Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The mythology of unsafe blocks goes all the way back to ESPOL on Burroughs, still sold nowadays by Unisys, for customers that want OS security as the number one feature, before anything else.

It was also adopted by several systems and application programming languages outside C geology, until C# came to be, which is probably the first curly brackets language with unsafe code blocks.

The first error naysayers make on the eyes of SecDevOps, thus losing credibility points, is to focus too much on Rust, and too little on history of secure systems.

The first fundamental rule is to reduce attack surface, on C, and C++ (until and if profiles come to be), it is all over the place.

I don't see folks that usually post on HN or Reddit going to buy Astrée licenses, or integrate Frama-C into their development process.



I am not sure what point you're trying to make. Who are the 'naysayers', and what are they saying 'nay' to? And what do they have to do with anything I commented on?


Anyone that downplays unsafe code blocks as it was a Rust invention, available nowhere else.

Then uses it as argument, that since Rust has unsafe, there is no benefit over using C or C++ with a plain static analysis tool, but a basic one, because they are unwilling to actually use the ones people pay for on high integrity computing certifications.

Your comment to me seemed a bit going towards that direction.


Hmm, no, my comment didn't say any of those things. Specifically, I did not comment on (and do not care if) unsafe blocks are a Rust invention, and I made no comparison between Rust and C or C++.


Maybe I misunderstood the point being made, then. Sorry about that.

https://news.ycombinator.com/item?id=47814965




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: