undefined | Better HN

0 pointsnoosphr6mo ago0 comments

Yes, but we're not making a push to make everything a bilingual c/lisp code base.

Rust people for some reason are.

0 comments

One of the most iconic lisp saying is literally about how every other languages are supposedly inferior to lisp, so I don't think it's a particularly good example here.

Keyframe6mo ago

You mean the one that all languages eventually converge to Lisp? That's a fact though :)

noosphrOP6mo ago

Yes, the blind stumble down hill eventually. But we let them do it in their own time.

mdhb6mo ago

Not a Rust or even a systems language guy but it’s not “for some reason”. The reason is actually incredibly clear and about removing the single largest surface area of security problems in the entire history of Linux.

aragilar6mo ago

Is it the largest though? Based on https://owasp.org/www-project-top-ten/, it would be part of #6 or #8. While one can always walk and chew gum at the same time (and those rewriting system software are likely not the same people who need to design systems with less flawed access control), replacing stable software is not without risk (e.g. https://lwn.net/Articles/1043103/, which is an instance of #6 caused by rust). Would you trust a rewrite of OpenSSH in rust (absent any information about its authors)?

viraptor6mo ago

Owasp deals with web security only. That whole area is biased towards php/ruby/js/python/beam where those issues don't exist outside of native modules.

https://www.cvedetails.com/vulnerabilities-by-types.php is a bit more clear. It's xss, SQL, then memory. The first two are not possible to enforce a fix on - you can always make a decision to do something bad with no visible annotation. Even then, rich types like in rust make safe interfaces easier to produce. But rust tackles the next class of issues - one that you can verify to be safe or require an explicit "unsafe" around it.

1 more reply

dvtkrlbs6mo ago

Pretty consistently [1] [2] [3] [4] it comes out that nearly %80 of security vulnerabilities come from memory safety vulnerabilities. I would consider that largest. Especially Microsoft's doc is pretty telling that this ratio was pretty consistent since 2006 so no amount of external tooling and training solves this. [1] https://langui.sh/2019/07/23/apple-memory-safety/ (albeit apple solving this with an another language and a really nice cpu extension) [2] https://www.microsoft.com/en-us/msrc/blog/2019/07/we-need-a-... [3] https://security.googleblog.com/2019/05/queue-hardening-enha... [4] https://x.com/LazyFishBarrel/status/1129000965741404160

1 more reply

hulitu6mo ago

> The reason is actually incredibly clear

There is no guarantee that other bugs do not flurish in the rust echosystem. There are no publicly known quality code checks of rust programs except a big "trust us"(see firefox with all its CVEs, despite "rust"). And combined with the Cargo echosystem, where every malicious actor can inject malware is a big warning sign.

norman7846mo ago

AFAIK Linux is using rustc directly, without cargo.

And just an anecdote, Asahi Linux devs said that Rust made it very easy (maybe relative to working with C) to write the drivers for the Apple M1 and M2 series, so it seems that the language has his merits, even without the cargo ecosystem.

Also Rust will only minimize certain kinds of bugs, others are impossible, a few years ago (I believe was Microsoft) that said that 70% of the bugs found were memory related [0], it means that Rust would have prevented most of those.

Maybe Rust is not the best answer, but as for now it the most proven answer for this particular problem, who know of Zig or other language will replace both C and Rust in the future.

[0] https://www.zdnet.com/article/i-ditched-linux-for-windows-11...

kaoD6mo ago

I might be misunderstanding here but... what you're saying is that Rust programs can still have bugs? Isn't that the same as other programs except Rust prevents the most disastrous and common bugs that lead to most CVEs?

If I got that right, how is "it's still not perfect" an argument?

Agree with the Cargo objection.

1 more reply

tcfhgj6mo ago

Firefox is 29% Javascript, 28% C++, 22% HTML, 10% C, 3% Python, 2,6% Kotlin and 5% other

> There is no guarantee that other bugs do not flurish in the rust echosystem.

well, less likely than in C thanks to a advanced type system, e.g. allowing authors of abstractions make their API much more fool proof.

> where every malicious actor can inject malware is a big warning sign.

Very much doubt that is the case...

bestouff6mo ago

There are guarantees that many types of bugs won't happen in Rust code. That alone is a great progress.

mdhb6mo ago

a bunch of major projects have conclusively shown that moving to memory safe languages without any doubt whatsoever results in more secure software.

IshKebab6mo ago

Are there guarantees that "other bugs" do not flourish in the C ecosystem?

Firefox is not even close to 100% Rust.

This is a wildly misinformed comment.

j / k navigate · click thread line to collapse

0 comments

dicytea6mo ago

One of the most iconic lisp saying is literally about how every other languages are supposedly inferior to lisp, so I don't think it's a particularly good example here.

Keyframe6mo ago

You mean the one that all languages eventually converge to Lisp? That's a fact though :)

noosphrOP6mo ago

Yes, the blind stumble down hill eventually. But we let them do it in their own time.

mdhb6mo ago

aragilar6mo ago

viraptor6mo ago

Owasp deals with web security only. That whole area is biased towards php/ruby/js/python/beam where those issues don't exist outside of native modules.

1 more reply

dvtkrlbs6mo ago

1 more reply

hulitu6mo ago

> The reason is actually incredibly clear

norman7846mo ago

AFAIK Linux is using rustc directly, without cargo.

Maybe Rust is not the best answer, but as for now it the most proven answer for this particular problem, who know of Zig or other language will replace both C and Rust in the future.

[0] https://www.zdnet.com/article/i-ditched-linux-for-windows-11...

kaoD6mo ago

If I got that right, how is "it's still not perfect" an argument?

Agree with the Cargo objection.

1 more reply

tcfhgj6mo ago

Firefox is 29% Javascript, 28% C++, 22% HTML, 10% C, 3% Python, 2,6% Kotlin and 5% other

> There is no guarantee that other bugs do not flurish in the rust echosystem.

well, less likely than in C thanks to a advanced type system, e.g. allowing authors of abstractions make their API much more fool proof.

> where every malicious actor can inject malware is a big warning sign.

Very much doubt that is the case...

bestouff6mo ago

There are guarantees that many types of bugs won't happen in Rust code. That alone is a great progress.

mdhb6mo ago

a bunch of major projects have conclusively shown that moving to memory safe languages without any doubt whatsoever results in more secure software.

IshKebab6mo ago

Are there guarantees that "other bugs" do not flourish in the C ecosystem?

Firefox is not even close to 100% Rust.

This is a wildly misinformed comment.

j / k navigate · click thread line to collapse