As I said in multiple other comments, I know there are valid cases for C/C++ where various factors prevent migration. I am not playing a little rebel revolutionary here, I am addressing the people who can migrate away but refuse to do so based on hand-wavy philosophy clashes (or my favorite petty rebellious take: "people praise Rust, I must resist using it!"). Petty stuff and I am pretty disappointed that people who bill themselves as "engineers" refuse to see objective evidence and hold on to only what they know.
Those are the people I address with my comment. Not the people who will be never allowed to migrate away a 2 million lines worth of C codebase. They have my deepest sympathies.
I think it is widely accepted that Rust is more safe. (There comes the NPM factor too so it's not entirely clear). The thing is just, you are excited about this technology, and you are equating "engineering" with "security". You are willing to pretend that other merits and factors don't exist, including ergonomics of iteration, or inertia. I tried writing my usual explorative Win32 code in Rust for an evening. Well, it was painful and I went back to do it the way that works for me, that is supported by all the official tooling, and that the official documentation is written in. I also can't see myself reading reasonable Rust code quicker than I can read and write reasonable C code in a year down the line. It's just too intricate, too clever, too condensed / abstracted and at the same time too verbose. Another time I went to download a couple simple projects (e.g. text editor) to dabble a bit with. But the stuff was too opaque and had _hundreds_ of third-party dependencies, and I couldn't understand it well. So I lost interest.
Choice of language and ecosystem is an economic matter. They get chosen based on what one knows and what one wants and how one evaluates the possibilities. "Security" quite frankly is not the most important of concerns in most situations, and for a good reason. I frankly am not getting paid in finding the nicest or "most secure" way to write a piece of code, but to get it done. I am not interested in following the development of the hundreds of dependencies of my Rust project, and to change my data structures when they learned a better way to design the API to those "safe" data structures.
But you are seeing only "security". Well, it's most secure to just shut your computer off. So much for "objectivity". Maybe you _are_ the zealot!
I do no such thing. I am not at all excited about Rust in fact anymore, I just learned where it excels at and I know when to reach for it.
> You are willing to pretend that other merits and factors don't exist, including ergonomics of iteration, or inertia
I have literally just responded to you before this comment where I made it clear that I stopped actively using Rust due to slower speed of iteration -- and that is said in another comment as well (including the inertia or lack-of-choice factor).
Can you please not misrepresent what I said? It's clearly written in at least two places.
> Choice of language and ecosystem is an economic matter. They get chosen based on what one knows and what one wants and how one evaluates the possibilities.
Which agrees with my "right tool for the job" take elsewhere in the thread. We're aligned.
> I frankly am not getting paid in finding the nicest or "most secure" way to write a piece of code, but to get it done.
Yes, and that explains why the programming at large is always teetering on the verge of ruin and stuff is barely working and is kept together by goodwill and spit. Though obviously worker bees like you and me can't change that reality for now. I have partially made my peace with that fact but not entirely; hence I reach for Rust every now and then.
> But you are seeing only "security". Well, it's most secure to just shut your computer off. Maybe you _are_ the zealot!
You seem to have gotten quite worked up and I'll ask you to stop. When I told you that I am open to discussion in a previous comment I was genuine.
Both Microsoft and Google said that from 60% to 75% of all C bugs are memory safety problems -- not my words, not my research, but that of two of the largest IT corporations out there.
That is proof. That is objective info. We can bikeshed and throw feces at each other until the end of time but there are people who got out there and gathered the info.
I refuse to be viewed as a zealot simply because I want to attack the lowest hanging fruit in terms of bugs and security vulnerabilities. No, that makes me both a pragmatic and a guy who is no longer willing to live with the broken status quo.
And I'll not agree with your polarizing take that "the only security is shutting your computer down". That's nonsense. You are simply not motivated to advance anything but your career. That's your right, surely, but at the same time it makes you dismiss any well-intended discussion about the current state of our profession and how can it be advanced further. You dismiss stuff off-hand and then you blame me for being a zealot. Not acceptable to me and I'll not take it.
So try and calm down and read better. We in fact agree on much more than you think but you are not seeing it because you seem to have formed an opinion of me before you even started writing.
