Biden administration calls for developers to embrace memory-safe programing languages and move away from those that cause buffer overflows and other memory access vulnerabilities.

  • mlg@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    5
    ·
    10 months ago

    You mean like android running java which is why everyone and their mom bought Israel’s Pegasus spyware toolkit?

    • AggressivelyPassive@feddit.de
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      10 months ago

      When was the last time you’ve heard of a memory safety issue in Java code? Not the runtime or some native library, raw dogged Java.

      Memory safety isn’t a silver bullet, but it practically erases an entire category of bugs.

      • mlg@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        10 months ago

        Fair point, even log4j was running java code, not literally hijacking the stack or heap.

        That being said, I’m poking fun because C and C++ have low level capabilities of which only Rust offers a complete alternative of. Most of everything else is safe because it comes packaged with a garbage collector which affects performance and viability. I think Go technically counts if you set the GC allocation to 0 and use pointers for everything, but might as well use Rust or C at that point.

        I guess I’m just complaining out of all the issues ONCD could point out, they went after the very broad “memeory-safe is always better” when most of the people using C and C++ need the performance. They only offered Rust as a potential alternative in the report with nothing else which everyone already knows. Would be nice to see them make a real statement like telling megacorps to stop using unencrypted SCADA on the internet.

    • bamboo@lemm.ee
      link
      fedilink
      arrow-up
      15
      ·
      10 months ago

      The apps are (sometimes) Java, but the OS is a mix of languages, mostly C and C++. The Java runtime itself is C++.

    • a1studmuffin
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      10 months ago

      I love that Android chose Java so they could run it on different processor architectures, but in the end one architecture won out so Java wasn’t necessary any more. I guess they didn’t know at the time, but they’d claw back a tonne of efficiency if they dropped the Java VM.

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        10 months ago

        Java also made it very accessible to the vast majority of existing Java developers.

        Way more Java developers than Objective C developers at the time.

        I wasn’t a fan of learning Objective C when I started learning just as swift was coming out but too new to use.