Fun fact, Rust has a special error message for this:

Unicode character ‘;’ (Greek Question Mark) looks like a semicolon, but it is not.

It also detects other potentially confusing Unicode characters, like the division slash which looks like /.

Tell me you don’t know what a programming language is without telling me you don’t know what a programming language is

I have this great idea for an app, we can go 70/30 on it! 70 for me because the idea is the hardest part after all. So basically it’s Twitter plus Facebook plus Tinder with a built in MMO. You can get that done in a couple weeks, should be pretty easy right?

In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”.

Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list.

No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this:

https://www.chromium.org/Home/chromium-security/memory-safety/

Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective:

https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/

Of course! Thanks for the discourse. Makes the world go 'round.

And as I said, if they manage to entirely switch, I won’t have reservations.

As far as security in extant browsers and C++, see here: https://www.chromium.org/Home/chromium-security/memory-safety/

The Chromium project finds that around 70% of our serious security bugs are memory safety problems.

It’s a serious issue.

Yeah, it was ok when the project started. The issue begins once it transitions from a toy to a potential competitor with Firefox.

Yeah, I know the history. And if they fully switch to Swift and manage decent performance, that would be acceptable, just strange. And it would also be fine to use whatever language if it were only a hobby project. I just reject the notion that C++ is an acceptable choice for new projects in security-critical positions.

The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.

It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.

“yeah man it’s right above [Xe] 4f¹⁴ 5d¹⁰ 6s¹, you can’t miss it”

The alternative is making Russia getting/keeping the territory a worse option than leaving Ukraine the hell alone. I agree that the unfortunate reality is that Putin will never - can never - give up the war willingly without concessions, but the flip side to that is they’ll be back for more sooner or later. We have to make the war such a bad option for Russia that Putin is deposed, whether by his oligarchs or by the Russian people. It’s a difficult fight, but it’s one we’ve fought before on 3 fronts in WWII. The difference, this time, being nukes exist and that understandably makes a lot of people nervous - but again, expansionists never stop. The confrontation has to come at some point unless we want all-out war in Europe.

I’m far removed from the situation, so my opinion isn’t worth much on this part, but I think realistically maybe there could be some concessions around Crimea for a peace deal - sort of a status quo ante or similar - but Russia would have to make some concessions in turn for Ukraine to agree (NATO peacekeeping forces in Ukraine? Still a no-go for Putin though…). Ceding Ukranian territorial losses from the current war, though, will only put off the eventual confrontation, and hurt the West in the meantime.

Giving away conquered territory in hopes of peace is called appeasement. Historically, it doesn’t go well.

Isn’t that just the current state of affairs?

A favorite of mine is Ghidra. Before they realeased+open souced it a few years back, the only option for real software reverse engineering (as in, for large and non-trivial programs, where you need more than just fancy disassembly) was IDA Pro, which is absurdly expensive if you’re not sponsored or willing to pirate. Now, some of us kinda take for granted the fact that there’s an open source world-class RE tool. And honestly, I even prefer it to IDA Pro - that’s how good it is.