Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.
White House urges developers to dump C and C++::Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.
Embedded systems developer here. If you’re programming on ARM or one of the other big microcontrollers there aren’t many well supported options. ARM’s official Keil compiler and libraries are C and C++ and I see no official movement to change that.
They have literally decades in building those tools.
Microsoft’s multithreaded OS ThreadX is C code. They just bought it for a large undisclosed amount in 2018. It ain’t going anywhere soon.
AWS’s FreeRTOS is C. Not going anywhere.
Embedded development toolchains are very slow to change.
C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.
While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.
Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.
Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.
It is just too easy to shoot yourself in the foot when using a foot gun…
Sure the experts can avoid it, but that doesn’t mean the foot gun is a good tool in general.
There have been words around this, like how software should be safe by design, but the regulation should come from the governing entity.
This is simply materialized now, but there has been momentum.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
Wtf, I thought this was a meme…
Good luck with that, C/C++ are still crazy popular
Damn, it’s been like 25 years since I touched either of those. Aside from OS development, do people really do that anymore?
https://www.geekboots.com/story/why-c-is-so-popular-and-still-the-best-programming-language
Basically, C runs the modern world. WiFi, MacOS, Windows, Linux, and so much more
Most of the embedded world uses those.
Embedded systems developer here. If you’re programming on ARM or one of the other big microcontrollers there aren’t many well supported options. ARM’s official Keil compiler and libraries are C and C++ and I see no official movement to change that.
They have literally decades in building those tools.
Microsoft’s multithreaded OS ThreadX is C code. They just bought it for a large undisclosed amount in 2018. It ain’t going anywhere soon.
AWS’s FreeRTOS is C. Not going anywhere.
Embedded development toolchains are very slow to change.
well… that’s the point - if they weren’t this wouldn’t be a concern
Team Fortran raise up, but not too fast our old bones aren’t as strong as they used to be.
I updated an internal library from 77 to 90 last week. We’re working quickly these days!
C is not the problem, it’s sloppy “programmers” who cannot handle direct memory control and who do not understand the underlying system architecture and how a microprocessor operates. People who are good at writing C can make code just as safe as the safest Rust code.
While this is technically correct, it’s tantamount to saying “just don’t make mistakes”, or arguing that a seatbelt is unnecessary because many are good enough drivers to not need it.
Languages like C and C++ do not prohibit the kinds of mistakes that the NSA told us two years ago lead to software vulnerabilities.
Other languages, like Rust, have higher guardrails built in and make it much more difficult to accidentally create the same failure modes.
It is just too easy to shoot yourself in the foot when using a foot gun… Sure the experts can avoid it, but that doesn’t mean the foot gun is a good tool in general.
I’m not sure what to think about this. It’s bizarre, the White House making any recommendations on programming languages.
They’re definitely not seen as an authority in this field. Why would anyone care what recommendation they make? And so why make one at all?
removed by mod
There have been words around this, like how software should be safe by design, but the regulation should come from the governing entity. This is simply materialized now, but there has been momentum.
It’s a national security threat
Can’t we just bring back Forth and call it a day?
sad stroustroup noises
Good reason to not drop C and C++