undefined | Better HN

0 pointsotabdeveloper17y ago0 comments

> The replacement should be written in a memory-safe language. Including the TLS library.

No. Memory safety is a vanishingly small subset of all bugs and security problems. PHP is memory-safe, for example. Where has that gotten us?

> "There is more to life than increasing its speed."

Not if you're a computer.

0 comments

2 comments · 1 top-level

fulafel7y ago· 1 in thread

I'm not sure if you are trolling or not. Just in case: all rce vulns in nginx have been memory safety bugs: https://www.cvedetails.com/vulnerability-list/vendor_id-1004...

otabdeveloper1OP7y ago

Read what I posted again.

The number of security vulnerabilities due to PHP's crappiness is two orders of magnitude greater than all of nginx vulnerabilities combined.

Yet PHP is a memory-safe language.

Memory safety won't fix anything by itself, it will just shuffle the shit into some other place.

Now if you're claiming that if you take nginx developers and force them to use Rust they'll somehow start writing better code, then that's a valid point. Although I'm in extreme doubt that it is realistic or even true.

j / k navigate · click thread line to collapse