In the past decade, security researchers have been sounding the alarm about the dangers of memory safety flaws. "Memory unsafety is a scourge plaguing our industry," said security researcher Alex Gaynor back in 2017.
That guy first branded himself as a Python developer and got someone in Node canceled over pronouns. Then he branded himself as a PyPy proponent, then as a Rust proponent.
I didn't know he was a "security researcher", too. I always saw more evangelism than code.
The very insecure C memory model might have made sense in the 70s when computers were so much slower and the Internet didn't exist but now when a buffer overflow can give anyone on the internet root access to your server it is a disaster.
In the past decade, security researchers have been sounding the alarm about the dangers of memory safety flaws. "Memory unsafety is a scourge plaguing our industry," said security researcher Alex Gaynor back in 2017.
That guy first branded himself as a Python developer and got someone in Node canceled over pronouns. Then he branded himself as a PyPy proponent, then as a Rust proponent.
I didn't know he was a "security researcher", too. I always saw more evangelism than code.
The very insecure C memory model might have made sense in the 70s when computers were so much slower and the Internet didn't exist but now when a buffer overflow can give anyone on the internet root access to your server it is a disaster.
There's a fair bit of work to do if we want to retire some of these C programs:
https://github.com/nodejs/node https://github.com/mozilla-firefox/firefox https://github.com/torvalds/linux https://github.com/python/cpython
Yep we have made a huge mess for ourselves but we can at least stop writing NEW critical software in memory unsafe languages.