Comment by raincole
11 hours ago
I don't get it. Are we reading the same article? This article is so generic that it reads like vacuous truth to me. But I don't see their bitterness towards Rust (or anything, really. It's just vacuous.) from it. Is this person a famous anti-rust'er or something?
But it links to this post
https://joshlf.com/posts/memory-safety-life-and-death/
Under a "it doesn't matter it's memory-safe if..."
You may be misinterpreting the intended meaning.
It's like saying it doesn't matter if surgery is done another antiseptic conditions if the patient isn't also given a course of antibiotics during recovery.
It's not an argument against safe practices, it's an argument for amending one kind of safety with others.
Antiseptics did make a big difference in the century before antibiotics...
I don't get how you dont't get. It links about memory safety (with a link towards an extremely biased article in Rust's favor) and a link to design to correctness (that leads to Zig project).
There is a lot to dislike about this paragraph:
Hang on. If I want to prevent all bugs, shouldn't memory safe make your correctness much easier to achieve? And what is this about fixing all bugs? You mean proofs? The stuff that Zig doesn't aim to do?
And no, asserts don't fix all bugs, they just guarantee some of your invariants are held at best, used in test at worst.
Not if choosing statically checked memory safety sacrifices for correctness where it is a local optimum
If you sacrifice memory safety for correctness, that just means it's not correct. If safety is crucial, it must be safe under all inputs, and if there are data races.
It's a bit like saying, "Yeah, our system is safe, but if there are two threads racing or use after free somewhere, then all bets are off."
> It doesn’t matter that the language you use is memory-safe
> nobody can trick me into mistaking lesser stars for my true destination
The author seems to be in some level of denial around compile-time safety checks. They're right that runtime safety errors are an issue, but it feels wrong to discount compile time checkers when it can save a lot of yak shaving.
Quote the entire sentence.
>It doesn’t matter that the language you use is memory-safe, if you didn’t design for correctness or have no process that will eventually lead you to fixing all bugs.
It's also worth noting that they linked a post about how memory safety is literally a matter of life and death, so it seems like their point is that memory safety is one class of bug, and a compiler guarantee about it doesn't equate to a guarantee of correct, bugless, unexploitable code.
Like, the linked author brought up that Khashoggi's wife's phone was hacked. Maybe that was due to a memory bug or some other kind of bug. Maybe the next journalist who gets hacked is a victim of a memory bug or some other kind of bug. But that linked post didn't take a holistic view of correctness, but went straight to, "Rust is safe. Rust saves lives." There's a logical error there that's being pointed out.
If you really want to save lives, you need to eliminate exploits. Not just do a victory lap because your compiler ostensibly eliminates one class of them. The compiler doesn't catch all bugs. The compiler isn't the only tool for catching bugs.
That's my reading of it, anyway. I think he has a point, and the Rust people do as well. I think it's wrong to portray him as bitter.
That is correct, this blog post is about understanding the priority of various subgoals and the ultimate goal (creating useful software). Memory-safety is important but overfitting on that subgoal, as I believe the memory-safety blog post is doing, won't make you create better software.
If Rust helps you get all the way to correctness, then great, but that blog post was insane.
> The compiler doesn't catch all bugs. The compiler isn't the only tool for catching bugs.
I acknowledged that in my prior comment. This person is letting perfect be the enemy of good, and I guarantee you that they aren't running their binaries through Valgrind and Ghidra to check the runtime safety after it's built.
Exploits like Heartbleed get shipped because people abdicate their responsibility to write safe software. Shackling developers to dynamic analysis tools is not any better of a solution than using a memory-safe language to start. Rust is shaving a calf to avoid the whole yak.
It's so bland and generic its bizarre like somebody is botting it. Weird that all the comments calling this out are getting flagged or downvoted.
What 'all the comments'? There aren't many comments in this thread. You mean this: https://news.ycombinator.com/item?id=48432736 ? I flagged it too. I think the flag is quite justified.
oh I don't particularly care I'm just asking what is it about this article that is so worthy of being front page? I'm literally just calling out the content. I'm sorry for complaining.
2 replies →
I think you will be surprised by how many developers do not have this same list of priorities (or in that order) when developing software.
I posted this link at the same time when I posted it to Lobsters (https://lobste.rs/s/g6lkw1/my_software_north_star) 3 days ago, but it didn't get on the front page. Seeing that the submission time has been reset, I imagine it was given a second chance by HN curators (it's a known process), but that doesn't mean free upvotes, it's just that some people resonate with the thinking.
It's bland and generic because it's a manifesto. Author (and HN submitter) is Loris Cro, aka @kristoff_it, VP of Community at Zig Software Foundation.
In his role, devising as set of general guidelines to use as compass when things (inevitably! and often!) get very very muddy and Right v. Wrong is hard to tell apart -- both objectively, and also from the point of view of being a community leader with ton of vested interest -- is essentially one half of his job. Other half is abide to said guidelines.
So @kristoff_it last week sat down, came up with three simple rules short enough he can print on a business card (or hang on his office wall or whatever), and posted them here to test if they make sense to the wider community.
TLDR: yes can seem bland / generic but within context it makes sense to me author needed to distill his ethics in a nutshell.
oh. I've never heard of zig. I use Rust.
1 reply →