Posts by hsivonen@mastodon.social
(DIR) Post #ARuUrcc7Bij6MngIVs by hsivonen@mastodon.social
2023-01-22T09:51:57Z
0 likes, 0 repeats
The paper says “We succeed by learning from others” but then signals a lack of learning even _about_ the language that C++ most significantly needs to learn _from_: Rust. In addition to saying that Rust is “built on top of C++”, the paper calls the borrow checker “borrowed checker” (apparently simply in error and not as a joke of the checker itself getting borrow_ed_ into C++) and repeatedly spells Rust as “RUST”.
(DIR) Post #ARuUreAXPDr7BqnIo4 by hsivonen@mastodon.social
2023-01-22T09:52:14Z
0 likes, 0 repeats
While these errors are seemingly trivial, it’s implausible that a person who has seriously investigated Rust would make these errors. The issues that the paper refers to in order to make the point that Rust, too, has problems are laughably minor in contrast to the fundamental problems C++ has.
(DIR) Post #ARuUrfibe2hXznk1Y0 by hsivonen@mastodon.social
2023-01-22T09:52:36Z
0 likes, 0 repeats
The paper is against forcing safety on those who don’t need it and mentions HPC as such a domain, by the paper makes no attempt to quantify the performance cost of safety. In contrast, the lack of memory-safety is damaging in many domains.
(DIR) Post #ARuUrhEC25Yug3WlQ8 by hsivonen@mastodon.social
2023-01-22T09:52:57Z
0 likes, 0 repeats
I agree with the paper that compatibility with existing C++ is a key thing that makes C++ valuable. There’s no point on making C++ safe in such a way that a future version C++ would, as a prerequisite of migration, require up-front effort similar to rewriting in Rust. In that case, you’d be better off rewriting in Rust.
(DIR) Post #ARuUriiiU5ZXJ0oedU by hsivonen@mastodon.social
2023-01-22T09:53:52Z
0 likes, 0 repeats
Outside the C++ leadership, it’s easier to draw the conclusion of positioning C++ as appropriate for getting value out of existing C++ code but inappropriate for new projects. Clearly, the C++ leadership isn’t ready to take that position on new projects, but still I would hope that they would engage on the topic in a way that would show having researched what to learn from better and without increasing the scope of “safety” in a way that makes the topic even more intractable.
(DIR) Post #AU8FhJ241a55qIPO8O by hsivonen@mastodon.social
2023-03-30T05:13:43Z
0 likes, 1 repeats
So Linux that Raspberry Pi 4 is supposed to have Bluetooth and audio output over HDMI, but neither works out-of-the-box on Ubuntu 22.04.
(DIR) Post #AbvJ9w7ZGYD1V6ypWK by hsivonen@mastodon.social
2023-11-14T09:33:15Z
0 likes, 0 repeats
Where do I find @osi board meeting minutes newer than March 20, 2020? https://opensource.org/meeting-minutes/
(DIR) Post #AbvJ9yVOOwSGta8svw by hsivonen@mastodon.social
2023-11-15T18:55:27Z
0 likes, 0 repeats
@dontcallmeDOM @osi Thank you. Weird that there isn’t a link from the old page to the new one.
(DIR) Post #AciCE8O3Jo4kMp1TVY by hsivonen@mastodon.social
2023-12-11T13:56:55Z
0 likes, 1 repeats
Sadly, C++ standardization leadership’s engagement with the memory safety topic is going even more embarrassingly badly than in January:https://pony.social/@thephd/111550692413752045The very first sentence is: “Memory safety is a very small part of security.” … Despite the result that about 70% of software vulnerabilties are memory-safety issues has been repeated at multiple organizations (Mozilla, Microsoft, parts of Google, IIRC also Apple).…
(DIR) Post #AciCEAPBoYAocvZPYe by hsivonen@mastodon.social
2023-12-11T13:57:34Z
0 likes, 0 repeats
The “Conclusion” section has this bit that looks like self-parody: “Safety and security should be opt-in instead of by-default.”As before, the references for showing that Rust has problems, too, are laughably weak. (But at least they mention Rust by name.)The doc makes an economic argument (with questionable numbers) against rewrites, but even if you accept an argument against rewrites, it’s not an argument against writing new components or entire new projects in a safe language.…
(DIR) Post #AciCECLiaQaKejxfQO by hsivonen@mastodon.social
2023-12-11T13:57:59Z
0 likes, 0 repeats
But who wrote this? The submission is listed as anonymous and the PDF says: “We (identified below)” without having names in the PDF. Someone noticed the authors referring to themselves as “ISO C++ Directions Group”: https://hachyderm.io/@alilleybrinker/111546895072685517Furthermore, parts of the content seem to match parts of Stroustrup’s slides from his CppCon talk this year.…
(DIR) Post #AciCEEeE2aZrmidTY8 by hsivonen@mastodon.social
2023-12-11T13:58:20Z
0 likes, 0 repeats
The talk shows a certain lack of self-awareness of acting towards Rust (not mentioned by name in the talk) like C folks acted towards C++. He said:“…one thing I've learned is people when they want to not use a language like C++ they pick something and says oh it doesn't do that. Today it is safety…”https://youtu.be/I8UvQKvOSSw?feature=shared&t=1214…
(DIR) Post #AciCEGovxkKcWVf3WC by hsivonen@mastodon.social
2023-12-11T13:58:37Z
0 likes, 0 repeats
And a bit later he makes a big deal about RAII:“Any librarian can tell you that that people will take out books and they'll forget to give them back again. It's a sort of human nature and uh we have to do these things at scale so resource release has to be automatic.”But why shouldn’t the same need to automate and the same observation that educating the human nature away does not scale apply to memory safety?…
(DIR) Post #AciCEIlSjck8YK3JNw by hsivonen@mastodon.social
2023-12-11T13:58:56Z
0 likes, 0 repeats
It’s worth noting that the notion that C++ is on the verge of getting a safe profile after Rust came out isn’t a new thing. This blog post is from 2016:https://robert.ocallahan.org/2016/06/safe-c-subset-is-vapourware.htmlSo where are Profiles now? This is the current state of the repo: https://github.com/BjarneStroustrup/profiles (To save you a click: Even more vaporware than the 2016 lifetime annotations that had implementations going for MSVC and clang. Now there are documents that are empty except for the title.)…
(DIR) Post #AciCEKj3RY0OdQwPuS by hsivonen@mastodon.social
2023-12-11T13:59:17Z
0 likes, 0 repeats
Stroustrup made way too big a deal of the earlier NSA paper having said “C/C++”. Well, now it’s not just the NSA but agencies from all the Five Eyes countries, and they are now saying “C and C++” are not memory-safe, so I guess that addresses the “C/C++” talking point:https://www.cisa.gov/sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf(The doc by the Five Eyes agencies is so much better than the doc by the C++ standardization leadership that the contrast isn’t even funny.)
(DIR) Post #AydAV3iWjyOVDS0AWu by hsivonen@mastodon.social
2025-09-27T09:35:01Z
0 likes, 0 repeats
Solo developer writes a library in C without ABI-stability-enabling practices and positions it as a desktop Linux system library. Linux distros, including Big Companies, ship it as such. The Solo developer hands the library over to Solo maintainer. Non-distro BigCo imports a copy of the library in their product, finds a security bug, and contributes a patch that fixes the security bug but breaks ABI compat.Who should Social Media Takes hold responsible for an ABI-compatibility-preserving fix?
(DIR) Post #AzGrNfpR269YIGOXZ2 by hsivonen@mastodon.social
2025-10-16T15:19:23Z
0 likes, 0 repeats
If cotton didn’t predate the EU and was introduced today as a plant-based alternative to wool, would the EU ban marketing it as Baumwolle?
(DIR) Post #AzrqdehECEO1RKHgBM by hsivonen@mastodon.social
2025-11-03T06:25:40Z
0 likes, 1 repeats
I dislike framing current Linux system on hppa, alpha, or m68k as reducing e-waste. If that was true, current Linux system on i386 (non-SSE) would be about reducing e-waste, but https://lists.debian.org/debian-release/2024/11/msg00459.html is the realistic take about that: There’s so much x86_64 hardware that’s about to go to e-waste unless someone accepts it for zero or near-zero money, that if e-waste is your concern, you should take an about-to-be-e-wasted x86_64 computer and retire the i386, hppa, alpha, or m68k hardware.
(DIR) Post #Azrqdg2tBBJ7cnQUaG by hsivonen@mastodon.social
2025-11-03T06:30:14Z
0 likes, 0 repeats
Running a current Linux system on hppa, alpha, or m68k isn’t about avoiding e-waste but about the hack value. If enjoying the hack value is your hobby, that’s ok per se. However, in practice, this often involves demanding that other busy people participate in your hobby when they don’t enjoy it as part of their hobby or job. That’s less ok.i386 was easier to retire, because it had been a collective thing instead of someone having been very invested in it as a hobby.
(DIR) Post #AzsFcaJzTRWMR608p6 by hsivonen@mastodon.social
2025-11-03T16:14:45Z
0 likes, 0 repeats
@shironeko @dmbaturin Banner for Debian 2.2 and updated in 2000.