Mark Russinovich, the chief technology officer of Microsoft Azure, says developers should avoid using C or C++ programming languages in new projects and instead use Rust because of security and reliability concerns.

Cool.

Is he a Jesus to seriously listen to him?

PS: even Jesus is not worthy to be a one man prophet

@iiii edgelord atheism

@aviophile forgot to ask the saint father of all devrant

So, what's the question?

@iiii I my opinion, if you nerd outside help to decide what language to use, his advice is good since you obviously do not know enough c or c++ to write safe code ;)

If you know he is wrong for your project, just ignore it.

But having worked with C, I for one know how easy it is to create security or stability problems.

With Rust or modern C# that prevents null unless explicitly allowed, you avoid a whole chapter of error types that just cannot happen.

But if you have libraries that only exist in c++, then mapping those to another language can be a lot of work.

And remember, he said NEW projects, not already existing ones.

@Voxera Did I just hear 'Rewrite existing projects to in the end not finish them' hehehe

@Voxera true. Though the whole complexity of the syntax and the mechanism which you have to babysit until it starts working at all is quite unappealing.

Meanwhile, the actual elephant in the room is to avoid using Windows.

@bigmonsterlover static analysis was a thing even before Rust's conception.

@bigmonsterlover fancy words for "static analysis"

@iiii But in C/C++, it's entirely optional and not part of the language, i.e. the language is not designed in a way to make this analysis reliable. Most C/C++ projects don't even use compiler warnings or compile with warnings.

@Fast-Nop true, but it does not mean that one cannot achieve the same level of reliability if things are done properly.

Though, I guess, for monkeys to not do stuff, the monkeys should be in shackles.

@iiii That's the difference: in C/C++, you can. In Rust, you have to.

@Fast-Nop and also the syntax is... meh.

@iiii Yeah, the initial cost is about prohibitive, there's no ISO standard, and that cargo shit pretends to solve a problem, but actually makes it even worse on ecosystem level - with NPM as cautionary tale what happens when dependencies are "easy".

@Fast-Nop don't forget also the STD library which is not as tested and reliable as the C++ one

@iiii Ah yes "static analysis". The difference is that in Rust it actually works and isn't some faith-based stochastic bullshit that can't actually find the really nasty errors

And nothing against asan, tsan and co. But do actually try to build a heavily threaded or async application in C++ and not pull your hair out because even tsan ain't gonna save you

"chief technology officer of Microsoft Azure" - i translate: "guy who has no idea about computers, screws up everything, and delivers a horrible product"

@hjk101 The question is how can Rust scales to the level of C ?

@dIREsTRAITS by using it in all new things I guess.

Using Rust in, or interfacing with C projects is not an issue (given that the Rust tooling already exist for the platform etc.) So a gradual rewrite is possible. C++ is though due too fluctuating ABI. If no IPC or inverted approach is possible I think you are stuck with C++. It's used in Firefox like that and that is no small project. What would your concern be?

Wake me up when Rust is actually usable for embedded baremetal applications.

Last time I tried... it was special.

I love the compiler to be fair (looking at you g++ and your trash error trace).

@PepeTheFrog i used it for stm32 mc, without any RTOS. It was working very well even with open source HAL libraries. It was a joy actually.

STM should definitely support Rust in their ecosystem(Cube IDE).

@bigmonsterlover so they basically have C++ and worse C++?

@aviophile ah I think I should give it another try now. :)

It's been a while I tried it, apparently it's gotten much more traction.

@PepeTheFrog don’t get me wrong, it still relies on open source community but if you are reading from uart or similar surface level functionality, they are probably implemented.

@iiii The idea is that you stick to safe Rust by default and only opt out where strictly necessary.

If you have 10% unsafe, you'll need to review these parts manually - but that's an order of magnitude less than C/C++ where 100% is unsafe in the way Rust understands that.

That's the theory at least. Figure in real industrial work, time pressure, and junior devs, and the possible result is that they won't have the time to fight the compiler for hours so that "unsafe" might end up everywhere.

OK, at least, you can "grep" for that, but it amounts to large rewrites for which there won't be time, either.

@bigmonsterlover Rust is a replacement for C++, not C. Technically, Rust could replace C, but those who are still on C don't embrace the same values, in particular not a highly complex language - or else they would long have switched to C++.

Can we convince Linus Torvalds to stop using C and just go for Rust ?

@dIREsTRAITS Rust support will land in the kernel driver area with the kernel 6 series.

As for stop using C: sure, if you are willing to pay billions of dollars to rewrite the kernel in Rust, that would be an option.