Just received this comment on YouTube to one of my videos and I'm struggling to find an appropriate response. "Any skilled developer can write perfectly memory-safe code in C and C++. Rust is just for people who can't even use computer memory properly."
Why did nobody tell me this stuff was so easy? I feel so foolish now.
In this instance the best response is no response. They’re either trolling or so militantly anti-Rust that there’s no point engaging
This appears to be the consensus opinion.
I've come to accept that there are no "skilled [perfect] developers". We all make mistakes, some more so. Rust makes it that much harder to make certain mistakes. I know some developers that cannot be bothered to write defensive code to verify function input because they are a "skilled developer".
youtu.be/KPVtYmaxkJE?...
I wonder, is ChatGPT a skilled developer? 😊
"Any skilled developer can write perfectly memory-safe code in C and C++" - Theoretically you/some "could", but unless you’re exploring memory management algorithms (or for a few applications, low-level data structures), your effort is better directed on the application you’re trying to build.
It's demonstrably not true. Expert C and C++ programmers routinely write code with memory bugs. The only codebases with almost none of them are ones that are so old that all the issues have manifested a bugs that got fixed.
We’ve been trying “simply don’t make memory management mistakes “ for about 50 years. It hasn’t worked.
It’s like saying: “Any skilled carpenter can use a hand-saw. Power-saw is just for people who can’t even use a hammer properly” Can do… doesn’t always mean should do. Eh?
Most developers don’t work alone. ?
This is an example of ignoring scale. It's the difference in spotting vulnerabilities in toy examples vs. in a large codebase.
“When even the US government is begging developers not to write in C/C++ because they claim that 70% of CVEs are a result of memory issues- perhaps you should reconsider your assumptions.”
This kind of argument comes from denying that people are fallible, which is irrational. You can't ever counter that with logic because it comes from emotion: the valid, but unchecked, self confidence that allows people to overcome the hurdles to getting really good (but never perfect).
Not even two minutes after typing this comment, I serendipitously came across this which explains it much better than I ever could 😅 fixupx.com/RayDalio/sta...
Sometimes the best response is no response.
Fair.
"Here's the thing, in Rust we rule out the possibility for doing it wrong while C++ is literally a national security issue for the world"
every developer imagines themselves to be skilled. most are not.
They clearly have not sat down and tried to actually read and understand a C spec, much less C++. Saying you can write flawless C/C++ code is like saying you understand quantum. It's unclear if anyone can do it, and if you say you can you definitely can't.
Link to articles like this one, maybe? msrc.microsoft.com/blog/2019/07... Might also be worth pointing out that nobody is perfect, therefore even the most skilled C or C++ developer in the world can make mistakes. You might end up talking to someone who's already made up their mind though.
I agree with the responses saying that it isn’t worth responding, but the comment is just wrong. Even very good programmers make mistakes with C and C++. The first time I used valgrind on my code was quite humbling.
The problem as I see it is that while any ONE developer can be perfect*, we have yet to invent the technology to make EVERY developer perfect. In the absence of that technology the best we have come up with so far is Rust. *within the context of the project
Rust really is not addressing a skill issue as much as it addresses a communications issue, by providing more context and grammar in the API and mechanically enforcing sounds patterns we can communicate more complex APIs in a sound fashion.
Especially when people are stressed out due to a weekly deadline that keeps changing with different requirements.
I'm sure that's coming from the same people that published: "Any skilled developer can write perfect JavaScript. Typescript is just for people who can't even write good code." and produced: "Any skilled developer can write perfect code. Testing is just for people who can't."
If you meet this archetype just run.
I would answer: “Sure, but by that logic, 99% of developers aren’t skilled. Everyone has written memory unsafe code at least once. Those rust compiler guardrails are there thanks to the mistakes a lot of people make when they’re under a tight deadline (like usual in the SE field).” 1/2
That’s the difference between professional software development and hobby development. You simply don’t have the time to write it properly to begin with. Yes, you’ll improve, but there will always be something that you fuck up. 2/2
🤡 sure they can, until they don't
"Sure, and any tightrope walker can cross Niagara Falls without a safety net—gravity is only for the unskilled." “Who needs a borrow checker when you have a blame checker? It’s the intern’s fault, obviously.”
“C++ has two kinds of people: those who manage lifetimes flawlessly, and those who still think they do.” “Absolutely—just ask the folks maintaining the CVE database; they love how quiet the C and C++ sections are.”
“If you haven’t chased a dangling pointer across five translation units you haven’t lived—Rust just deprives you of that character-building exercise.” “Every secure coding guideline for C begins with ‘Step 1: Be perfect forever,’ which scales nicely in multi-team environments.”
“Look, if you’re not spending half your sprint hunting heisenbugs, are you even getting the authentic systems-programming experience?” “Nothing screams ‘rock-solid’ like sprinkling // TODO: bounds check comments through a legacy codebase.”
“I compile with -Ofalseconfidence and it removes all potential vulnerabilities at link time.” “Why use a borrow checker when you can crowd-source correctness to your users’ crash reports?”
“Rust’s compiler screams at you; C++ waits quietly in the shadows and lets the kernel scream later—much more polite.” “Of course we’re safe—our CI pipeline greps for ‘gets(’ and throws confetti when none are found.” “I don’t need Option; I have NULL and an optimistic worldview.”
While I agree that not engaging is the best idea these are good. :)
I would not dignify such trolling with attention. 😅
Any skilled driver can drive their car without crashing. Seatbelts are just for people who can’t drive.
Even if you drive perfectly there’ll be problems. The road might not be perfect, weather conditions may impede your view or you’re just tired and wanna go home. Maybe other traffic participants aren’t as careful as you.
Moral of the story: wear your damn seatbelt. It’s not going to kill you, but it might just save your life when shit hits the fan.
Just make sure that wherever you have a malloc, you have a corresponding free, and everything will be fine. Simples. LOL.