ripgrep is so cool; we need more basic utilities reimagined for modern use cases and reimplemented in languages that aren't security disastershttps://github.com/BurntSushi/ripgrep/releases/tag/11.0.0 …
-
-
-
Replying to @johnregehr @vyodaiken
Howard Chu Retweeted RustSec
Yes it does. https://mobile.twitter.com/RustSec/status/1031908818936987650 … In both C and rust, braindead libraries can break your program.
Howard Chu added,
2 replies 0 retweets 1 like -
Howard Chu Retweeted Howard Chu
And it's easy to make bulletproof libraries to replace the shitty standard libraries in C.https://mobile.twitter.com/hyc_symas/status/1102573036534972416 …
Howard Chu added,
2 replies 0 retweets 0 likes -
The difference is that nothing stops people from passing bad pointers into your "bulletproof" strcpy. Absence of undefined behavior in Rust can be verified (formally or otherwise) at unsafe module boundaries; the same verification can only be done at *process* boundaries in C.
1 reply 0 retweets 9 likes -
Replying to @awesomeintheory @hyc_symas and
Since in most Rust repositories (including ripgrep) the amount of unsafe code is orders of magnitude smaller than the amount of code running in the process, this is a pretty significant practical win. Empirically, Rust's stdlib has had *very* few CVEs since it became stable.
1 reply 0 retweets 7 likes -
Shouldn't the amount of unsafe code in a simple user app that scans files for regexps be *zero*? If the language "doesn't have buffer overflows" shouldn't the number of library CVEs have always been zero?
3 replies 0 retweets 0 likes -
Replying to @hyc_symas @awesomeintheory and
Rust will never completely eliminate all memory safety bugs. But it should (and does) significantly reduce their frequency.
2 replies 0 retweets 9 likes -
Replying to @burntsushi5 @hyc_symas and
I would add that in principle, Rust *can* eliminate all undefined behavior in verified unsafe code and any safe code that calls out to it (or will be able to once the formal model becomes realistic enough). But of course not all memory safety bugs are due to undefined behavior.
3 replies 0 retweets 2 likes
I mean, this is twitter. People take crap way too literally. Someone makes a pithy-but-mostly-true statement, and people can't resist turning that into a long drawn out pedantic conversation.
-
-
Replying to @burntsushi5 @awesomeintheory and
Could frame that the other way - this is twitter, you only have a few written words in front of you. Interpretation leaves too much room for error; there's no other context, so you have to take things literally. Which also means: be more careful in choosing your words.
1 reply 0 retweets 0 likes -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.