Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's no reason to write OS components in a language that will inherently give you a performance hit before you do any real work.


Sure, unsafe all the way.

As note, Midori did power part of Bing during its existence.

And Microsoft security is now advising to move new development into a mix of C#, Rust and constrained C++ (Core Guidelines).


Unsafe sounds like a really bad word, but unsafe usually also means performant. I know that's not always the case, but usually. Rust falls in the exception to that rule category, for the most part, while C# does not. Also, the people typically working on these codebases, like Linux, are very senior developers and have code reviews being done by other very senior people. So while they definitely have had a lot of bugs related to security in the language, we don't have any examples of other languages implementing something anywhere near this size that didn't have as many bugs.


According to Google's security team 68% of exploits in Linux are due to memory corruption. Source, their keynote at Linux Kernel Summit 2018.

Check DoD security assement of Multics versus UNIX regarding ease of security exploits, and how using PL/I prevented the large majority of them. On the mobile now, the document is accessible at the Multics history site.

Or any deployment of High Integrity Computing OSes for that matter.


You could also say freebsd has far, far fewer memory corruption bugs. Is that the language, the small user base, or something else?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: