>These are how I classified the bugs. If I’ve got something drastically wrong let me know.
I'm really happy to see the data behind the claim! I've been slowly desensitized to opinions masquerading as unsourced supporting graphs of dubious provenance.
It's so simple, but kudos to the author for the transparency.
When Daniel wrote "C is not the primary reason for our past vulnerabilities", he may or may not have been right. But he sadly did not back that up with easily verifiable, refutable, data.
Data is like a ray of sunlight. Instead of arguing high-level opinions, let's argue the data
>Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.
Of course, Rust isn't the only language that tries to address memory safety, but it is one of the few that does so while retaining the performance of C.
Microsoft's current security advisory is to use C#/F# (including their newly introduced low level capabilities up to .NET 5), Rust and then C++ alongside Core Guidelines.
However the same Microsoft has backtracked in their rejection of C, adding support for C11 and C17, replaced the C++ userspace drivers framework with a C one, and despite all security sales pitch for Azure IoT, they ship Sphere OS and RTOS with a C only SDK.
No, Data does not get to decide what cUrl is implemented in, Who ever implements it gets to decide.
If you want to prove that RustUrl would be better then cUrl, you will have to implement it and prove that its actually better, by taking users away from cUrl. Decisions are made by those who make things not by those who have opinions, even if they are backed up by data.
Daniel doesn't have to defend his choices, because you can write your own if you don't like his.
That is true. And as the post mentions, Daniel did decide to allow some Rust into the tree, years after he wrote that post. Sometimes people change their mind. It's often a good thing!
Changing your mind is great! I do support, Daniels choice to do what ever he wants in what ever language. My statement was not against Rust, It was against the idea that software development is done by writing think peaces online.
I refer you to the Linux Kernel mailing list FAQ 15-6, that I think makes my point:
It is true that code can convince, but often, the written word matters too.
For example, the Linux kernel is considering accepting Rust in tree. While that is predicated on people writing the code and demonstrating its value, even getting to that point has required a lot of communication and convincing. It is often considered polite in open source projects to attempt to build some consensus before sending large patches upstream.
Sure, but what the author of this article is arguing is that someone who has spent a lot of time and effort making something should throw all that work in the trash, and start over, because they did it wrong, I dint think that is either polite or constructive.
I'm really happy to see the data behind the claim! I've been slowly desensitized to opinions masquerading as unsourced supporting graphs of dubious provenance. It's so simple, but kudos to the author for the transparency.
When Daniel wrote "C is not the primary reason for our past vulnerabilities", he may or may not have been right. But he sadly did not back that up with easily verifiable, refutable, data.
Data is like a ray of sunlight. Instead of arguing high-level opinions, let's argue the data