> > https://github.com/SentryPeer/SentryPeer > > I haven't delved into the p2p protocol side of things, but as a long > time C programmer I'd be extremely wary of starting a large new project > with it. Especially one that is designed to be exposed to attackers. An > opportunity to learn Go or Rust perhaps?
Hi Jonathan, I had quite bad analysis paralysis for exactly that reason. I know Go and have just recorded a show for SE Radio ( https://www.se-radio.net/team/gavin-henry/) with Tim about Rust (Tim's book - https://www.manning.com/books/rust-in-action ). I thought about both, and looked at the state of the SIP libraries, Peer to Peer libs and BGP ones. Rust seems to be suffering with Mozilla re-work and now: "The entire moderation team resigns, effective immediately. This resignation is done in protest of the Core Team placing themselves unaccountable to anyone but themselves." - 4 days ago https://github.com/rust-lang/team/pull/671 The libp2p looked great too for Go and Rust - https://libp2p.io/ but there's one company behind it https://protocol.ai/ and I really enjoyed this https://zguide.zeromq.org/docs/chapter8/ I'd also looked at Elixir, but various things I wanted to achieve kept pulling me back to C. I enjoyed recording this with Jens too https://www.se-radio.net/2020/06/episode-414-jens-gustedt-on-modern-c/ and am speaking to Robert Seacord on Secure Coding in C ( https://en.wikipedia.org/wiki/Robert_C._Seacord) next month and Daniel who created curl after that. curl is 25 years old. Go isn't. Rust is 5 or so. I'm sure everyone here has been burnt by framework X going away. C won't. My goal is longevity and pretty much what I say in the README.md - https://github.com/SentryPeer/SentryPeer/blob/main/README.md "I started this because I wanted to do C network programming as all the projects I use daily are in C like PostgreSQL, OpenLDAP, FreeSWITCH, OpenSIPS, Asterisk etc. See Episode 414: Jens Gustedt on Modern C for why C is a good choice." and so far, it's been the right choice for examples I'm following, books I have and places this project can run and be built. And honestly, I like the level of control and minutiae. But, the prototype of SentryPeer was done in a few days...(https://github.com/SentryPeer/SentryPeer/tree/main/prototype). Once I had made the decision, it felt right and I cracked on. Lastly, I think you can still write unsafe code in C, but with the IDE you use, CI/CD (https://github.com/SentryPeer/SentryPeer/actions) and all the scanning tools, you should catch most things. It's easy to write unsafe Rust or Go too - https://www.computer.org/csdl/proceedings-article/icse/2020/712100a234/1pK5e6OTqJa We talk about this in the upcoming Rust show. Not all of SentryPeer has to be in C. I think there's a place for C, Go and Rust in this or whatever, but I wanted to use C and that's the option you get when you start something. Choices, warts and all :-) Remember, most of the problem spaces discussed in this email thread have nothing to do with C....yet.... Thanks, Gavin.
