Strlcpy and strlcat added to glibc 2.38

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Miscellaneous

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • SDS

    Simple Dynamic Strings library for C

    • Let me reframe this. What we're saying to do is stop using C string manipulation such as strcat, strcpy, etc. Particularly, I'm saying simply don't use C-style null terminated strings until you actually go to call a C ABI interface where it is necessary.

    The argument against this is that you might call something that already does this. Yes, sure, that IS true, but what this betrays is the fact that you have to deal with that regardless of whether or not you add additional error-prone C string manipulation code on top of having to worry about memory ownership, mutation, etc. when passing blobs of memory to "untrusted" APIs.

    It's not about passing the buck. Passing a blob of memory to an API that might do horrible things not defined by an API contract is not safe if you do strcat to construct the string or you clone it out of an std::string or you marshal it from Go or Rust. It's about not creating a bigger mess than you already have.

    Okay fine, but what if someone hates C++ and Rust and Go and Zig? No problem. There are a slew of options for C that can all handle safer, less error-prone string manipulation, including interoperability with null-terminated C strings. Like this one used in Redis:

    https://github.com/antirez/sds

    And on top of everything else, it's quite ergonomic, so it seems silly to not consider it.

    This entire line of thinking deeply reminds me of Technology Connection's video The LED Traffic Light and the Danger of "But Sometimes!".

    https://youtube.com/watch?v=GiYO1TObNz8

    I think hypothetically you can construct some scenarios where not using C strings for string manipulation requires more care, but justifying error prone C string manipulation with "well, I might call something that might do something unreasonable" as if that isn't still your problem regardless of how you get there makes zero sense to me.

    And besides, these hypothetical incorrect APIs would crash horrifically on the DS9K anyways.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • This Week In Python

    5 projects | dev.to | 26 Apr 2024

  • I switch from Eslint to Biome

    3 projects | dev.to | 22 Apr 2024

  • Implementing Natural Conversational Agents with Elixir

    4 projects | news.ycombinator.com | 18 Apr 2024

  • Show HN: Puck (Visual Editor for React) now supports viewport switching

    1 project | news.ycombinator.com | 18 Apr 2024

  • Handling Multiple requests with Redis and Bullmq

    1 project | dev.to | 13 Apr 2024