the constant corporate and state surveillance, look elsewhere.

  • by mykepredko ( 40154 ) on Sunday July 11, 2021 @01:34PM (#61572769) Homepage

    In my experience, "Fragile" means that doing updates that should be minor turns out to be a nightmare because of how easily simple changes breaks the whole application.

    It also means that the code wasn't all that well written to begin with and changes have been made haphazardly with no regard to the new code following the same approach as previous code and are not documented.

    Saying that the current code is "Fragile" means that the skills and processes aren't in place to develop robust code that is easily maintained.

    As for "Complex", all code is complex, but that can be mitigated by a good initial design with documentation and proper maintenance procedures that update the documentation.

    • Usually if there is fragile code, the best approach is to refactor it rather than rewriting it. When you refactor it, you learn how to make it better. When you rewrite it, you make the same mistakes you made the first time.

      • I would tend to agree with you but in this case (like seemingly everything involving Rust) there is the desire to rewrite applications to something shiny and new.

        I expect that a few years down the line they'll be saying that their Rust code is needlessly complex as well as fragile and the only solution to the problem is to write it in the latest flavour of the week.

  • Can mean one of two things given working code:

    A. The guy who wrote it doesn't work here anymore and no one here bothered to learn it.

    B. He still works here but he is either incapable of clear communication so it's a wonder his code runs correctly or he's perfectly capable of speaking and writing clearly but he has an audience of size one.

    In either case, the language isn't the cause, catalyst, or driver of the problem; all three can be found between someone's ears.

  • Sounds like a problem with your programmer and not the language.

    Funny thing, some of the tools they used to develop Rust were written in C. Some of the things they used didn't state what they were made with, and I don't feel like digging into it that far, especially for a PLBKAC issue...
  • wrong tools (Score:5, Funny)

    by LordHighExecutioner ( 4245243 ) on Sunday July 11, 2021 @02:27PM (#61572923)
    Fragile code can be reinforced with duct tape, while rust can be treated with WD40.
    • I've always used a grinder followed by a stiff metal brush on rust before applying the healing balm of primer.

  • by Zontar_Thing_From_Ve ( 949321 ) on Sunday July 11, 2021 @03:12PM (#61573019)
    Please note that I am NOT joking here.

    So I figure that in about 5 years, some Millennial is going to decide that Rust "sucks" because they didn't invent it, so they are going to invent a brand new language that "fixes all of the many problems with Rust while retaining the advantages", throw in some nebulous "security is better" phrases to boot, and then the "Rust is awesome" people are going to tell you with a straight face that they never really trusted Rust, but this new language is the real deal, let me tell you. Personally, I've never learned Rust and have no desire to use it, so I can't personally comment on whether it's any good or not, but after seeing all the unnecessary changes in IT in recent years, I can promise you that Rust will come under criticism soon enough. Remember that both Ruby and Python both had their days in the sun when they were supposedly "so much better than everything that came before" and neither of them could stop someone from coming up with Rust, etc.
  • How do you get stability out of a language named after rotting metal? If a bridge rusts, it falls down. It doesn't get more stable.

  • The only advantages C has over Rust are longevity, compile time, binary sizes, and amount of code in the wild. I've written a ton of C code and maintained even more. Despite being a relatively small language, the surface area for bugs is enormous. I will never use C again unless I have a very compelling reason to. I'm not saying Rust is the end-all-be-all language, but it's WAY better than C.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...