*Zero* out of the six pending #curl CVEs are C mistakes.
-
@goedelchen @floooh @bagder @tdelmas
Fair point, my interpretation of overconfidence was that it leads to laziness, but that was indeed not the original point. If you feel something is protecting you, you drop your personal vigilance, vigilance takes effort, thus avoiding effort being a form of laziness.
Maybe a bit of a leap, but it's my brain and I have to live in here.
@goedelchen @floooh @bagder @tdelmas
As for that quote, optimistic as it may be, there's a kernel of truth to it. There are entire classes of vulnerability that are just not really feasible to create in Rust without an unsafe block or really going out of your way to Find Out.
My boldest claim for Rust would be, if you selected some random programmer of indeterminate skill and assigned them the task of writing a file parser that everyone on earth will use, I would absolutely pray they write it in Rust.
-
@bagder It would have been harder in Prolog.
-
@bagder You know that's not completely true. They may have happened, yes.
But with a finite time to write and review the code, all the time taken focusing on avoiding "C mistakes" could have been used focusing of the logic instead.
(Also, languages with stronger types do provide states and types encapsulation that can help avoid some types of logic mistakes)
-
*Zero* out of the six pending #curl CVEs are C mistakes. They are all logical mistakes that would have happened anyway even if we had used another language.
@bagder This makes all the Rust people get in the comments like the Spanish Inquisition.
-
@goedelchen @floooh @bagder @tdelmas
Fair point, my interpretation of overconfidence was that it leads to laziness, but that was indeed not the original point. If you feel something is protecting you, you drop your personal vigilance, vigilance takes effort, thus avoiding effort being a form of laziness.
Maybe a bit of a leap, but it's my brain and I have to live in here.
@gloriouscow @goedelchen @floooh @tdelmas The point should not be that a language protects you from doing something bad, it should be that it frees up cognitive resources that are unnecessarily spent on figuring out what a certain construction does. Those resources can then be used to actually understand the code.
-
@gloriouscow @goedelchen @floooh @tdelmas The point should not be that a language protects you from doing something bad, it should be that it frees up cognitive resources that are unnecessarily spent on figuring out what a certain construction does. Those resources can then be used to actually understand the code.
@ahltorp @gloriouscow @goedelchen @tdelmas the cognitive load argument may apply to some gc languages, but definitely not to rust
-
@ahltorp @gloriouscow @goedelchen @tdelmas the cognitive load argument may apply to some gc languages, but definitely not to rust
@floooh @gloriouscow @goedelchen @tdelmas I’m of the firm belief that low-level code should be written with low-level constructions and high-level code with high-level constructions. If that’s possible in the same language, great. If it’s not, multiple languages should be used, but that might of course also have problems.
-
@floooh @gloriouscow @goedelchen @tdelmas I’m of the firm belief that low-level code should be written with low-level constructions and high-level code with high-level constructions. If that’s possible in the same language, great. If it’s not, multiple languages should be used, but that might of course also have problems.
@floooh @gloriouscow @goedelchen @tdelmas Very few people were as stupid as me and wrote large amounts of complicated high-level code in 386 assembly well into the ’90s, but in my defence it was code with no security implications and accepting no input.
-
*Zero* out of the six pending #curl CVEs are C mistakes. They are all logical mistakes that would have happened anyway even if we had used another language.
zero out of seven now...
-
zero out of seven now...
@bagder it's the lamp post fallacy. Many memory errors are relatively easy to find, making them a fun target for early static vulnerability analyzers.
Leading to a lot of security bugs related to buffer overruns that were found automatically.
Leading some people to conclude erroneously that since they were the majority of security bugs found, they must represent the majority of all security bugs.
AI vulnerability scans will likely demonstrate they were just the tip of the iceberg.
-
@bagder You know that's not completely true. They may have happened, yes.
But with a finite time to write and review the code, all the time taken focusing on avoiding "C mistakes" could have been used focusing of the logic instead.
(Also, languages with stronger types do provide states and types encapsulation that can help avoid some types of logic mistakes)
-
R relay@relay.mycrowd.ca shared this topic
