And I thank god every day we don't. The ISO keyboard is awful. Left shift is too important of a key to be 1u. I don't need a massive enter key that lives on two rows. Just insane choices.
In theory, a process could just return an error for that specific operation, which would propagate to a "500 internal error" for this one request but not impact other operations. Could even take the hint to free some caches.
But in practice, I agree with you. This is just not worth it. So much work to handle it properly everywhere and it is really difficult to test every malloc failures.
So that's where an OOM killer might have a better strategy than just letting the last program that happen to allocate memory last to fail.
I'm running my email server on some famous VPS provider, and with properly configured server (SPF, DCIM), I didn't really get any problems sending emails.
The idea is that most of the unsafe code to interact with the C API of the kernel is abstracted in the kernel crate, and the drivers themselves should use very little amount of unsafe code, if any.
And yet, the Linux kernel's Rust code uses unstable features only available on a nightly compiler.
Not optimal for ease of compilation and building old versions of the Kernel. (You need a specific version of the nightly compiler to build a specific version of the Kernel)
The difference probably is that GCC extensions have been stable for decades. Meanwhile Rust experimental features have breaking changes between versions. So a Rust version 6 months from now likely won't be able to compile the kernel we have today, but a GCC version in a decade will still work.
> Not optimal for ease of compilation and building old versions of the Kernel. (You need a specific version of the nightly compiler to build a specific version of the Kernel)
It's trivial to install a specific version of the toolchain though.
> You don't generally need specific versions of GCC or Clang to build it I'm pretty sure.
You need a C11 compiler these days with loads of non-standard extensions. Note, for a very long time, one couldn't compile the Linux kernel with clang because it lacked this GCC specific behavior.
I'm not really sure you can turn around and say -- Oh, but now we feel differently about the C standard -- given how much is still non-standard. For instance, I don't believe Intel's C compiler will compile the kernel, etc.
When it comes to nightly features use, it is good to note that a stable compiler, a nightly corresponding to the date beta for that stable was branched out and an arbitrary nightly are different. A branched-off nightly might have had beta back ports for fixing stable features that the nightly will not have, and a nightly feature that is subtly broken on stable but isn't used in std will not have received a backport. So using nightly feature on stable might mean every now and then skipping a stable version, and using a nightly compiler means having to do thorough testing after updating on arbitrary days. Any given nightly has high chances of being fine, but every update brings the possibility of bugs.
It's not ideal, but at least most of these are only used in the `kernel` crate, i.e. if there's a breaking change to these features it should be fixable without widespread changes.
lawfully bad, morally bad = bad and crypto is one of the major tools in your arsenal
lawfully bad, morally good = neutral, but you are a prosecuted criminal, crypto is helpful for you but there are alternatives
lawfully good, morally bad = bad, but not a prosecuted criminal, crypto is not that useful for you
lawfully good, morally good = you are not a criminal, crypto is not that useful for you
Laws aren't always written down. A good example is what happens if you criticize Israel - the government, if it notices you, will come down on you like a sack of bricks, even though there's no law that says "don't criticize Israel". https://youtu.be/zJt3omLLAuA
Likewise, there's no law saying "don't accept payment in Monero" but you may be jailed for money laundering if the government notices you.
reply