I found out about SerenityOS and Andreas since Andy Kelley retweets him all the time. Is Zig somehow a part of SerenityOS (or its future plans), or is it simply Andy respecting / signal boosting another systems hacker?
They're part of the same group of systems programmers aligned in their values of how to build software. Andreas was featured [0] at our conference that Andrew Kelley gave a talk for. (Though I believe they were friends before this.)
Someone mentioned BoksOS. That one is explicitly using Zig and made a conference demo [1] too.
Feels like this might be an example of "worse is better".
Or alternately, that the community that SerenityOS has built and the joy they find in tinkering matters more than their technical foundations, in terms of getting something built that works and is maintained/maintainable. Servo looks like it could have been a technically better browser engine, but it seems the window for it becoming relevant is closing, while the future looks bright for SerenityOS's Browser. (I wonder how different things would be if Servo had reached the point where it was easy to run inside of a browser, in terms of dogfooding and getting people excited about it.)
What I would like to see is SerenityOS's joy and welcoming, vibrant community using better technology (in terms of security, if nothing else). Zig seems like a candidate for this, although people may debate its security features and technical merits. I'd love to see more projects like these.
I agree with you about the project being a joy for the developers.
But as a user, in no way I would rely on a browser started in 2020 written in c++ (or in zig, given other comments about its security characteristics). Keep in mind that gecko/webkit were written initially in c++ because c++ was the best language available at the time for these projects. This is not true anymore.
The beauty is when you build your own OS with it's own desktop environment, and browser and tools from scratch you can use the language you feel is appropriate. Would you write a brand new project in a language you don't feel comfortable with just because it is perceived as "safer"? Especially when the project was just for fun, and really to help the creator get through some tough times in their life. Like he didn't start the project to compete with mainstream OSes or browsers. This is just a terrible take especially considering you probably use an OS written in C and a browser written in C++.
zig has many of the same footguns as C++ and C; it just has better developer ergonomics.
Use after free, double free, invalid stack RW, uninitialized data, race conditions, etc. They're all possible to be found in Zig programs, because the language doesn't provide assurances against them.
Does the design of the language make them less (or more) likely to occur, though? e.g. all these things are possible in Forth too, but the design of the language definitely seems to conspire to make them less likely than C in my experience (I probably have about as many hours in each now? Roughly 1k, maybe 1.5k?).
(I suspect that this is the case in Forth because the stack gives a "linear-like feel" to most code; it's more obvious that you're accidentally not freeing something, because you need to explicitly discard it.)
The design doesn't do anything particularly different or cumbersome regarding memory and ownership, so I'll hazard a guess and say no, it doesn't make it less likely.
Not sure why you are downvoted, you are totally correct about the footguns that C++ has and why the same issues found in the other browsers will still apply here.
> If we just look at the browser, they seem to make much faster progress than Servo, but there is no doubt it will have security flaws.
Servo was supposed to be the promise of better security in a new browser thanks to Rust. Unfortunately in reality that was just either hype or it was just slow moving progress or perhaps both.
But yes the SerenityOS browser seems to be moving faster than servo whilst sacrificing security.
> Servo was supposed to be the promise of better security in a new browser thanks to Rust. Unfortunately in reality that was just either hype or it was just slow moving progress or perhaps both.
AIUI, Servo started as a project to prove out Rust that would also be a research testing ground for working on prototypes to improve aspects of Firefox. I don't think Servo was ever intended to be a browser on its own. Although others may have imputed that goal on to the project.
(I wasn't involved in Servo, but was in Rust, so was pretty adjacent to it.)
Polemic opinion, the C++ libraries that used to be bundled with compilers, like Turbo Vision, OWL, VCL, PowerPlant, CSet++,... were much convenient and safer to use by default than STL, but things are as they are.
