What is the point of converting this software?
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
@samir @rogersm @ieeespectrum It’s also a pity that people seem to have forgotten about the foundations of computer science. The Halting Problem is still a thing…
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
This can only end well...
-
@mkoek Yes, it’s true, but you could also generate a Cmake file which automatically downloads a malicious dependency from GitHub.
The problem is the “hallucination”, not the choice of programming language.
@samir agree that that would be equally bad, but have not seen people be that silly… that’s probably me though
-
@samir agree that that would be equally bad, but have not seen people be that silly… that’s probably me though
@samir Goodness, I am behind the times. Some searching tells me that this is the way people handle dependencies now - just pull in some github repo from your makefile. We are not getting better at this security thing, are we.
-
@samir Goodness, I am behind the times. Some searching tells me that this is the way people handle dependencies now - just pull in some github repo from your makefile. We are not getting better at this security thing, are we.
@mkoek Nope. It’s the same everywhere. And I can’t fault it; it can take between “months” and “never” for a dependency to arrive as a Debian package. (And sometimes you do need an exact version.)
I personally like nixpkgs as a solution to this, but it’s a big change for most people.
-
@mkoek Nope. It’s the same everywhere. And I can’t fault it; it can take between “months” and “never” for a dependency to arrive as a Debian package. (And sometimes you do need an exact version.)
I personally like nixpkgs as a solution to this, but it’s a big change for most people.
@samir True. Apparently that’s the price of having some checks in place.
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
@samir
It reminds me a bit of the xkcd comic about the standards. Only now we have two (slightly different) implementations which need to be maintained
️ -
@samir There is also the possibility that Rust as a language will evolve, fragment or move on from where it is now, leaving a large codebase marooned. Surely it needs a formalised ISO standard, and a group with a will to support that, before embarking on mass codebase conversions.
-
@monospace @samir What language are you referring to?
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
@samir Yes! I think it is better to verify that existing software is memory safe, ideally automatically, but with the help of some type-like annotations if needed. There are still some rough edges, but Codex (the static analysis library) is close to provide that!
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
@samir I think I read an article in the 1980s about how people can write FORTRAN in every language. They meant in the style of FORTRAN, not the language itself.
And you can write C in Rust.
I'm not sure if this is automagically free of bugs.
-
@samir I think I read an article in the 1980s about how people can write FORTRAN in every language. They meant in the style of FORTRAN, not the language itself.
And you can write C in Rust.
I'm not sure if this is automagically free of bugs.
@Stefan_S_from_H I translated some C to Rust recently. I used the
unsafekeyword a lot. I don’t think this made it more safe. -
@samir Yes! I think it is better to verify that existing software is memory safe, ideally automatically, but with the help of some type-like annotations if needed. There are still some rough edges, but Codex (the static analysis library) is close to provide that!
@MatthieuLemerre I am all in favour of porting C and C++ to Rust! If the maintainers want to. And as you say, if not, there are tools to check safety, which should be wielded by knowledgeable maintainers. Otherwise you end up with the Ubuntu OpenSSL debacle.
-
@samir It took a while but IEEE seems to be going all in on GenAI and in the process becoming less relevant to me almost daily.
@pa28 I think it’s part of a larger pattern of journalists forgetting how to ask even the most basic of questions, like “What is the motivation for this?” and “What happens afterwards?”
-
RE: https://mastodon.social/@ieeespectrum/116030177478995194
What is the point of converting this software?
Who’s gonna maintain it?
Unless you have interest from the maintainers, you have a bunch of code that no one uses and no one maintains. Good job, folks.
I see nothing on these sites that explain how they hope to drum up maintenance, or even engage the maintainers of the original code.
Once again, the critical part of FOSS is ignored. It’s the people.
@samir Also, what is the deal with converting everything to Rust, considering that language is far from perfect.
A bunch of code that no one uses, maintains and that costed 10x more development time.
Maybe for security-critical parts, but even with those, the programmers could spend extra effort to secure it in the original language.
-
@samir @rogersm @ieeespectrum It’s also a pity that people seem to have forgotten about the foundations of computer science. The Halting Problem is still a thing…
@pascal_costanza @samir @ieeespectrum
IT is in a strange position: decided to forget computer science but never moved into computer engineering.
We’re a pop discipline, following the fad of the hour.
-
@Stefan_S_from_H I translated some C to Rust recently. I used the
unsafekeyword a lot. I don’t think this made it more safe.@samir @Stefan_S_from_H
Cause it may need a rethinking of this or that piece, not a blind rewrite.
If in C to Rust you hit unsafe, it is a moment to ponder.
Rust does push a little twist, that is positive for long term, maintability.BTW, have I mentioned, "time to ponder/think"? Current GenAI's don't do that.
-
@pa28 I think it’s part of a larger pattern of journalists forgetting how to ask even the most basic of questions, like “What is the motivation for this?” and “What happens afterwards?”
-
@samir Also, what is the deal with converting everything to Rust, considering that language is far from perfect.
A bunch of code that no one uses, maintains and that costed 10x more development time.
Maybe for security-critical parts, but even with those, the programmers could spend extra effort to secure it in the original language.
@warmsignull @samir
When blind rewrite forces into use of unsafe sections, it is telling that section in general is not-ok, not provable to be ok. Rust compiler helps in a long run.
Is this a rethinking of foundations? Yes. -
R AodeRelay shared this topic
