But that’s not actually true in general; there is a default branch concept in forges, and an integration and/or release branch in most recommended workflows. That’s the trunk.

Believe me, whitespace-correct scripting is absolutely an issue.

You’re right that it’s annoying when filenames diverge right at a character that must be escaped.

For interactive use, tab-completion essentially makes this a non-issue, because shells add escaping in the appropriate places.

For scripting, where spaces are harder to deal with, unfortunately there’s just not much you can do; your two options are basically to learn all of your particular shell’s patterns for dealing with whitespace in filenames, or only write scripts in something other than a POSIX shell.

That’s fair; Python, Swift, and most Lisps all use or have previously used reference-counting. But the quoted sentence isn’t wrong, since it said no “garbage collection pauses” rather than “garbage collection.”

“Garbage collection” is ambiguous, actually; reference counting is traditionally considered a kind of “garbage collection”. The type you’re thinking of is called “tracing garbage collection,” but the term “garbage collection” is often used to specifically mean “tracing garbage collection.”

To be fair, the drop/dealloc “pause” is very different from what people usually mean when they say “garbage collection pause”, i.e. stop-the-world (…or at least a slice of the world).

This is hilarious. I’m not sure how often anyone would actually need to verbalize arbitrary binary data, but I do see an advantage over base64 since the English letter names are so often phonetically similar.

… until you have an off day, or you get bored of coding, run off to join the circus as a professional knife-juggler and your codebase is inherited by someone of more conventional aptitude.

Sometimes you even have to deal with having mere mortals on your team!

Same

You didn’t say “programmers should be aware that rust doesn’t automatically mean safe”. You said:

People just think that applying arbitrary rules somehow makes software magically more secure…

You then went on to mention unsafe, conflating “security” and “safety”; Rust’s guarantees are around safety, not security, so it sounds like you really mean “more safe” here. But Rust does make software more safe than C++: it prohibits memory safety issues that are permitted by C++.

You then acknowledged:

I understand that rust forces things to be more secure

…which seems to be the opposite of your original statement that Rust doesn’t make software “more secure”. But in the same comment:

It’s not not like there’s some guarantee that rust is automatically safe…

…well, no, there IS a guarantee that Rust is “automatically” (memory) safe, and to violate that safety, your program must either explicitly opt out of that “automatic” guarantee (using unsafe) or exploit (intentionally or not) a compiler bug.

…and C++ is automatically unsafe.

This is also true! “Safety” is a property of proofs: it means that a specific undesirable thing cannot happen. The C++ compiler doesn’t provide safety properties[1]. The opposite of “safety” is “liveness”, meaning that some desirable thing does happen, and C++ does arguably provide certain liveness properties, in particular RAII, which guarantees that destructors will be called when leaving a call-stack frame.

[1] This is probably over-broad, but I can’t think of any safety properties C++ the language does provide. You can enforce your own safety properties in library code, and the standard library provides some; for instance, mutexes have safety guarantees.

I guess what you mean is that Rust doesn’t advertise the compiler as being bug-free?

The massive difference here is that C++ has no soundness guarantees even when the compiler is working as intended, whereas Rust actually does in fact give soundness guarantees in the absence of compiler bugs.

Rust doesn’t have a formal specification other than “whatever the fuck our team hallucinated in this compiler version”

That’s simply not true. The Reference, while not an ISO-style formal spec, does actually specify most of the intended language behavior, and incrementally approaches completion over time. But even if you insist on an ISO-style formal spec, there’s Ferrocene: https://ferrous-systems.com/blog/the-ferrocene-language-specification-is-here/

it fucks your day because you’re not careful

The cve-rs vulnerability is actually not really something you’d ever write by accident. Also note that the bug report has multiple versions because, even though a “full” solution is pending some deeper compiler changes, the first two three versions of the exploit are now caught by the compiler. So, like I said, the compiler bugs do get fixed over time.

Yeah, and that falls under the first category, bugs in the compiler: https://github.com/rust-lang/rust/issues/25860

(All exploits in that repo are possible due to that bug.)

Borrow checking…existed in C++ too

Wat? That’s absolutely not true; even today lifetime-tracking in C++ tools is still basically a research topic.

…someone found memory bugs in Rust, again, because it is NOT soundly memory safe.

It’s not clear what you’re talking about here. In general, there are two ways that a language promising soundness can be unsound: a bug in the compiler, or a problem in the language definition itself permitting unsound code. (unsafe changes the prerequisites for unsoundness, placing more burden on the user to ensure that certain invariants are upheld; if the code upholds these invariants, but there’s still unsoundness, then that falls into the “bug in Rust” category, but unsoundness of incorrect unsafe code is not a bug in Rust.)

Rust has had both types of bugs. Compiler bugs can be (and are) fixed without breaking (correct) user code. Bugs in the language definition are, fortunately, fixable at edition boundaries (or in rare cases by making a small breaking change, as when the behavior of extern "C" changed).

It’s neither arbitrary nor magic; it’s math. And unsafe doesn’t disable the type system, it just lets you dereference raw pointers.

“You don’t have the hiring and firing power.”

– Kitty, Arrested Development

I know!! How can Jigsaw claim it “works fine”? He’d probably say something like “it’s battle-tested and state of the art.” What does that even mean??

Hello, Rust developer. [My name, etc.] It works fine, and is written in C++. [Rest of challenge is the same.]

Truly diabolical

Strictly speaking, no. The borrow checker was a true innovation.

Before Rust, the main argument I heard from C++ enthusiasts against Ada was that it was a nice idea but too “design-by-committee”. Which, yeah, is an ironic thing for C++ fans to say, but I guess that was enough 🤷