White House urges developers to dump C and C++ : worldnews

[+] velox_vulnus@lemmy.ml 81 points 1 year ago* (last edited 8 months ago)

[deleted]

[-] pennomi@lemmy.world 90 points 1 year ago

I think that’s the point. You can’t trust the average developer to do things safely. And remember, half of all programmers are even worse than average.

[-] thisfro@slrpnk.net 20 points 1 year ago

Maybe even more!

[-] datelmd5sum@lemmy.world 6 points 1 year ago

Wouldn't that be the median programmer instead of average?

[-] pennomi@lemmy.world 2 points 1 year ago

The word “average“ can mean many things, for example, mean, median, mode, or even things like “within 1 standard deviation from the mean”.

I was using it strictly as the mean which divides the population exactly in half.

[-] Zitronensaft@feddit.de 4 points 1 year ago

The median is the one that splits a data set in half and picks the middle.

load more comments (1 replies)

[-] FreudianCafe@lemmy.ml 2 points 1 year ago

Half of all programmers constitute the so called "average" group

[-] ChillPenguin@lemmy.world 2 points 1 year ago

Yea! I'm one of them!

[-] Darkrai@kbin.social 2 points 1 year ago

Which half am I in?

[-] superduperenigma@lemmy.world 16 points 1 year ago

If you have to ask

load more comments (3 replies)

[+] Viking_Hippie@lemmy.world 2 points 1 year ago

[deleted]

[-] Feathercrown@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

Bell curves don't work to make this point. A bell curve is symmetrical, so half of developers will always be below average on a bell curve. But yes, it is true that for other types of distributions, more or less than half of the developers could be below average. What the person above you was looking for, in the general case, would be the median.

[-] pennomi@lemmy.world 3 points 1 year ago

The mean is in the center of the bell curve, so I’m not sure what your point is.

[-] Bademantel@feddit.de 2 points 1 year ago

What? How would you define "average"? His statement is technically correct.

[-] thisfro@slrpnk.net 2 points 1 year ago

Average is the mean (i.e. sum of all "skill" divided by the amount of programmers)

What they were thinking of is the median (50th percentile = 0.5 quantile), which splits the group in two equal sized groups.

For a bell curve, they are the same values. But think of the example of average incomes: 9 people have an income of 10$, one has an income of 910$. The average income is 100$ ((10*9+910)/10). The median is basically 10 however.

[-] Bademantel@feddit.de 4 points 1 year ago

The distribution of skill in humans, for various tasks and abilities, can often be approximated by a normal distribution. In that case, as you know, the mean is equal to the average.

[-] thisfro@slrpnk.net 2 points 1 year ago

Yeah, fair enough

[-] snooggums@midwest.social 8 points 1 year ago

Literally.

[-] u_tamtam@programming.dev 6 points 1 year ago

Or rather a Dunning Kruger issue: seniors having spent a significant time architecturing and debugging complex applications tend to be big proponents for things like rust.

[-] davel@lemmy.ml 45 points 1 year ago

Shut up Brandon, you can’t even code. This is just propaganda from Big Rust.

[-] Batbro@sh.itjust.works 11 points 1 year ago

I wanted you to know that I laughed and enjoyed this comment, ignore the haters 💛

[-] riodoro1@lemmy.world 43 points 1 year ago* (last edited 1 year ago)

Guys, C++ is gonna be dead in a couple of years now. Remember this comment…

…and read it again in ten years.

[-] ByteJunk@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Are you the guy who has been posting this same comment every 10 years over the last half century?

(Edit: is joke)

load more comments (1 replies)

[-] brunacho@scribe.disroot.org 34 points 1 year ago

Biden administration has fallen into the Rewrite it in Rust agenda.

[-] ScreaminOctopus@sh.itjust.works 28 points 1 year ago

Pretty crazy to reccomend Java as a secure alternative.

[-] u_tamtam@programming.dev 13 points 1 year ago

Why? What's wrong with safe, managed and fast languages?

[-] zik@lemmy.world 14 points 1 year ago* (last edited 1 year ago)

Java's runtime has had a large number of CVEs in the last few years, so that's probably a decent reason to be concerned.

[-] u_tamtam@programming.dev 5 points 1 year ago

Yep but:

it's one runtime, so patching a CVE patches it for all programs (vs patching each and every program individually)
graalvm is taking care of enabling java to run on java

[-] DampCanary@lemmy.world 10 points 1 year ago

Nothing...

Only that descrition doesn't include Java

[-] ScreaminOctopus@sh.itjust.works 3 points 1 year ago

Nothing really, the JVM has a pretty troubled history that would really make me hesitate to call it "safe". It was originally built before anyone gave much thought to security and that fact plauges it to the present day.

load more comments (1 replies)

[-] dukatos@lemm.ee 2 points 1 year ago

Written in C++

[-] FooBarrington@lemmy.world 3 points 1 year ago

There's a difference between writing code on a well-tested and broadly used platform implemented in C++ vs. writing new C++.

[-] mlg@lemmy.world 25 points 1 year ago

You mean like android running java which is why everyone and their mom bought Israel's Pegasus spyware toolkit?

[-] agressivelyPassive@feddit.de 19 points 1 year ago

When was the last time you've heard of a memory safety issue in Java code? Not the runtime or some native library, raw dogged Java.

Memory safety isn't a silver bullet, but it practically erases an entire category of bugs.

[-] mlg@lemmy.world 12 points 1 year ago

Fair point, even log4j was running java code, not literally hijacking the stack or heap.

That being said, I'm poking fun because C and C++ have low level capabilities of which only Rust offers a complete alternative of. Most of everything else is safe because it comes packaged with a garbage collector which affects performance and viability. I think Go technically counts if you set the GC allocation to 0 and use pointers for everything, but might as well use Rust or C at that point.

I guess I'm just complaining out of all the issues ONCD could point out, they went after the very broad "memeory-safe is always better" when most of the people using C and C++ need the performance. They only offered Rust as a potential alternative in the report with nothing else which everyone already knows. Would be nice to see them make a real statement like telling megacorps to stop using unencrypted SCADA on the internet.

[-] bamboo@lemm.ee 15 points 1 year ago

The apps are (sometimes) Java, but the OS is a mix of languages, mostly C and C++. The Java runtime itself is C++.

[-] a1studmuffin@aussie.zone 6 points 1 year ago

I love that Android chose Java so they could run it on different processor architectures, but in the end one architecture won out so Java wasn't necessary any more. I guess they didn't know at the time, but they'd claw back a tonne of efficiency if they dropped the Java VM.

[-] NotMyOldRedditName@lemmy.world 4 points 1 year ago

Java also made it very accessible to the vast majority of existing Java developers.

Way more Java developers than Objective C developers at the time.

I wasn't a fan of learning Objective C when I started learning just as swift was coming out but too new to use.

[-] Samsy@lemmy.ml 24 points 1 year ago

As you wish. Time to start learning D and D++

[-] RGB3x3@lemmy.world 12 points 1 year ago

Hey girl, would you like my D or D++?

[-] pelya@lemmy.world 24 points 1 year ago

Is that nottheonion?

[-] a4ng3l@lemmy.world 13 points 1 year ago

Also like it’s the only source of vulnerabilities… in addition a lot of the trendy python libs are developed in C; do we also ditch those?

[-] someacnt_@lemmy.world 11 points 1 year ago

Meanwhile the report does not really single out C/C++

[-] ScreaminOctopus@sh.itjust.works 2 points 1 year ago

Thats because in government products many unsafe languages shittier than C(++) are used, like Ada, Fortran, and Cobol. It wouldn't surprise me if most of the code running on products for government use werent written in C or C++

load more comments (1 replies)

[-] Treczoks@kbin.social 10 points 1 year ago

Nice. Now I'm waiting for all the Rust or whatever "safe" languages environments for embedded systems to fall from the sky. And please some that actually work on small processors with little memories.

[-] Arcturus@lemmy.dbzer0.com 9 points 1 year ago

Rewrite it in Rust

[-] Omega_Haxors@lemmy.ml 7 points 1 year ago* (last edited 1 year ago)

When all the talented programmers are all gay communists and your entire state exists to murder gay communists. Still can't forget how Allen Turing, a gay man whose inventions were a gigantic help in winning WW2, KYS'd because they still treated him like garbage even after the fact.

[-] GolfNovemberUniform@lemmy.ml 5 points 1 year ago

That's probably a good idea but I can see some proper longevity issues in that one

World News

Rules: