[OT] NSA guidance on software security

Sat Nov 12 09:40:34 UTC 2022

On Friday, 11 November 2022 at 16:10:56 UTC, bachmeier wrote:
> Your comment seems to miss the point. By declaring main @safe, 
> you are ruling out various pieces of the language that are 
> unsafe, which is exactly what you want if safety is the 
> priority. You are arguing instead that @safe doesn't work 
> because it prevents you from doing something that is 
> potentially unsafe.

My comment is precisely on point and you just seem to be unable 
to see a bigger picture.

NSA is just providing a general safety recommendation. Similar to 
how some sort of a health organization would generally recommend 
to eat more vegetables. Or wear a mask in public places, become 
vaccinated against COVID. Such health organization may list a few 
COVID-safe countries as an example. Suddenly the residents of 
country D are upset that their country is not listed as an 
example of a COVID-safe country. Now looking at the facts, nobody 
wears a mask in country D (they are arguing that masks are less 
important than vaccination so it's okay). Also vaccination is 
available as a free option for any D resident, but it is not 
being promoted or enforced. Why won't that damn health 
organization add country D to the list of examples of COVID-safe 
places in their newsletter? Must be a conspiracy.

Continuing that health organization allegory. One D resident 
argues that if I care about my personal safety, then I should 
just become vaccinated myself and everything will be fine. No, 
this is not fine! And this person just turns a blind eye to a 
bunch of unvaccinated people roaming in public places and 
spreading infection in the ecosystem of country D. These other 
unvaccinated people make me less safe in the D community 
regardless of my own personal safety countermeasures. Oh, and 
these people don't wear masks either.

If it's too tricky to decipher, then here are some hints:
   vaccination         => @safe attribute
   masks               => arithmetic overflows checking
   D country           => D language
   health organization => NSA
   D resident          => bachmeier

My point is that as long as the @safe attribute is not used by 
default (with a way to opt out by overriding it), very few dub 
package authors and even Phobos authors care about safety and 
@safe attribute compatibility. The quality of their code also 
affects the safety of the others in the D ecosystem.

What's up with the standard `readln` function being incompatible 
with @safe? This even is not a new discovery and nothing was done 
about it for years: 
https://forum.dlang.org/post/eaoezjlolelmnxptlqzy@forum.dlang.org

Also why do people even have to write things like 
https://forum.dlang.org/thread/ilhighccvpjzbblwyqlu@forum.dlang.org about avoiding raw pointers and malloc? Just be @safe and the compiler will complain about potentially dangerous things.