C++ #13
Comments
|
Ah, I see initially this was written in Python in 2010, but then in early 2011 a C++ implementation was added. C'est la vie. An example of a great company that realized the significance of language choice is Numenta. They were using Python and C++ for NuPIC for quite some time (to the headache of myself and others), but then announced a Java rewrite of NuPIC. So although it is a pain, it's worth doing, especially in cases where folks are relying on your software to protect their well-being. |
|
While C++ is definitely not a perfect language and there is plenty of examples of bad C++ code out there, I would not go so far to call C++ a "broken" and "insecure" language. C++ is perfectly fine as long as you follow good practices, a reasonable coding convention, and have solid test coverage. Many companies, including Google and Facebook, use C++ in production environments. In fact, the majority of Google's infrastructure is written in C++. It would not be difficult to find stronger arguments against some of the languages you listed:
I was not involved in the DISSENT project, but in my view, a good motivation for having a C++ implementation is that it would be easier to build a community and gain adoption due to the C++ ecosystem. I would agree that having a Java implementation would be a good idea due to the strength of the Java ecosystem and the Apache Software Foundation. I would also agree that a Haskell implementation would be an interesting undertaking since its type system can make stronger correctness guarantees. However, I do not think implementing DISSENT in C++ was necessarily a bad choice. |
Perfectly fine to have a difference of opinion on the term "broken", but "insecure" is an objective assessment. C++ simply allows for "a whole host of new bug classes and exploitation possibilities" that are not possible in other languages. For security-critical software, it is an unacceptable choice these days regardless of what legacy systems are using it, and we need to make this message louder and clearer with every passing day in order to walk forward. This link is itself a wonderful argument as to why C++ should not be used. So many pages of voluntary conventions to compensate for the major shortcomings of the language. How many C++ programmers follow every single one of these? Answer: not enough, and there's no way you can expect to be certain that the folks who submit PRs to this project in the future will follow them. Pick a language that is designed in an intelligent way that does not required manually obeying mountains of conventions. Clojure, Rust, and Haskell are great examples of how language design can completely eliminate several categories of bugs _at compile time_. You make a good point regarding CoffeeScript and its lack of types, to which another reasonable alternative is TypeScript (JS + types) and Typed Clojure (Clojure + types). Code takes on a life of its own. It is in many ways like a child in that sense. Decisions that are made early on will either cripple it later in life, or help it flourish. Choose wisely. |
|
Some more useful CoffeeScript/JavaScript related links (for static typing):
|
|
When we started on Dissent, there was no real alternative type-safe language that really had the combination of features, maturity, portability, and library ecosystem that we needed, comparable to C++ with Qt. The closest potential fits we considered were Java and C#; both had good things going for them, but also had major problems both in terms of APIs, horrendously heavy runtimes, and de facto portability issues (despite the fact that both were supposedly designed with portability in mind). But since that time Go has become mature enough for what we need and operates at more-or-less the right level of abstraction, so we're in the process now of rewriting a next-generation version of Dissent in Go. (I am also tracking Rust, which is very promising, but doesn't yet look mature enough for what we need.) |
|
@bford That's fantastic news! 😄 👍 Very very cool, thank you, and I can't wait to spread the news when it's announced. Am watching the repo. |
|
BTW, curious coincidence, right after posting that I checked HackerNews and guess what's #1 there right now with 680 upvotes? 😄 |
|
Thanks for the update, @bford! That is great to hear. |
|
Having had some more time to explore the tradeoffs between Rust and Go, I think Go would actually be a great choice. FYI here are Go QT bindings for doing the UI. |
|
If Dissent is ever re-written in Go, or Rust, or, let's go crazy, Dart (websites enjoy fast adoption), or another new kid on the block with strong bones, I want to hear about it ! I could maybe even lend a hand with the setting up of a more "formal" feature suite (you already have a strong DESIGN document, kudos) written in Gherkin, whatever the implementation language choices. It's a matter I've been semi-idly thinking about for a decade now, and it warms my heart to finally find like-minded devs. So, not much pulse on this repository ; where's the action ? |
I expect to get flack for this issue. I expect it to be summarily closed and/or ignored.
It nevertheless drives me bonkers whenever I see _new_ security-critical applications are being written in C++ (of all languages)!
Sorry. This is my flack to give to you for that decision. It's not that bad, there are worse things in life to receive. It's a virtual chastisement, and frankly you should be thanking me for it.
Please consider rewriting this in a less-broken and less-insecure language (Rust, OCaml, Haskell, Go, CoffeeScript, Java, Clojure, Scheme, whatever, just not C++).
Otherwise, wonderful project! Looks very interesting and I look forward to learning more about it! 😄
The text was updated successfully, but these errors were encountered: