It's hard to appreciate how good Rustls is at avoiding UaF since UaF avoidance is taken for granted in idiomatic Rust code. Tiny things like `#[must_use]` are small but help avoid big failures. Our friends doing concurrency & malloc/free in C are still struggling w/ the basics.
-
-
Replying to @BRIAN_____
Trying to write C/C++ after writing Rust feels ridiculous. Why should I have to keep track of things that the compiler can do for me, especially when the consequences are exploitable security bugs?
1 reply 1 retweet 9 likes -
Replying to @TedMielczarek
I agree. Though to be care, In C++ one rarely has to keep track of things manually, in modern codebases. Our experience maintaining a gigantic performance-sensitive legacy app that predates even the first ISO C++ (IIRC) biases us too much against C++.
3 replies 0 retweets 3 likes -
Replying to @BRIAN_____ @TedMielczarek
It seems to me that we've done okayish at modernizing the Mozilla-native C++ code. At least in contrast to IPC, which is a nightmare even though its original authorship is more recent.
2 replies 0 retweets 2 likes -
Part of that is that nobody at Mozilla wants (or at least wanted, when I was there) to maintain or have ownership over the ipc stuff lifted from chromium.
1 reply 0 retweets 1 like -
Yeah, I'm basically the new bent now: I probably know more about IPC than anyone else who hasn't run away screaming yet but I'm *remarkably* unexcited about the possibility of being the official owner. (Same brand of kombucha, too.)
1 reply 0 retweets 0 likes
You should make a plan to replace all the sandboxing stuff with a new Rust framework, and then outsource it to tropical consultants.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.