Is it possible that, over time, this will change as Firefox's parallelism is written more in a language that is less subject to these vulnerabilities in the first place?
-
-
When Firefox is implemented primarily in Rust I will be the first person encouraging everyone to switch.
1 reply 0 retweets 2 likes -
Is there a spectrum?
1 reply 0 retweets 0 likes -
In what sense? (Probably there is?)
1 reply 0 retweets 1 like -
Does it have to be "primarily in Rust" or is there a crossing over point where the wins from reduced surface area overcome other factors?
1 reply 0 retweets 0 likes -
I think a reasonable way to look at it is that between {CFG/CFI, JIT hardening, allocator hardening} and Rust, Rust is the superior antiexploit technology.
1 reply 0 retweets 3 likes -
If Firefox can really ship a browser where most of the attack surface is implemented in Rust, Rust will pay off bigtime. But nobody working on FF will tell you they’re there, or really even that close, yet.
1 reply 0 retweets 4 likes -
Agree. This is what I'm personally looking at, but I think they're humming along at a faster velocity than it looks like (or than they'd tell you; implementors are conservative, which is good).
1 reply 0 retweets 0 likes -
When they get there, I’ll be cheerleading them right next to you. :)
1 reply 0 retweets 2 likes
Fair enough. I'm not exactly in cheerleading territory yet, but in terms of medium-term prognostication I'm looking at this stuff. I also work on Rust so I'm proud of this :P
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.