"Chrome is more secure but I can't prove it and nobody will"?https://twitter.com/tqbf/status/930860544927649792 …
-
-
Is it possible that, over time, this will change as Firefox's parallelism is written more in a language that is less subject to these vulnerabilities in the first place?
2 replies 0 retweets 0 likes -
More important in the short term are sandboxing wins, some of which are related to Quantum—e.g. WebRender moves CSS rendering out of process
1 reply 0 retweets 0 likes -
In other words: It’s important that WebRender is Rust, but the *biggest* security win from it isn’t Rust—it’s that it runs out of process
1 reply 0 retweets 3 likes -
Does Rust help make building this architecture easier?
1 reply 0 retweets 0 likes -
It does, because
serde for IPC. One of the Pwnium vulns involved RCE via exploiting Chrome’s handwritten IPC code for out of process GPU.1 reply 0 retweets 1 like -
Does the way that threads isolate memory in Rust make transitioning things out of process more straight forward?
1 reply 0 retweets 0 likes
If your architecture is written in Rust, sure. That was how I got Servo to be multiprocess in the first place. (Not as applicable to Gecko)
-
-
We found this to be somewhat true when we migrated a lot of
@skylight into a daemon. I wonder whether some abstractions could be written to enable this more (like https://ruby-doc.org/stdlib-2.4.0/libdoc/drb/rdoc/DRb.html … for Ruby)0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.