The first fundraising banner on wikipedia was in 2003. That is unquestionably an advertisement, and not even an ethical one given the misleading nature of their campaigns these days.
I don't think it takes pedantry to think advertising in order to solicit funds for a non-profit is still advertising.
If anything the criteria I would apply is does it diminish the user experience while attempting to motivate the viewer to act in a manner that benefits the advertiser.
May I ask why you do not consider it advertising? Is it because it is asking for donations? Because it is a non-profit? If so, why would those factors exempt them?
This affects static libc only. If you pass -dynamic -lc then the libc functions are provided by the target system. Some systems only support dynamic libc, such as macOS. I think OpenBSD actually does support static libc though.
> I think OpenBSD actually does support static libc though.
How does that work, with syscalls being unable to be called except from the system’s libc? I’d be a bit surprised if any binary’s embedded libc would support this model.
For static executables, “the system’s libc” is of course not a thing. To support those, OpenBSD requires them to include an exhaustive list of all addresses of syscall instructions in a predefined place[1].
(With that said, OpenBSD promises no stability if you choose to bypass libc. What it promises instead is that it will change things in incompatible ways that will hurt. It’s up to you whether the pain that thus results from supporting OpenBSD is worth it.)
> How does that work, with syscalls being unable to be called except from the system’s libc?
OpenBSD allows system calls being made from shared libraries whose names start with `libc.so.' and all static binaries, as long as they include an `openbsd.syscalls' section listing call sites.
You can. There is a thread-unsafe implementation here <https://gist.github.com/oguz-ismail/72e34550af13e3841ed58e29...>. But the listing needs to be per system call number, so this one only supports system calls 1 (_exit) and 4 (write). It should be fairly easy to automatically generate the complete list but I didn't try it.
Good point. C's "freestanding" mode, analogous to Rust's nostd, does not provide any functions at all, just some type definitions and constants which obviously evaporate when compiled. Rust's nostd not only can compute how long a string is, it can unstably sort a slice, do atomic operations if they exist on your hardware, lots of fancy stuff but as a consequence even nostd has an actual library of code, a similar but maybe less organized situation occurs in C++. Most of the time this is simply better, why hand write your own crap sort when your compiler vendor can just provide an optimised sort for your platform? But on very, very tiny systems this might be unaffordable.
Anyway, C doesn't have Rust's core versus std distinction and so libc is a muddle of both the "Just useful library stuff" like strlen or qsort and features like open which are bound to the operating system specifics.
If you specify -target x86_64-windows-gnu -lc then some libc functions are provided by Zig, some are provided by vendored mingw-w64 C files, and you don't need mingw-w64 installed separately; Zig provides everything.
You can still pass --libc libc.txt to link against an externally provided libc, such as a separate mingw-w64 installation you have lying around, or even your own libc installation if you want to mess around with that.
That's cool. I imagine I could also maintain a MinGW package that can be downloaded through the Zig package manager and statically linked without involving the zig libc? (Such that the user doesn't need to install anything but zig)
That's a good way to sell moving over to the zig build system, and eventually zig the language itself in some real-world scenarios imo.
It's completely possible to implement printf. here is my impl (not 100% correct yet) of snprintf for my custom libc implemented on top of a platform I'm working on <https://zigbin.io/ab1e79>
The va_arg stuff are extern because zig's va arg stuff is pretty broken at the moment.
Here's a C++ game ported to web using said libc running on top of the custom platform and web frontend that implements the platform ABI <https://cloudef.pw/sorvi/#supertux.sorvi> (you might need javascript.options.wasm_js_promise_integration enabled if using firefox based browser)
yeah I just thought there are "compiler shenanigans" involved with printf! zig's va arg being broken is sad, I am so zig-pilled, I wish we could just call extern "C" functions with a tuple in place of va arg =D
The only thing C compilers do for printf, is static analyze the format string for API usage errors. Afaik such isn't possible in zig currently. But idk why'd you downgrade yourself to using the printf interface, when std.Io.Writer has a `print` interface where fmt is comptime and args can be reflected so it catches errors without special compiler shenigans.
The very same day I sat at home writing this devlog like a coward, less than five miles away, armed forces who are in my city against the will of our elected officials shot tear gas, unprovoked, at peaceful protestors, including my wife.
This isn't some hypothetical political agenda I'm using my platform to push. There's a nonzero chance I go out there next weekend to peacefully protest, and get shot like Alex Pretti.
Needless to say, if I get shot by ICE, it's not good for the Zig project. And they've brought the battle to my doorstep, almost literally.
Andy stay safe. We gotta all come to realization that none of this is possible if we let our democracy slip away. Millions before us died to preserve it. We owe it to them to put up a good fight.
My 85 year old mom lives in Portland and she attends rallies frequently. If you know of any way to support you or other local people doing this work, I'm very interested. My email is on my profile page.
I have a friend who is in Minneapolis. He's involved in caravans which are tracking ICE. He wasn't the driver in the last one. But, the ICE vehicle they tailed suddenly started going in a very direct path, instead of randomly driving. The driver figured it out first. They drove to the driver's house and then stood outside of their car for ten minutes staring at his house. Cars in Minnesota have their license plates on both the front and the back.
Is there any justification for that kind of intimidation? Did any of the Trump supporters vote for that? I hear about paid agitators on the left but not that kind of compensated actors. Is his name in a database now once they did the lookup?
ICE's current mission isn't to deport illegal immigrants. Its current mission is to antagonize anyone who is not a WASP, and seemingly these days, anybody who stands up for non-WASP citizens in the US. As can be easily ascertained by the sheer number of encounters where the officers insist that they don't actually care to see any papers proving the people they're arresting are legal US citizens (let alone legal US residents).
So your questions don't matter because you're arguing about a reality that doesn't exist.
You'd have a lot stronger argument if ICE wasn't being used as a secret police force. They're Immigration Enforcement in name only. Your average citizen would say it's okay to enforce immigration laws, there is no doubt about that; doing middle-of-the-night raids with a blackhawk helicopter in cities of your political opponents is not reasonable[0]. There are plenty more examples of their abhorrent behavior (like killing two American citizens in the midwest and brutalizing protestors) if you cared to search for it.
I've noticed that the MAGAs have been adamant about trying to shift the window back to: "but you agree that immigrants should be deported right?" as some sort of attempt to justify what's happening, I guess. Is that talking point coming from some popular right wing show or something as a last ditch effort before midterms?
Are you ok with the size of the budget these agencies control? Are you ok with it being headed by a guy who never has denied he took a $50k bribe from the FBI and wasn't even the initial target of an investigation?
I would bet you $1000 that not one of the immigrants being rounded up were even accused of that kind of corruption and crimes.
How is this not bald corruption and an insane way to spend tax dollars when people are really struggling in this country?
And I know plenty of restaurant owners in Portland that are closing because of down tourism. Why can Trump sue the IRS for $10B but Portland can't sue him for disparaging the city because he can't figure out that videos of riots are five years old?
The budget needs to increase because there are a lot of people in the country illegally and in order to get every single one of them out the agency needs to scale up. When people start obstructing officers and being violent that increases the required number of officers even more.
We don't need to get them all out, though. The vast majority are picking strawberries and working cheap construction jobs, not funneling drugs and guns.
I'm as concerned with getting them all out as I'm concerned with ticketing every jaywalker.
>The vast majority are picking strawberries and working cheap construction jobs,
This doesn't matter. I do not want the idea that someone can invade my country as long as they avoid drugs and guns to spread through the world. Due to how great America is people are going to want to come here even if they aren't allowed, so they must understand that coming here illegal will end badly for them so they fully understand not to come here illegally since it has negative EV for them.
Well, not to worry then, hateful little attitudes like yours are rapidly undoing America's greatness. Soon noone will want to be there, including Americans.
Enforcing the law is not a hateful attitude. If people don't want to be in a society that enforces laws they can feel free to go to some lawless society.
How many laws has the Trump administration flat out ignored? You're cheerleading the introduction of a lawless society. Perhaps you should reconsider your frame of reference.
Their underlying point is that you're actually being very selective in which laws you want enforced.
For starters, I doubt you've brayed as loudly for the prosecution of business owners who employ illegal migrants, as you are for the migrants themselves. (You certainly didn't mention illegal biz owners in this comment chain.) Likewise, the crimes ICE commits already exceed the crimes of those they're hunting, but you haven't acknowledged that.
Which means you don't actually believe in the law as an impartial force of justice, despite what you might tell yourself. You believe in it as a tool of power, to be wielded strongly against those you dislike, and lightly or not at all, against those you favor.
You believe in power and order, not justice and fairness.
"Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect."
"If you have always believed that everyone should play by the same rules and be judged by the same standards, that would have gotten you labeled a radical 50 years ago, a liberal 25 years ago and a racist today."
When people like you finally realize what is happening in this country, I'm ready to quickly forgive and move on so that we can work together to preserve what freedoms we have left.
but please hurry... we really need you to pay attention and understand the reality that is upon us.
I do know what's happening. I've been around and watching for over a decade. We are bleeding from every orifice from an economic standpoint. The recent moves for deportations is an attempt by the office of the President to save face while not doing anything to fix over-spending, it's also a good vehicle for a surveillance push, and the RNC/old-school dems will be happy so someone like JD can take power afterwards to prop up the current rising oligarchy and further support British assets moving into the middle-east for "oil".
I'm not ignorant. I just know you aren't going to change anything by getting riled up emotionally and using language that indicates instability (I don't know you, my initial comment is because I don't want to see you get snuffed out). There's nothing you can do to solve these problems at this point and time, and they would prefer you protest so they can get your face, for the purposes of marking. Portland also is full of genuinely nutty people, been there several times and there is a real social contagion. You should be spending your time helping who you can, avoiding the authorities in general (never even speak to them), and understand that this "liberal democracy" is slowly collapsing and there's no stopping what's going to happen. We are being hollowed out entirely.
Freedoms aren't going to matter much when we are owned by every foreign nation but our own. I thought about 7 years ago that we could fix this with protesting, now I know that we can't. I'm just seeing this from a view of total loss while you see that there is yet still time.
Quick addendum: this is not me attempting to demoralize. I do think that once people can't pay for bread then maybe something will change. Up until that point the majority will give away every right for even the slightest relief, anything for a little hope of a better future. This has happened many times before. Empires rise and fall, it's nothing unique or out of the ordinary across history. First and foremost look out for yourself and your loved ones, and be willing to be flexible
Only white pilling for me sir. I believe in the morning light after a dark night. I just know that the tide comes in and out reliably.
If you believe protesting is the way forward then go for it; just don't get shot while doing it.
Anyway; I like Zig a lot btw.. loving what you guys are doing.
These few-minutes-old accounts swooping in on hot button issues to try persuade people are such a goddamn scourge, I wish there were something that could be done about it.
In the end I probably just need to leave HN for a while because it's really doing a number on what's left of my ability to trust what I read online.
In fact if you were to make a police force entirely out of CBP officers who have been arrested, it would be the fourth largest police force in America.
> I wish there were something that could be done about it.
I find it helpful to think of HN like one would any other social media site. There are things they could be doing to curtail these sorts of accounts. They have apparently chosen not to.
In the Federal model of US government, state authority overrides centralized government except in the explicit cases enumerated by the Constitution.
So yes, of course they mean their local officials, because in this case there isn’t an explicit line in the Constitution explaining why the feds are allowed to invade Minnesota.
The Supreme Court has disagreed with you on the matter of federal immigration constitutional authority for more than a century. There isn’t any “invasion”; that’s a propaganda device.
I like how you call peaceful protests when people throw huge rocks, break city infrastructure and damage property and take 0 accountability for it. And most likely don't pay taxes to fix it up later.
How convenient it must be to blame officers instead of bad actors just because you agree with their side.
This is purely pushing political agenda, you just covering it up.
Since you're so eager to construe his support for peaceful protest as support for civil unrest, I therefore think it's fair if I construe your defence of ICE to mean support for their extrajudicial executions and the people who dress up as ICE (ie: masked men dragging people at gunpoint into unmarked vans) to kidnap and rape people.
You can construe what you want, but I don't put my political (or any other views) into unrelated posts and try to conceal/justify it later.
My point is not about the views - its still free internet and most of us live in free speech countries - its about putting it out there while being fully aware that many people will read the news post about a popular language and then talking how its not a political statement.
You seem to have vastly misread his comment in your defensiveness: 1) his comment is not a concealment or a justification, it's an elaboration. This is more than mere semantic nitpick: he doesn't need to justify anything to you or conceal anything from you; he is not seeking your approval. Similarly 2) nor did he say it's "not a political statement", he said it "isn't some hypothetical political agenda", which to me has the extremely obvious meaning that it's not a virtue signal or other ulterior motive, that he may actually be dead by next week. If anything, he's confirming without a doubt that he included politics in his devlog, not denying it. Did his inclusion of "Abolish ICE" at the very bottom of his devlog really put you so off-kilter? Good grief, go outside.
I can't hold it so had to create an account to share, I'm sorry. I'm one of the minor zig contributors, and I'm reading ziglang blog for the purpose of engagement in software engineering craft.
I don't want to see these ICE stuff or whatever else political opinion you or somebody else have. I'm not from US and I barely know what ICE is but you're hating on people (I'm sure you think it's deserved, as with any hate) and I assume you may hate me at some point because I do something you don't share or like (like this comment for example).
Thinking that creator of Zig may hate me, takes a lot of fun from using the language let alone contributing to it or areas surrounding it. What if tomorrow people with tattoos at particular spot will be hated in media and you'll be posting "Abolish people with tattoo". Not the best comparison, but I hope you got why I feel scared of engaging with community now.
I think you have big responsibility for maintaining community of people with different political opinions and you are definitely free to share it on your personal blog. But you chose to do it in the community driven project as a lead of that project. And it's not first time. It's a bit different. For me at least.
Also the fear is what made me create this new account, I'm not a bot or something like that. I'm just afraid due to many (political) reasons and I want to find peace in playing with computers and one of these safe places was just taken from me, which you probably have the right to do but you could've avoided it. You're not the only one. There are many projects like this who mention Gaza, Ukraine, Russia, Israel, all these stuff. It's getting less and less projects to engage with (again, for me, I think it works well for those projects as they attract people they like).
I'm sorry you have to suffer and see people deaths. Me too. I understand it's difficult to hold these stuff inside. As you can see I couldn't ether. But I hoped you're stronger than me.
The world demonstrates in many instances, that you do not have to have empathy with people suffering from oppression, rape, murder, etc in order to "succeed" in terms of wealth and power.
Meaning: if you can't accept that someone publishing words/code/etc on the web at the same time also offers their own strong opinions (that you directly claim to be hate) about their own such issues, there's plenty of "communities" in which this kind of unempathetic approach to other people and their lives is celebrated and normalized.
If you barely know what ICE is, how can you claim his opinions to be "hate"? How can you claim that Andrew may hate you without thinking you identify with what you understand about ICE?
What ICE does is unmistakenly fascistic and authoritarian, far beyond the powers they have been granted by law and democratic processes. It's utterly disgusting to try and compare protesting and fighting against that with "abolish people with tattoos".
ICE is an institution, a government agency among a dozen+ law enforcement agencies in the US. You compare advocating for abolishing it through democratic process (what Andrew expressed) with calling for the murder of many millions of people with a private hobby.
And while Andrew may have some responsibility towards the community he founded; if he has the responsibility to include different political opinions, he most certainly has the responsibility to exclude fascism. Fascism is the destruction of different opinions, it is not a political opinion that can stand among others and be compared on the same basis: that of human rights at the minimum.
Ask yourself and reflect: why does this very simple and inoffensive call by Andrew make you scared, especially if you don't know what ICE is and does? Could you have been influenced into this feeling? It is certainly not a rational reaction to a few characters of text viewed on a screen.
But if legal system decides the output of LLMs belongs to the entity that trained it, and given that Copilot has the capability to generate any possible code, that means Microsoft, via Copilot, will own copyright to all possible code in the universe, which will naturally allow Microsoft to acquire ReactOS.
Good thing I didn't develop an unnecessary dependency on this product, so now I don't have to suffer through its enshittification. It's almost like it was obvious this was going to happen years ago.
By the way don't sleep on this detail:
> The banner ads will appear in the coming weeks for logged-in users of the free version of ChatGPT *as well as the new $8 per month ChatGPT Go plan*
Even if you pay for the product, you're still the product. If we don't own our software, our software will own us.
If you wanted to match Ghostty's performance in Rust, you'd need to use unsafe in order to use these memory mapping APIs, then you'd be in the exact same boat. Actually you'd be in a worse boat because Zig is safer than unsafe Rust.
> If you wanted to match Ghostty's performance in Rust, you'd need to use unsafe in order to use these memory mapping APIs, then you'd be in the exact same boat.
Yea, but not for all the parts — being able to isolate the unsafe and build abstractions that ensure certain usage parts of the unsafe stuff is a key part of high quality rust code that uses unsafe.
In this case though I think the emphasis is on the fact that there is a place where that code should have been in Rust land, and writing that function would have made it clear and likely avoided the confusion.
Less about unsafe and more about the resulting structure of code.
> Actually you'd be in a worse boat because Zig is safer than unsafe Rust
Other people have mentioned it but I disagree with this assertion.
Its a bit simplistic but I view it this way — every line of C/Zig is unsafe (lots of quibbling to do about what “unsafe” means of course) while some lines of rust are unsafe. Really hard for that assertion to make sense under that world view.
That said, I’m not gonna miss this chance to thank you and the Zig foundation and ecosystem for creating and continuously improving Zig! Thanks for all the hard work and thoughtful API design that has sparked conversation and progress.
This is trivially false... for instance here's a line:
const pi = 3.14;
It's actually a pretty small subset of the language that can cause unchecked illegal behavior.
Also IMO the word "safety" should include integer overflow. I don't agree that those kind of bugs are so unimportant as to not be checked in safe builds.
> This is trivially false... for instance here's a line:
Yep, that was really wrongly stated on my part -- what I meant is that the kind of protections that "safe" Rust provides are not available anywhere in average lines of Zig code (though they can be detected with tooling, etc).
What I should have written is that I could easily write unsafe code anywhere in Zig (as in C). In practice of course most people don't because they're not trying to destroy their own computers, and most code is benign. Rust will at least save me from myself some of the time.
> Also IMO the word "safety" should include integer overflow. I don't agree that those kind of bugs are so unimportant as to not be checked in safe builds.
Rust does do some work to catch trivial overflows, but you're right that it does not catch any slightly more complex overflows, and that is certainly unsafe in a sense. I don't think any reasonable person would disagree with that.
Rust's answer to this of course is checked_{op}/wrapping_{op}/etc options, and that's what I often see in high quality codebases where it matters. Of course, this is a footgun that could have had a safety applied and it's too late now (AFAIK) to change the default to be always wrapping or something (also, I think people may oppose always checked for perf reasons).
[EDIT] Just to compare/make this more concrete, playgrounds:
It's just that little bit of safety that makes it easy for me (personally) to default to Rust. Very possible that someday that won't be true.
[EDIT2] Also, somewhat under-discussed, but if Zig supported a bolt-on a "safety check compile mode" that ran with some stricter (maybe not quite borrow checking level) semantics, that would be pretty dope. Of course not something anyone should devote any real time to for a long time (or ever?) BUT it would trivialize a lot of these discussions maybe.
But in the mean time people just using what they're comfortable with/the feel they want is obviously fine.
Although Rust provides Wrapping<i32> if you want that, in practice you don't want that, wrapping unsigned integers are occasionally useful and I've written code with Wrapping<u8> and Wrapping<u32> types, but wrapping signed integers basically never come up. However it is significantly faster and it remains well defined so that's why it was chosen for release builds.
Those are great points, thanks for mentioning this, re-enabling overflow checks for release builds would indeed make the code safer with only a config change.
It's great that there are lots of options other than wrapping as well, checked, saturating, etc -- that at the cost of a little inefficiency make code that is robust to such failures really obvious.
I don't buy your theory that a Rust terminal would need to directly use mmap to deliver matching performance. In fact I doubt Ghostty's author would endorse this claim either, they've never tried any alternatives, they tried this and it works for their purpose which is a long way from other ways wouldn't work or would all be slower or whatever.
Please don’t get defensive and spread silly FUD. You can be proud of what you’ve accomplished without feeling sad that a different language has strengths that yours doesn’t.
Calling unsafe mmap APIs not only is unlikely to run into the corner cases where unsafe Rust is tricky to get right, there’s “millions” of crates that offer safe APIs to do so and it’s fundamentally not hard to write it safely (it would be very hard to write it to have any issues).
And fundamentally I think Rust is much more likely to be easier to get high performance because the vast majority of safe code you write is amenable to the compiler performing safe optimizations that Zig just can’t do regarding pointer aliasing (or if it does brings all the risks of of unsafe Rust when the user annotates something incorrectly).
I don't think this is silly FUD. The article describes a scenario where the low-level abstractions itself was buggy in a subtle way, the comparison to "unsafe" Rust seems entirely fair to me. (edited for typos)
With Rust you always could unsafely do whatever went wrong in somebody's C or Zig or whatever, but the question is whether you would. Rust's technical design reinforces a culture where the answer is usually "No".
I don't find the claim that weird low level mmap tricks here are perf critical at all persuasive. The page recycling makes sense - I can see why that's helping performance, but the bare metal mmap calls smell to me like somebody wanted to learn about mmap and this was their excuse. Which is fine - I need to be clear about that - but it's not actually crucial to end users being happy with this software.
I think we can agree that Mitchell knows what he’s doing and isn’t playing around with mmap just because. It’s probably quite important to ensure a low memory footprint. But mmap in rust is not extra risky in some weird mystical way. It’s just a normal FFI function to get a pointer back and you can trivially build safe abstractions around it to ensure the lifetime of a slice doesn’t exceed the lifetime of the underlying map. It’s rust 101 and there’s nothing weird here that can cause the unsafe bits here to be extra dangerous (in general unsafe rust can be difficult to get right with certain constructs, but it doesn’t apply here).
I actually don't think I agree about mmap. Reading around it seems as though Mitchell had clever ideas for abusing mmap and those didn't work out. Now he's got mmap for the pages and it works so why replace it, but that does not mean you need mmap to deliver this performance and in fact I'd be extremely surprised if that were true as somebody who spent about a decade of his life mostly writing close-to-metal database code in C using mmap...
If you want a whole lot of bytes and you ask your allocator, do you know what almost any popular general purpose allocator will do on a vaguely decent modern Unix? Call mmap to get them for you. So at most you're cutting out a few CPU instructions worth of middle man.
Also in C or Zig you do not need to create your own memory management using mmap. Whether this is necessary in this case or not is a different question.
In the end, if the Rust advantage is that "Rust's technical design reinforces a culture" where one tries to avoid this, then this is a rather weak argument. We will see how this turns out in the long run though.
The long run has already spoken. Go look at the reports out of Microsoft and Android. It’s screamingly clear that the philosophy of Rust that most code can be written in safe with small bits in unsafe is inherently safer. The defect rate plummets by one or two orders of magnitude if I recall correctly. C is an absolute failure (since it’s the baseline) and Zig has no similar adoption studies. You could argue it will be similar if you always compile releasesafe, but then performance will be worse than C or Rust due to all the checks and it’s unclear how big a while the places that aren’t dynamically checked are.
Oh and of course rust is inherently slightly faster because no reference aliasing is allowed and automatically annotated everywhere which allows for significant aggressive compiler optimizations that neither C nor Zig can do automatically and is risky to do by hand.
More FUD and guilt by association. Microsoft and Google are also major contributors to the C and C++ standards bodies. Microsoft also has C# and Google has Kotlin. I think claiming they control Rust is weak given the community organization structure within the project and claiming the studies are inherently biased because they provide some funding is exceedingly weak.
IMHO the onus is on you to present any contrary studies showing Rust's safety profile isn't as good as the studies indicate when compared with C++ or to demonstrate where Zig's safety profile in real world complex environments stacks up.
We can disagree on opinions, but you can't discard all experimental evidence in favor of no evidence, especially when the safety profile of Rust is backed by solid theoretical models as to why it would be safer.
To that point, AWS and Cloudflare have also adopted the Rust language for all new projects. I think that says something about the recognition that it really is much harder to write trivial memory vulnerabilities.
I don't put too much wait on the self-reporting by Microsoft or Google. I agree though that the strategy to write safe bits and abstractions is good. What I know not to be true is the idea that similar strategies would not work also in C.
> What I know not to be true is the idea that similar strategies would not work also in C.
Is your argument that developers at MS and Google haven’t been trying to employ these strategies for existing C codebases? It’s a bold position to take and one I’d say devoid of evidence; all the evidence suggests it’s really hard to reason about ownership in complex systems and abstractions only help you do so error free up to a very limited point.
I know for sure that Microsoft does not, because they are not interested in C (and there compiler does not even fully support recent standards) and I assume the same thing about Google. I general, I do not think they write much C in the first place. I also think their use cases and priorities are different from others.
> We will see how this turns out in the long run though.
Rust 1.0 was in 2015. This is the long run. And I disagree that safety culture is a "weak argument". It's foundational, this is where you must start, adding it afterwards is a Herculean task, so no surprise that people aren't really trying.
I am not saying that safety culture is irrelevant, not at all. I am saying that if the advantage of Rust is the culture that emphasizes safety (or rather memory safety, if the Rust community cared about safety in general cargo would not exist in this form) then that is a weak argument.
I don't think 10 years ago there was a lot of Rust used, so I am not sure how relevant it is that 1.0 was released at this time.
The culture of Rust is pretty uniform both in terms of convention (lots of good examples to learn from) and automated tooling (eg cargo clippy can fix many constructs into cleaner versions).
But sure, ultimately any code you see is limited by the talent of the author. However the safety of that code is not - it’s limited by how many unsafe blocks they wrote which you can actually grep for.
This is a naive and dangerous view of "unsafe". The safety of surrounding code depends on the unsafe blocks not violating invariants of safe Rust, and the safety of "unsafe" blocks may rely on assumptions about the safe part. Also it relates only to memory safety, so if your code review is to grep for "unsafe" blocks you are doing it wrong anyway.
Of course, culture and technical design are both important for any language, but be specific. Despite the prevalence of tools that improve C's safety, writing C safely generally requires a culture of using those tools and other techniques. For better or worse, Rust's borrow checker is a clear demonstration of where Rust lies on the safety-freedom spectrum.
The low level abstraction was buggy because they forgot to free memory because they confused types, not because of mmap.
Thats completely orthogonal to the question and less likely in Rust because you would generally use an enum with Drop implemented for the interior of the variants to guarantee correct release.
And mmap is no more difficult to call in Rust nor more magically unsafe - that’s the FUD. The vast majority of Ghostty wouldn’t even need unsafe meaning the vast majority of code gets optimized more due to no aliasing being automatic everywhere and why the argument that “zig is safer than unsafe rust” is disingenuous about performance or safety of the overall program.
reply