logoalt Hacker News

Gigachadtoday at 1:03 PM2 repliesview on HN

All I’ve seen is there is literally no programmer smart and careful enough to never create a use after free or out of bounds read in a sufficiently complex codebase.

The state of computer security has moved on from the old model of just patching bugs when you find them. To now where we need to systematically prevent them from happening to begin with.


Replies

allknowingfrogtoday at 1:31 PM

Have you heard of TigerBeetle? Being smart enough doesn't seem to be the primary factor. It's about having a strategy and the discipline to follow it. No type system will ever free you from the burden of doing the actual engineering.

show 2 replies
pseudonytoday at 1:12 PM

- types rarely catch the interesting errors

- any GC'ed language can manage memory for you if you want

- My first rust project (a gui app in GTK) managed to segfault just fine in spite of Rust (no unsafe blocks on my part, not deliberately trying to break anything).

- I think the state of computer security has moved on still, we now rely on LLMs armed with various tools to pick apart and try to break our code AND to generate our code -- it is not at all obvious to me that banging your head against the borrow checker is a worthwhile tradeoff in this new world.