emoji-award-marseyrave
Unable to load image
Reported by:
  • HailVictory1776 : I don't understand any of this gay shit why don't you computer strags get real jobs

Oh shieeeet, the transgender mafia has won, C++ is kill!

https://thenewstack.io/feds-critical-software-must-drop-c-c-by-2026-or-face-risk/

"The development of new product lines for use in service of critical infrastructure or [national critical functions] NCFs in a memory-unsafe language (e.g., C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report says.

"Putting all new code aside, fortunately, neither this document nor the U.S. government is calling for an immediate migration from C/C++ to Rust — as but one example," he said. "CISA's Secure by Design document recognizes that software maintainers simply cannot migrate their code bases en masse like that."

But for all new code, bros it's ogre.

"For existing products that are written in memory-unsafe languages, not having a published memory safety roadmap by Jan. 1, 2026, is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," the report said.

It's ogre.

63
Jump in the discussion.

No email address required.

Does Rust even offer meaningful security benefits here?

Jump in the discussion.

No email address required.

Rust defaults to safe mode that stops dangling pointers and whatnot on compile. Even though you know every project that gets migrated from c++ is just going to immediately set it to unsafe.

https://www.embedded.com/memory-safety-in-rust/ and https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/ explain the whole source of this dilemma well. But most of it comes down to not trusting lazy gov contractor programmers to know how memory addresses and pointers work.

Jump in the discussion.

No email address required.

But most of it comes down to not trusting lazy gov contractor programmers to know how memory addresses and pointers work.

tbh rust is probably a fat W here then

Jump in the discussion.

No email address required.

yes

Jump in the discussion.

No email address required.

quite a few, but in the context of most "serious" security bugs I'm skeptical rust is going to save the world. The most recent cve in linux that I know of was to track what was/wasn't in the tlb. There's no way on this earth that that's trackable in rust without everything being unsafe

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.