Stories with Tag C Programming Language

• Greg K-H: "Writing new code in Rust is a win for all of us"

  permalink

  Posted: 2025-02-19 12:12:52

  Verbose tl;dr

  Greg Kroah-Hartman's post argues that new drivers and kernel modules being written in Rust benefit the entire Linux kernel community. He emphasizes that Rust's memory safety features improve overall kernel stability and security, reducing potential bugs and vulnerabilities for everyone, even those not directly involved with Rust code. This advantage outweighs any perceived downsides like increased code complexity or a steeper learning curve for some developers. The improved safety and resulting stability ultimately reduces maintenance burden and allows developers to focus on new features instead of bug fixes, benefiting the entire ecosystem.

  In a post to the Rust for Linux mailing list titled "Writing new code in Rust is a win for all of us," Greg Kroah-Hartman, a prominent Linux kernel developer, articulates his enthusiastic support for integrating Rust into the Linux kernel. He emphasizes that utilizing Rust for developing new kernel code offers substantial benefits across the board, improving the experience for developers, maintainers, and ultimately, end users.

  Kroah-Hartman underscores the value of Rust's memory safety features. He explains that these features will preemptively address a significant proportion of kernel bugs, particularly those related to memory management, which have historically been a persistent and challenging issue. This proactive approach to bug prevention will reduce the time and resources spent on debugging and patching vulnerabilities, resulting in a more robust and secure kernel.

  Furthermore, he highlights that writing new kernel code in a memory-safe language like Rust simplifies the development process. By mitigating memory-related errors at compile time, developers can focus on the core logic and functionality of their code, rather than getting bogged down in intricate memory management details. This enhanced developer experience translates to increased productivity and potentially faster development cycles for new features and improvements.

  From a maintainer's perspective, the integration of Rust promises a reduced workload. With fewer memory-related bugs to triage and fix, maintainers can dedicate more time to reviewing code for correctness and improving overall kernel quality. This shift in focus from reactive bug fixing to proactive code improvement will contribute to a more stable and reliable kernel in the long run.

  Finally, Kroah-Hartman points out that these benefits ultimately translate to a better experience for end users. A more secure and stable kernel means fewer system crashes, improved performance, and enhanced reliability. This improved stability will result in a more positive user experience, fostering trust in the Linux operating system. He concludes by reiterating his belief that embracing Rust for new kernel code is a positive development for everyone involved in the Linux ecosystem, from developers and maintainers to the end users who rely on the kernel's stability and performance.

  • Rust
  • Linux
  • Kernel
  • Greg Kroah-Hartman
  • programming language
  • Systems Programming
  • Software Development
  • Open Source
  • performance
  • Security
  • maintainability
  • C Programming Language

  Summary of Comments ( 231 )
  https://news.ycombinator.com/item?id=43101204

  Verbose tl;dr

  HN commenters largely agree with Greg KH's assessment of Rust's benefits for the kernel. Several highlight the improved memory safety and the potential for catching bugs early in the development process as significant advantages. Some express excitement about the prospect of new drivers and filesystems written in Rust, while others acknowledge the learning curve for kernel developers. A few commenters raise concerns, including the increased complexity of debugging Rust code in the kernel and the potential performance overhead. One commenter questions the long-term maintenance implications of introducing a new language, wondering if it might exacerbate the already challenging task of maintaining the kernel. Another suggests that the real win will be determined by whether Rust truly reduces the number of CVEs related to memory safety issues in the long run.

  The Hacker News post "Greg K-H: "Writing new code in Rust is a win for all of us"" (https://news.ycombinator.com/item?id=43101204) has generated a robust discussion with a multitude of comments exploring various facets of Rust's integration into the Linux kernel.

  Several commenters express enthusiasm for Rust's potential to improve the kernel's security and reliability, echoing Greg KH's sentiments in the original email. They highlight Rust's memory safety features as a crucial advantage in mitigating vulnerabilities, a persistent challenge in C-based development. Some point out the potential for improved performance due to Rust's compile-time guarantees, reducing the need for runtime checks.

  A recurring theme in the comments is the practical consideration of integrating Rust into a large, established C codebase. Commenters discuss the complexities of interfacing between Rust and C, the learning curve for kernel developers accustomed to C, and the potential impact on the kernel's maintainability. Some raise concerns about the long-term implications of supporting two languages within the kernel, while others express optimism that the benefits outweigh the challenges.

  Several commenters delve into specific technical aspects of Rust and its suitability for kernel development. Discussions arise around topics such as error handling, memory management strategies, and the potential for Rust to enable new design patterns within the kernel. Some commenters share their own experiences using Rust for systems programming, offering insights into its strengths and weaknesses.

  A notable point of discussion revolves around the cultural implications of adopting Rust. Some commenters express concerns about the potential for Rust to create a divide within the kernel development community, with some developers embracing the new language while others remain committed to C. Others argue that the transition to Rust will be a gradual process, allowing for a smooth integration and knowledge transfer within the community.

  There's also discussion of the potential impact on driver development. Some commenters suggest that Rust could simplify driver development and improve their reliability, while others express concerns about the added complexity of incorporating Rust into existing driver ecosystems.

  Finally, a few comments address the broader implications of Rust's growing adoption in systems programming. They see the Linux kernel's embrace of Rust as a significant validation of the language's potential and anticipate further adoption in other critical systems. Some commenters express hope that this move will inspire further innovation in systems programming languages and tools.

• Nvidia Security Team: “What if we just stopped using C?” (2022)

  permalink

  Posted: 2025-02-10 09:16:04

  Verbose tl;dr

  Nvidia's security team advocates shifting away from C/C++ due to its susceptibility to memory-related vulnerabilities, which account for a significant portion of their reported security issues. They propose embracing memory-safe languages like Rust, Go, and Java to improve the security posture of their products and reduce the time and resources spent on vulnerability remediation. While acknowledging the performance benefits often associated with C/C++, they argue that modern memory-safe languages offer comparable performance while significantly mitigating security risks. This shift requires overcoming challenges like retraining engineers and integrating new tools, but Nvidia believes the long-term security gains outweigh the transitional costs.

  In a 2022 blog post titled "Nvidia Security Team: 'What if we just stopped using C?'" hosted on the AdaCore blog, the author discusses a presentation given by Nvidia's security team exploring the possibility of transitioning away from C and C++ in their codebase due to the inherent security risks associated with these languages. The post emphasizes the prevalence of memory safety vulnerabilities, such as buffer overflows, use-after-free errors, and double frees, which plague C and C++ development and contribute significantly to exploitable security flaws. These vulnerabilities arise from the manual memory management paradigm prevalent in these languages, giving developers extensive control over memory allocation and deallocation, but also leaving them prone to errors.

  The Nvidia team highlighted the increasing cost and complexity of mitigating these vulnerabilities, outlining the various techniques they currently employ, including code reviews, static analysis tools, and dynamic analysis tools like sanitizers. While acknowledging the effectiveness of these methods to a certain extent, they pointed out that these strategies are reactive rather than preventative and require significant ongoing investment. Furthermore, these mitigations don't address the root cause of the problem: the inherent unsafety of manual memory management.

  The post then elaborates on Nvidia's exploration of alternative, memory-safe languages like Rust, Go, and Ada. The blog post focuses particularly on Ada and SPARK, a formally verifiable subset of Ada, emphasizing their robust type system, compile-time error checking, and built-in memory safety features as attractive alternatives to the vulnerabilities of C and C++. The argument presented is that these languages, through their design and features, inherently prevent many of the memory-related vulnerabilities that plague C and C++, leading to more secure code by design.

  While acknowledging the significant undertaking of migrating away from a large, established C/C++ codebase, the Nvidia team expressed a belief that the long-term benefits in terms of improved security, reduced development costs associated with vulnerability mitigation, and a more robust and reliable software ecosystem justify the investment. The post concludes by highlighting Ada and SPARK as strong contenders for replacing C and C++ in safety-critical and security-sensitive applications, and portrays Nvidia's exploration as a significant indication of the growing industry interest in memory-safe languages for mitigating increasingly prevalent and costly security vulnerabilities. This exploration signals a potential shift in programming paradigms for large organizations concerned with software security, moving towards languages that prioritize memory safety by design.

  • Nvidia
  • Security
  • C Programming Language
  • Memory Safety
  • software vulnerabilities
  • Rust
  • C++
  • Ada
  • Programming Languages
  • Software Development
  • 2022

  Summary of Comments ( 148 )
  https://news.ycombinator.com/item?id=42998383

  Verbose tl;dr

  Hacker News commenters largely agree with the AdaCore blog post's premise that C is a major source of vulnerabilities. Many point to Rust as a viable alternative, highlighting its memory safety features and performance. Some discuss the practical challenges of transitioning away from C, citing legacy codebases, tooling, and the existing expertise surrounding C. Others explore alternative approaches like formal verification or stricter coding standards for C. A few commenters push back on the idea of abandoning C entirely, arguing that its performance benefits and low-level control are still necessary for certain applications, and that focusing on better developer training and tools might be a more effective solution. The trade-offs between safety and performance are a recurring theme.

  The Hacker News post titled "Nvidia Security Team: “What if we just stopped using C?” (2022)" has generated a lively discussion with numerous comments. Many commenters agree with the premise that C is inherently unsafe and contributes significantly to software vulnerabilities. Several suggest Rust as a strong contender for replacing C, citing its memory safety features and performance characteristics.

  A recurring theme is the inertia within organizations and the perceived cost and effort of transitioning away from C. Some commenters express skepticism about the feasibility of such a move, particularly in large, established codebases. Others counter this by arguing that the long-term benefits of improved security and reduced maintenance outweigh the initial investment.

  Several compelling comments delve deeper into specific aspects:

  • Some discuss the cultural shift required within development teams to adopt new languages and practices. They emphasize the importance of training and education in ensuring a successful transition.
  • Others point out that while Rust offers advantages, it's not a silver bullet. It has a steeper learning curve than C and may not be suitable for all use cases, especially those requiring very low-level control or interaction with legacy systems.
  • The idea of gradual migration is also discussed, where new code is written in safer languages like Rust while existing C code is maintained or incrementally rewritten. This approach is seen as more pragmatic than a complete overhaul.
  • Some comments highlight the success stories of other companies that have adopted Rust, citing improved security and developer productivity. These examples serve as evidence for the practicality of transitioning away from C.
  • A few commenters raise the issue of tooling and ecosystem maturity. While the Rust ecosystem is rapidly evolving, it's not as mature as C's, which could pose challenges for certain projects.
  • The performance comparison between C and Rust is also a point of discussion. While Rust is generally considered performant, there are specific scenarios where C might offer slight advantages, though these are becoming increasingly rare.

  The comments overall reflect a general sentiment that while moving away from C is a significant undertaking, it is a necessary step towards building more secure and reliable software. The discussion acknowledges the complexities and challenges involved but also expresses optimism about the potential benefits and the growing momentum behind safer alternatives like Rust.

• 100 years of Bell Labs [pdf]

  permalink

  Posted: 2025-01-26 16:10:24

  Verbose tl;dr

  Bell Labs, celebrating its centennial, represents a century of groundbreaking innovation. From its origins as a research arm of AT&T, it pioneered advancements in telecommunications, including the transistor, laser, solar cell, information theory, and the Unix operating system and C programming language. This prolific era fostered a collaborative environment where scientific exploration thrived, leading to numerous Nobel Prizes and shaping the modern technological landscape. However, the breakup of AT&T and subsequent shifts in corporate focus impacted Bell Labs' trajectory, leading to a diminished research scope and a transition towards more commercially driven objectives. Despite this evolution, Bell Labs' legacy of fundamental scientific discovery and engineering prowess remains a benchmark for industrial research.

  This PDF document, titled "100 Years of Bell Labs," commemorates the centennial anniversary of Bell Telephone Laboratories, highlighting its profound and multifaceted contributions to science, technology, and society. The document begins by tracing the origins of Bell Labs back to the establishment of the Western Electric Engineering Department in 1925, emphasizing its initial focus on improving telephone communication technologies. It then meticulously chronicles the evolution of the institution, illustrating how its scope expanded far beyond its initial mandate.

  The document richly details the breadth of Bell Labs' innovations, providing specific examples across diverse fields. In telecommunications, it recounts the development of vital components like the transistor, the laser, and fiber optic cables, technologies that revolutionized voice and data transmission globally. The narrative extends beyond hardware to encompass software breakthroughs, mentioning contributions to the UNIX operating system and the C and C++ programming languages, which became cornerstones of modern computing.

  The document further delves into Bell Labs' pivotal role in shaping information theory and digital signal processing, spotlighting the work of Claude Shannon and other prominent researchers. It underscores the significance of these theoretical advancements in laying the foundation for the digital age. Beyond these core areas, the document explores Bell Labs' impact on materials science, with examples like the development of high-purity silicon, and its contributions to astronomy and astrophysics, referencing the discovery of cosmic microwave background radiation.

  The document meticulously documents the numerous Nobel Prizes and other prestigious awards bestowed upon Bell Labs scientists, emphasizing the recognition of their groundbreaking work by the scientific community. It also highlights the collaborative environment and the culture of intellectual freedom fostered within Bell Labs, which arguably played a crucial role in its sustained success. The narrative touches upon the organizational restructuring and changing ownership of Bell Labs over the decades, from its initial association with AT&T to its later affiliation with Lucent Technologies and, subsequently, Alcatel-Lucent and Nokia.

  Throughout the document, the authors emphasize the lasting legacy of Bell Labs, not just in terms of specific technologies, but also in its enduring influence on the scientific and engineering landscape. They portray Bell Labs as a unique institution that successfully combined fundamental research with practical application, fostering an environment where scientific curiosity and technological innovation could flourish. The document concludes with a reflection on the future of Bell Labs and its continued pursuit of scientific discovery and technological advancement, suggesting that even after a century of remarkable achievement, the spirit of innovation at Bell Labs remains vibrant.

  • Bell Labs
  • History of Technology
  • Telecommunications
  • Innovation
  • Research and Development
  • 20th Century
  • 21st Century
  • Science
  • Engineering
  • Transistors
  • Lasers
  • information theory
  • unix
  • C Programming Language
  • Nobel Prizes

  Summary of Comments ( 3 )
  https://news.ycombinator.com/item?id=42831043

  Verbose tl;dr

  HN commenters largely praised the linked PDF documenting Bell Labs' history, calling it well-written, informative, and a good overview of a critical institution. Several pointed out specific areas they found interesting, like the discussion of "directed basic research," the balance between pure research and product development, and the evolution of corporate research labs in general. Some lamented the decline of similar research-focused environments today, contrasting Bell Labs' heyday with the current focus on short-term profits. A few commenters added further historical details or pointed to related resources like the book Idea Factory. One commenter questioned the framing of Bell Labs as primarily an American institution given its reliance on global talent.

  The Hacker News post titled "100 years of Bell Labs [pdf]" contains a number of comments discussing the linked PDF and Bell Labs' historical impact. Several commenters reflect on the unique environment and culture that fostered such a high degree of innovation at Bell Labs.

  One commenter highlights the freedom researchers had to pursue their interests, noting the "long view" Bell Labs took, allowing scientists to delve into fundamental research without immediate pressure for practical applications. This long-term perspective is contrasted with the more short-term, profit-driven approach prevalent in today's research environments. The commenter points out how this freedom led to groundbreaking discoveries, often with unexpected applications that emerged much later.

  Another commenter emphasizes the "synergy between theorists, experimentalists, and engineers" at Bell Labs, suggesting this close collaboration played a crucial role in their success. The commenter expresses admiration for the institution's ability to bring together diverse expertise, creating a fertile ground for innovation.

  Several comments touch on the decline of Bell Labs, attributing it to various factors such as the breakup of AT&T, changing corporate priorities, and the increasing emphasis on short-term gains over long-term research. Some lament the loss of this unique research environment and express a desire for similar institutions to emerge in the modern era.

  One commenter specifically mentions the book "The Idea Factory: Bell Labs and the Great Age of American Innovation" by Jon Gertner as a further resource for understanding the history and culture of Bell Labs.

  A few commenters also discuss specific technologies and innovations that emerged from Bell Labs, including the transistor, lasers, and Unix, further emphasizing the institution's significant contributions to science and technology.

  Overall, the comments express a mix of admiration for Bell Labs' past achievements, nostalgia for its unique research environment, and concern about the decline of long-term, fundamental research in the current landscape. The commenters see Bell Labs as a model for successful research and development and express a desire to learn from its history and potentially recreate some aspects of its approach in modern institutions.