C++ iirc is used mostly for microprocessor code

lol no, it’s used almost everywhere where performance is important and people want(ed) OOP, from tiny projects to web browsers (Chrome, Firefox) to game engines (Unreal, CryEngine). Many of these are hugely complex and do encounter segfaults on a somewhat frequent basis.

Saying C++ is mostly used for embedded applications is like saying C# is mostly used for scripting games, i.e. it doesn’t nearly cover all the use cases.

higher-level languages also exist

This depends on your definition of “higher-level”, but many people would argue that C++ is on a similar level to Java or C# in terms of abstraction. The latter two do, however, have a garbage collector, which vastly simplifies memory management for the programmer(generally anyway).

is sort of essentially blockchain without the decentralized ledger part

So a [Merkle tree](http://www…com/ https://en.wikipedia.org/wiki/Merkle_tree)?

Gentoo is the espresso you get when your coffee-obsessed friend with >$10k worth of barista equipment asks if you’d like a coffee. It’s the best damn thing you’ve ever tasted, but by the time your friend has finished preparing and all the settings are dialed in, it’s around midnight and you should have gone home hours ago

Reading the blog post, it’s a lot more nuanced than that: someone reported a CVE, which was related to a possible int overflow in client code handling the timeout between requests. NVD chose to grade this as a 9.8/10 on their severity scale (for context, CVE-2014-0160, also known as Heartbleed, got a 7.5/10), which is ludicrous for a bug which could at most change the retry timeout of your request from your intended years to a few seconds. Daniel says that this is not a security vulnerability at all and has no business being listed on the CVE database, whereas NVD argues that it’s a bug, it’s been reported to them and because overflows are undefined behavior, anything can happen and so it’s a security vulnerability.

In the end, they agreed to at least adjust the severity down to a 3.3, but I can understand that Daniel is still somewhat miffed about it. Personally I also agree that it’s not really a security issue and that even a 3.3 is too high in terms of severity.