TechNom (nobody)

Unsafe code, at least in Rust, is given special treatment and care. Such code is usually 5% or less of the total codebase. Such unsafe blocks are also commonly reused fundamental designs. This leads to them being designed as libraries that are shared.

You can of course give C++ the same consideration. But then 100% of that code base will have to be given special care. And the reusability of unsafe code goes out the window.

People who argue that Rust (not sure about GC languages) is equivalent to C and C++ because of escape hatches like unsafe, completely neglect the localization of unsafe code and the benefits it brings.

That works only if memory safety is optional. Additions of the language features needed for mandatory memory safety are backwards incompatible.

One of their sources is the NSA, which is both mandated to make such recommendations and has the competence to do so. And as for the safety of C++, it’s possible to write unsafe code in modern C++. One of the best examples is multithreaded code. Modern C++ is far safer than C or pre-C++11, but it doesn’t address the entire space of memory safety.

I think enterprises are the early adopters and proponents of Rust. They seem so stoked about the memory safety aspect.

Choosing Rust instead of C or C++ for new projects is a rather light decision. But introducing it into or outright replacing legacy codebase with it is a rather phenomenal undertaking. Fish shell was completely rewritten. Linux is introducing it in no trivial way. I wonder if the woes with C/C++ is that bad.

Fish’s main attraction was never its scripting language - it was its UI. You can run bash scripts from fish (using bash of course), while still enjoying its bit more modern UI. Bash was never a challenge to fish. Nushell, on the other hand, is a different case.

The impression that I got is that while there is nothing more to port in the shell itself, the performance and concurrency goals haven’t been fully realized yet. The new Rust code needs a bit more tuning before it can replace the old shell.

They replaced all CPP code from the shell. But the rewrite isn’t complete yet.

You might want to have a relook at your own statement here. It’s got a load of paranoia. Paranoia beyond common sense and realistic threat assessment is unhealthy.

As for the NSA, it’s like they have a split personality (which I think is true for anyone in their position). Their job isn’t all about stealing information. They also have the mandate to secure their own and their allies’ assets. After all, who knows what’s more vulnerable to thievery than an experienced thief? Their job is as much to harden security as it is to compromise.

Finally, their statement is to move to a safe language - one of which is Rust. For your apprehensions about their backdoors to be true, they’d have to compromise every memory safe language out there - Rust, Go, Swift, Nim… There’s reason to be suspicious if they recommend only one language (that is more or less what happened with the NIST pseudorandom generator algorithm). But that isn’t the case here.

And you need to assess statements on their own merit - not based on who says it. What they say is true even in our personal experiences. It’s been shown statistically that people write much fewer bugs (memory safety bugs are a huge class) with safe languages. I’m not even confident of writing correct C programs these days. Honestly, if your paranoia is true, then it’s easier for the NSA to recommend everyone to write in C or C++. That way people will write careless mistakes that they can exploit. And C/C++ usage is way more than for Rust or anything else. They’d target C/C++ compilers and standards to increase their impact.

While I don’t want to deny the problems of not having namespaces, they will introduce a new set of problems. One issue with Github and similar platforms with namespaces is that a search for a repo turns up multiple projects with the same name under different namespaces. It’s always a confusion as to which one is canonical. Another problem is that people are now going to name squat namespaces instead of project names. Imagine somebody registers the serde namespace. Their crates may be mistaken as the canonical one.

What indicates that Igalia doesn’t want to make a browser with it? What else is their motivation?