The security information about C and curl is a bit outdated in the post, and recent research shows Rust does not solve the memory safety issue.

The "recent study" quoted in the article was published at the beginning of 2019, using older data.

Current vulnerability data shows that curl has very much limited the risk of memory safety issues. How many reported security vulnerabilities in the last two releases of curl? Zero so far. You have to go back 9 months before you find one expired-pointer derefence issue resulting in potential data being sent to the wrong connection in rare circumstances and configurations. Which is a logic error that could happen in Rust too.

To quote from a Oct 2020 study on Rust safety - "Our study results reveal that while Rust successfully limits the risks of memory-safety issues in the realm of unsafe code, it also introduces some side effects. In particular, most of the use-after-free and double-free bugs in our data set are related to the automatic drop scheme associated with the ownership-based memory management model." -- "Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs"

They study 60 Rust memory safety vulnerabilities.

As you can see not only does Rust not solve the memory safety problem, it has other issues. Additionally the old research quoted misleads people about the current status of reported memory safety issues in curl.

Rust does not solve the memory safety issue. It does mitigate it, and the post is about mitigation. That study finds that Rust "successfully limits memory-safety risks to the realm of unsafe code".

It also finds that Rust has novel patterns of unsafety in unsafe code. That's important! But it's fully compatible with the claim that Rust is much safer than C overall.

I don't think it ever says that the sum of safety in safe code and novel unsafety in unsafe code adds up to as much unsafety as C. The paper's overarching claims aren't quantitative.

I think you're overstating the claims of both the blog post and the study.

The recent track record of curl shows it has zero reported memory safety issues recently. Reading the article and the old linked research you'd be mislead.

It also states that Rust completely prevents them - it does not. The article talks about mitigation, but also says: "would have been completely prevented by using a memory-safe language". The "completely prevented" claim in the article is the one not supported by current research. If you only read this article, you'd be mislead about memory safety in Rust.

> The recent track record of curl shows it has zero reported memory safety issues recently.

Only if you look very recently. Earlier you said:

> You have to go back 9 months before you find one expired-pointer derefence issue resulting in potential data being sent to the wrong connection in rare circumstances and configurations. Which is a logic error that could happen in Rust too.

That bug is 6 months old and could not happen in safe Rust because references (pointers) cannot outlive their referents.

> It also states that Rust completely prevents them - it does not. The article talks about mitigation, but also says: "would have been completely prevented by using a memory-safe language".

It is literally true that they "would have been completely prevented by using a memory-safe language." The complication is that Rust is only memory-safe if you don't use unsafe.

rustls (the new curl component in question) uses no unsafe itself. I find some unsafe in its dependencies, but most of it seems to be for FFI, which is inherently unsafe. I'm also not sure that those should count—do OpenSSL vulnerabilities count as libcurl vulnerabilities?

> The "completely prevented" claim in the article is the one not supported by current research.

I will grant you that it's slightly misleading because it's possible to write unsafe Rust code. But that's not news, "current research" has nothing to do with it.

Safe Rust solves the problem of memory safety (assuming that any unsafe code is correct). Unsafe Rust continues to be potentially memory unsafe. That is equivalent to other memory safe languages like Java (which is memory safe under the assumption that the JVM has no memory safety bugs and any JNI code is correct), and a very large improvement over C and C++.

Anyone know what the co2_price is? It's missing from the page.

Yes, pygame can use the Pi graphics hardware. It supports vulkan, OpenGL, OpenGL ES, and some other modes through SDL2.

Note, the CPUs on the Pi are faster than the gfx hardware, and gfx is usually memory bandwidth limited.

There's a python/pygame/pygame_gui OS that does exactly this called snakeware. https://github.com/joshiemoore/snakeware Grab the rpi4 image and go.

It supports multiple monitors and has better OpenGL support now.

I've looked in the docs for multi-monitor support without luck - do you have a link?

Hello. pygame volunteer here.

Here's some awesome libraries and frameworks that work with or are built on top of pygame.

pygame_gui - gui elements for pygame.

pymunk - 2d physics library. Lots of examples, very well maintained.

Thorpy - a GUI library for pygame.

pyscroll - Scrolling maps. Fast scrolling images easy.

pyTMX - Reads Tiled Map Editors TMX maps. Can use a Map editor easily.

spritesheetlib - loading sprite sheets.

animation - Tasks and tweening using pygame groups. No framework needed to smoothly move sprites or execute things over time.

pyknic - collection of useful tools (tweening, animation, context, timing, fonts, spritesystem, skeleton, ...) for games.

pytmxloader - Map loader for tmx files

pygame-text - Greatly simplifies drawing text with the pygame.font module.

Wasabi2d - cutting edge python game framework.

pgzero - game framework built on top of pygame. Intended for education.

moderngl - Modern OpenGL bindings for python. pygame-menu - A menu for pygame, simple, lightweight and easy to use.

Can recommend PyScroll / PyTMX - made it very easy to make an RTS interface: https://github.com/EamonnMR/OpenLockstep

A pygame volunteer here.

Wish lists are fun. True, integration is important. We should do more. Luckily some of yours already came true!

:)

For image sharing, there's a surfarray, and sndarray modules for integration with numpy. pygame.image.frombuffer/tobuffer to going to and from buffers. PIL(low), opencv, and other python image and audio libraries can be used pretty easily this way. There's articles, books and videos on how to integrate with most other libraries. Since python 3.3 or so there's been a much better buffer interface at the C and python API levels which many python libraries are using for integration. There's currently a gap in typing around this, but there's some progress.

If you don't like the 11MB download for numpy, we have a builtin pixel array module that can do a lot of the same stuff for images. There's also some built in Vector math objects (modeled closely on the GLSL ones).

The pixel array stuff is usually a hit in class settings because doing visual affects is very easy to write. As you say, computers are fast enough. Better (although more advanced) is probably the shadertoy website :)

Mu Editor, has built in support for pygame/pygame zero. It even comes with a pygame+arduino example. There's tutorials about for teaching it with microbits (and other little devices).

CircuitPython comes with some built in game libraries. This is probably better to use than pygame. It's best place to look probably for python on micros if you're into crafting games on very small devices. pygame comes preinstalled with raspberry pi, so that's also an option considering some of them can be found for $5 (or for free if you go hunting around dusty drawers).

We have some Python Mode for Processing users. There's a big community of video artists using pygame, and pygame comes built into some of the most popular video synths in recent years.

Python Mode for Processing does a lot of cool things right, and is definitely better than pygame for what it does. It would be great if some of the integration work done in this direction would continue. It's one of the most compact and readable ways to go. pygame zero follows this style a little bit, but being able to reuse code and concepts from both communities is even better.

Neat! Thank you for the pointers.

That makes me really happy.

I'll narrow my request to a suggestion for something easier (indeed, easy enough I can do a bit myself): more documentation and tutorials. I think I'll get on that (although on my own pages; I'm not ambitious enough this month to contribute upstream). I did a fair bit of searching at one point, and didn't find this stuff. Now, I can try to come up with good kids activities.

I will also mention: Most kids can do pretty advanced stuff, if introduced correctly. We've been wedded to a particular order of teaching math for a very long time, which places things like convolutions as late college-level math, and long division as late elementary. In fact, convolution is a lot easier than long division. That's true for a lot of "advanced" math.