Every time there's a CVE affecting some fundamental part of modern computing that Rust provides a dot-release for, it seems multiple publications find out first from the Rust blog and publish titles implying that Rust is the only affected thing. It's not only mildly annoying hearing the echos of "har, har, I thought it was 'safe'", it does a complete disservice to anyone that doesn't use Rust because they won't find out they have to update or mitigate the issue too!
@toscalix I think it is a sign of the moment in the hype cycle the language is at. Slapping Rust on a title has a built-in audience, but if the intent is to inform, after the click bait you need to upfront the important bit of information, it can't be left to the end of the article.
As an example, the highlighted area is the first time this article mentions that every language is affected by the windows command escaping issue. This is actively harmful, not to Rust reputation, but to the users of other languages!
@ekuber The most frustrating part is that this is being treated as a flaw in programming language's escaping mechanism, when it's really a flaw in Windows command line argument parsing, and way in which Windows search path works which makes it very easy to accidentally have things on the search path when you didn't mean to.
But because these flaws have existed for so long in Windows, they're just treated as a fact of life, and it's considered up to the authors of libraries to work around them.
@ekuber I am so tired to see this piece of garbage operating system succeeding, and everybody having to deal with its garbage engineering rather than Microsoft making it the right way...
@ekuber Yes, the evidence has shown that LLMs are really great at figuring out how many single quotes, double quotes, and pentagrams to surround arguments so Windows correctly preserves them in all cases
@supernov I've gotten very good at ignoring vitriol and extract actionable feedback from it (much to the detriment of my mental health, tbh), but I'm concerned for those who will not learn about the underlying issue unless they dig deeper in cases like these.
@ekuber True, pushing back is a good thing, not for those spreading this, but for other readers. I couldn't handle it in general (other subjects) due to it being mentally exhausting and choose to just do my thing.
Add comment