[nallerooth]

I wonder how much experience people yelling "OMG you're using C(++) - you have to rewrite everything!" actually have. Some of them can motivate their claims with good examples (at least to some extent) while others just show a serious lack of understanding of project scope and/or the reason something is written the way it is.

One of my favorite examples so far: https://www.postgresql.org/message-id/CAASwCXdQUiuUnhycdRvrU...

[buserror]

Ahah nice example! "I can't code, but if I were, I would like to be productive in something that doesn't require me to make any effort in understanding the problem, please advise"

I don't know where all the C hate is all about. I love C, it's a great tool. Can be quite sharp, be careful with your remaining fingers.

I spent the better part of last week studying rust and go, and my conclusion was 'meh, I'll have another look in another few years" and kept on trucking.

[nallerooth]

I don't get all the C "hate" either. Sure, C is a source of many "interesting" things - but it's also a natural part of control systems in avionics, space craft and nuclear power plants. I don't want someone who just read that "Rust is a great, safe language" to rewrite those. I really don't.

[throwaway9475]

I do. We have compilers that can verify seemingly perfectly (as far as we can tell) that a program won't do something silly like reference memory it doesn't own or try to use memory after freeing it (and not just languages like Rust, but any language that doesn't make you allocate and free memory). The best C programmer out there will still make mistakes because it's simply impossible to ensure that large programs won't do something they shouldn't. It boggles my mind that programmers seem to love better tooling and better abstractions, but when it comes to a certain class of languages, everything stopped improving in the 1970s with the PDP-11 and we just can't get past it.

[fiedzia]

And I do. Planes crashed and people died because of buggy software. We have lost Mars climate orbiter due to not using type-safe language. In the cases of software that works fine, we are just relying on ridiculous amount of manual verification, and this is both risky and expensive.

[zuzun]

> We have lost Mars climate orbiter due to not using type-safe language.

One company creates a closed-source component that produces a float, another company creates a closed-source component that receives a float. Units differ. Crash. No type-safe language will prevent that bug from happening. Let 100 programmers write these programs in your type-safe language of choice and all will be vulnerable to this.

"Oh no", I hear you say, "we'll give every unit its own type" and it still won't stop your programmers from deserializing a 4 byte value in English units into the metric value they think it is. "So we'll make all the IO typed as well!" You don't need a type safe language to do that. And why would you do it in the first place? If your API spec says you receive a float in metric units, you write your program accordingly. When you're writing mission critical software, would you really want to replace a

> read(sensor, &value, sizeof(float))

with 100k lines of even buggier code to prevent a bug from happening that shouldn't happen in the first place?

[fiedzia]

> Let 100 programmers write these programs in your type-safe language of choice and all will be vulnerable to this.

Some will be, some will define inteface as float_meters and define automatic conversion from yards, avoiding whole issue.

[lkitching]

All bugs "shouldn't happen in the first place", the use of types is to reduce the surface area for where errors can be introduced. If you read some value from an external source and subsequently use measure types then you've isolated the scope for the introduction of errors to the read function instead of every location in the program that uses the value.

[mikulas_florek]

Mars Climate Orbiter was lost because they forgot to convert units between different systems. That's an error that can (and probably would) be done in all type-safe languages I know of.

[muraiki]

F# supports units of measure: https://fsharpforfunandprofit.com/posts/units-of-measure/

[mikulas_florek]

That looks useful. I do not know F#, but can't you still use ordinary float and have the same bug?

[fiedzia]

It could be prevented if you could express units in the type system. Declare numeric_value_in_meters and numeric_value_in_yards as types and problem solved. Sure, it still possible that someone would not do that, but having this option is statistically better than not having.

[mikulas_florek]

You can do that in C struct Meters { int value; }

[buserror]

No amount of 'type safety' will prevent idiots from being idiots, and with all the other languages, the problem is very often sitting on the chair. People will screw up creatively in any language, and trying to 'hide' that behind a language runtime overhead is idiotic. The good thing with C is that it will catch the worst idiots quickly, so you know not to hire them to write avionics for you.

What is NOT idiotic iswhat you discribe as 'ridiculous amount of verification' as it's often the only thing that will really work to catch mistakes.

[fiedzia]

> No amount of 'type safety' will prevent idiots from being idiots

But it will limit the damage they do considerably. Having bit of space or trees between lanes on a road saves a lot of lives, even if people drive as idiotically as they would without it.

> What is NOT idiotic is what you discribe as 'ridiculous amount of verification'

Designing systems that rely only on that is idiotic when there are better options.

[carussell]

> Ahah nice example! "I can't code, but if I were, I would like to be productive in something that doesn't require me to make any effort in understanding the problem, please advise"

Except that's not what the commenter said, and what the commenter did say is, although glib, not inconsistent with the motivation behind Bernstein's entreaty to just create a boringcc already.[1]

Also, generally, just don't make up fake quotes to attribute to people. It's poor form.

> I spent the better part of last week studying

Telling.

1. https://groups.google.com/forum/m/#!msg/boring-crypto/48qa1k...

[buserror]

This is not making fake quotes, it's called paraphrasing. And "just don't" is impolite, I can just do pretty much as I like, as it is my own interpretation, Mr PC.

[carussell]

"Paraphrasing" is not a convenient word for writing something that tries to masquerade as a direct quote—things that are paraphrased don't try to hide the fact they're being paraphrased.

And you've failed to address the parts of my comment that are most relevant to the discussion. Why?

[buserror]

Well, seems we can't seem to agree on a simple thing, I don't want to waste my time attempting to discuss anything more complicated than a word. You went straight for the cool-aid bottle on the previous comment, and you wonder why I'm ignoring the rest?

Beside, my reply wasn't related to that particular post in detail it was paraphrasing (<-- hint) a behaviour that is pretty common across many projects, wether they are open or closed source.

Sorry to come out as a bit flippant, but I'm slightly overdosed on the 'fake .' argumentation these days.

[nathan_f77]

I am one of those people who doesn't have any relevant experience, but I think it would be amazing if curl and openssl were written with formal verifications, and with complete memory safety. And maybe in a purely functional style. It would be nice if lots of critical software was written to a much higher standard.

[72deluxe]

Why purely functional??