This isn’t even a memory safety issue; it’s like arguing that memory-safe languages can’t solve the halting problem.
-
-
Replying to @tqbf @ErrataRob and
It's worth remembering that 70% of Microsoft's CVEs are memory safety issues https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/ … Sure, there are still those leftover 30%, but COME ON
3 replies 0 retweets 0 likes -
Replying to @living_syn @tqbf and
In other news, it's interesting that rust fans seem very vocal about clarification during vulnerability discussions. This is also useful information. It's like being on a mailing list with Theo again. And yes, you can take that both ways. :)
1 reply 0 retweets 0 likes -
Replying to @ryanlrussell @living_syn and
(I’m BTW not a Rust fan; I think I actively dislike it. I’m a Go person. But it’s _clearly_ better than C++ and a win for the ecosystem overall).
2 replies 0 retweets 0 likes -
Replying to @tqbf @living_syn and
(For my very small anecdata sample set, rust and go were mentioned as a viable candidates by all parties.)
1 reply 0 retweets 0 likes -
Replying to @ryanlrussell @tqbf and
if you go with Rust, I'd VERY highly suggest you check out nom, a combinatorial parser:https://github.com/Geal/nom
1 reply 0 retweets 2 likes -
Replying to @living_syn @ryanlrussell and
Can you show how "nom" deals with DNS name compression?
1 reply 0 retweets 0 likes -
Replying to @ErrataRob @ryanlrussell and
it...doesn't? It's a generic parser framework, not a DNS parser
2 replies 0 retweets 0 likes -
Replying to @living_syn @ErrataRob and
I think what Rob is asking, is how does it deal with that particular request for a parsing engine. It's a wonky one.
1 reply 0 retweets 0 likes -
Replying to @dakami @living_syn and
Parser frameworks are designed to handle context-free languages. Parsing network input is inherently context-sensitive. DNS name compression is a good example.
3 replies 0 retweets 0 likes
It'd be cool to see a language integrate directed fuzzing of inputs into its idiomatic development and build cycle. IME that has a huge reward/effort ratio for this common class of bugs. Bet'd catch a DNS compression loop in less than a second of fuzzing.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.