If you could reliably write memory safe code in C++, why do devs put memory safety issues intontheir code bases then?

Even highly paid (and probably skilled) devs in the IT industry manage to mess that up pretty regularly. Even if it was: devs using memory safe languages make much fewer mistakes wrt. managing memory... so that tooling does seem to help them at least more than the C++ tooling helps the C++ devs.

sigh

All build tools are simple as long as nobody uses it. Even CMake was simple before KDE and Co. started to rely on it.

A build tool can be simple, if you use conventions over configuration. Unfortunately that ship has sailed for the C and C++ eco system decades ago... Every project is widely different from every other project out there. Heck, we can not even agree on file extensions for c++ files, let alone a directory structure for project source code to live in or the tooling we want to be available.

So you need to have every little detail configurable... and since all projects are so very different, users will need to tweak all those settings... as the first bigger project adopting abcs will dictate their defaults into your code (where you have not gone with your defaults before).

Seriously, you need a language leadership team that considers tooling as important from the very start or you will not have a simple build tool ever. See rust: There the leaders pushed for tooling from the start. Every rust project looks basically the same because of that. These strong conventions enable the language to have a simple build tool.

C++ is on thenfar side of that. Even in 2020 when introducing modules the committee choose not to mandate even the most basic interoperability features like file extensions. The cmake people had to get several compiler developers to add things to make modules toolable. And even with that effort the meson people seem to say c++ modules are entirely untoolable still.

Those evil companies block random users, just because their government made some laws about it.

I'd go for open source projects. They usually have bigger code bases and good practices, that they enforce on their contributors with code reviews and such.

It's a good way to get feedback on your code, something miss out on personal projects and get much less of in university and corporate projects.

Rustfmt is not very configurable. That is a wonderful thing: People don't waste time on discussing different formatting options and every bit of rust code looks pretty identical.

Why would they need to share ssh keys? Ssh will happily accept dozens of allowed keys.

It gets rid of one more SUID binary. That's always a win for security.

Sudo probably is way more comfortable to use and has way more configurable, too -- that usually does not help to make a tool secure either:-)

When I last checked (and that is a long time ago!) it ran everywhere, but did only sandbox the application on ubuntu -- while the website claimed cross distribution and secure.

That burned all the trust I had into snaps, I have not looked at them again. Flatpaks work great for me, there is no need to switch to a wannabe walled garden which may or may not work as advertised.

“I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees,”

My impression is that they are very aware of the state of C++ and the efforts to provide strong safety guarantees. That's why they keep raising the pressure.

That depends a lot on how you define "correct C".

It is harder to write rust code than C code that the compiler will accept. It is IMHO easier to write rust code than to write correct C code, in the sense it only uses well defined constructs defined in the C standard.

The difference is that the rust compiler is much stricter, so you need to know a lot about details in the memory model, etc. to get your code past the compiler. In C you need the same knowledge to debug the program later.

That depends on how you decide which bucket something gets thrown into.

The C++ community values things like the RAII and other features that developers can use to prevent classes of bugs. When that is you yard-stick, then C and C++ are not in one bucket.

These papers are about memory safety guarantees and not much else. C and C++ are firmly in the same bucket according to this metric. So they get grouped together in these papers.

There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the "right" direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)

All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.

Governments triggered this entire discussion with their papers and plans to strengthen cyber defenses. The article states that some experts ask for our industry to be more regulated in this regard.

I am surprised that possible regulations are not even listed as a factor that in the decission to stay with C++ or move to something else.

Sure, COBOL is still around after decades, but nobody ever tried to pressure banks into replaceing that technology AFAICT.

GPL effects "derived works". So if your code is derived from proprietary code, you can not use GPL, as you would need to re-license the proprietary code and you can't do that (assuming you do not hold the copyright for the proprietary code). LGPL and permissive licenses are probably fine though.

Now what exactly is a "derived work"? That is unfortunate up to interpretation and different organizations draw the line in slightly different places. We'd need people to go to court to get that line nailed down more firmly.

Why don't you download the latest release/nightly from github and unpack it somewhere?

Then how do you not see the point of a distributed sourceforge?

But this is no forge, it is just a git repo.

Again, have you even opened the webpage?

Yeap, I even put a repo into it. That's why I am so certain that it is useless.

Hosting a git repo is not a problem. Having an discoverable forge is. And this does not help with that in any way.

So github is not a problem?

Something can not be a solution independent of whether or not something else is another problem or not.

And regarding crypto, show me where in the code it forces you to use crypto. Show me the rad command that inhibits you from doing a normal git operation by bringing up crypto.

There is lots of needless crypto(graphy) going on all over the place. It is entirely useless for code hosting in a git repo.

No, I would prefer a world where not everything is concentrated on github, but that is the world we have to work with:-)

But how does this address any of the problems you brought up?

Do you think a project will be more discoverable when you say: "Clone foo/bar from github" or when you say "install this strange crypto-BS, then clone rad:xyhdhsjsjshhhfuejthhh just like you normally would"?

Apart from discoverability you get a known workflow for contributors, a CI and a bug tracker. Coincidently those make it hard for projects to switch away from github... how does this address any of that? "Use this workflow, which is even wierder than any of the other github alternatives!" and "just set up a server yourself"?

Sorry, this is just yet another crypto-bro solution in search of a problem. Technically interesting, I'm give you that, but useless.

Serious question: What is the point?

Just push into half a dozen mirrors and you are pretty censorship resident without the crypto voodoo put on top of git.

Github has one huge value: Discoverability of a project. This is even worse than hiding your project in one of the smaller forges... nobody can remember the mess of letters you need for this.

So you see C programmers as sabotaging public infrastructure?

Ansible must examine the state of a system, detect that it is not in the desired state and then modify the current state to get it to the desired state. That is inheritently more complex than building a immutable system that is in the desired state by construction and can not get out of the desired state.

It's fine as ,one as you use other people's rules for ansible and just configure those, but it gets tricky fast when you start to write your own. Reliably discovering the state of a running system is surprisingly tricky.