this post was submitted on 10 Nov 2024
194 points (92.9% liked)

Programming

22204 readers
105 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
UlrikHD@programming.dev
194
The US government wants devs to stop using C and C++ (www.theregister.com)
submitted 9 months ago by lemmee_in@lemm.ee to c/programming@programming.dev
91 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] wewbull@feddit.uk -5 points 9 months ago (3 children)

The Rust kernel devs are ...

  1. ...asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.
  2. ...asking maintainers to accept code into their subsystem whilst being told, you don't need to know Rust to an expert level...trust us. Cross language interfaces always have nuance and make good attack vectors. Understandable that maintainers are cautious.
  3. ...creating quite a lot of hassle for no a lot of improvement. Systems are only as resilient as their weakest components. The cross language interface is always going to be weak. Introducing a weakness to get improvements probably only succeeds at making the whole weaker.
[–] FizzyOrange@programming.dev 28 points 9 months ago

asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.

No, they were asking them to define the semantics of the filesystem APIs. Those semantics are not encoded in the C API but the Rust devs wanted to encode them in the Rust API to avoid making mistakes.

The C devs didn't want to, not because of concerns about binary drivers, but because the semantics are already broken. Apparently different filesystem drivers assume different semantics for the same functions and it's a whole mess. They don't want to face up to this and certainly don't want anyone pointing it out, so clearly it must be the Rust devs' fault for wanting APIs to have consistent semantics.

The rest of your comment is nonsense.

[–] sukhmel@programming.dev 7 points 9 months ago (1 children)

What's the reason to avoid binary blob drivers being feasible? Is that about not being able to use non-free binary blobs in kernel? I don't quite understand what it even is about

[–] wewbull@feddit.uk 14 points 9 months ago (1 children)

Having binary blobs linked into your kernel is a maintainability nightmare. You're allowing a third party to link their buggy drivers into the heart of your platform. It breaks any security model you have, and brings with a bunch of bugs that are impossible to debug.

Nvidia were the worst offender and it culminated in this:

https://arstechnica.com/information-technology/2012/06/linus-torvalds-says-f-k-you-to-nvidia/

[–] sukhmel@programming.dev 1 points 9 months ago (1 children)

Got it. I agree that their drivers are (were?) of exemplary bad quality

But I don't think that it is realistically possible to drop all the proprietary firmware blobs, and if it's not maybe it's better to not actively sabotage something to 'avoid those being feasible'?

[–] Vilian@lemmy.ca 2 points 9 months ago

Firmware don't link to the kernel tho, and the kernel functions aren't stable so a firmware today would stop working tomorrow because a function was refactored(and all the code in the kernel that depend on that function) for performance or security, and the binary can't be refactored so it become useless

[–] refalo@programming.dev -3 points 9 months ago (1 children)

IIRC They were also trying to get kernel devs to let official structure definitions live in Rust instead of C, and got upset when they didn't want to do that.

[–] pupbiru@aussie.zone 12 points 9 months ago

the rust devs wanted to CREATE official structure definitions that don’t exist in C so that there was more semantic meaning to the APIs