But wait.... That's literally impossible! Rust is unhackable because it's mEmOrY sAfE!
Conversation
Notices
-
Embed this notice
BSD/r000t (r000t@ligma.pro)'s status on Wednesday, 10-Apr-2024 17:23:56 JST 
BSD/r000t
- Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 10-Apr-2024 19:53:56 JST 
翠星石
@m0xEE >The vulnerability has nothing to do with memory safety though
Yes, even if rust was not vulnerable to memory bugs, rust is still vulnerable to every single other kind of bug and the rust syntax forces you to write more code, which means more bugs. -
Embed this notice
:marseyloadingneon: m0xEE :marseyloading: (m0xee@breloma.m0xee.net)'s status on Wednesday, 10-Apr-2024 19:53:59 JST 
:marseyloadingneon: m0xEE :marseyloading:
@r000t The vulnerability has nothing to do with memory safety though — they just don't sanitize the arguments passed to cmd thoroughly enough and you can append calling other batch files to it, that's why it's Windows specific.
Personally, I doubt that it's standard library's call at all to do this :marseyshrug:
Not only Rust is affected, but every other language that has similar facilities in the standard library producing binaries that run in Windows — it's even mentioned in the article. And as you can see, for most of them the fix is to mention it in the documentation, for Java it's explicit WONTFIX even. The headline is made clickbait on purpose by Rust being mentioned IMO, no other tech news website put it that way — that is why I have failed to find a similar article on Slashdot or The Register and had to go to Bleeping Computer itself to read about it. -
Embed this notice
Växẍ Säbbäth (vaxxsabbath@poa.st)'s status on Wednesday, 10-Apr-2024 19:55:31 JST 
Växẍ Säbbäth
@r000t the problem isn't Rust, the problem is trying to make it work with the cancerous shitpile that is Windows, against which contagion even the purest Platonic logic fails
-
Embed this notice
Fuggy ✡️:nixos: (ceooffuggy@bae.st)'s status on Friday, 12-Apr-2024 11:21:06 JST 
Fuggy ✡️:nixos:
@r000t package manager really encourages people to abuse it and overuse it way too much, this is how you get leftpad situation. But it's purely psychological thing because a package manager is great in theory, but just often not in practice Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Fuggy ✡️:nixos: (ceooffuggy@bae.st)'s status on Friday, 12-Apr-2024 11:21:07 JST
Fuggy ✡️:nixos:
@r000t or just make Rust better, needs a reworking of it's compiler. Also people need to stop using crates so much, but I can only dream. The core of the language like syntax and the concepts like the barrow checker are great, just the compiler sucks and is bloated again -
Embed this notice
Fuggy ✡️:nixos: (ceooffuggy@bae.st)'s status on Friday, 12-Apr-2024 11:21:08 JST
Fuggy ✡️:nixos:
@r000t No one claims Rust is unhackable, they only claim it had more secure model. Which is true I think, but the tooling around it is quite bloated and this might become more apparent. But some of the ideas are good, can be learned from to create something better I think -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 12-Apr-2024 11:25:56 JST 
Haelwenn /элвэн/ :triskell:
@thatbrickster @ceooffuggy @r000t I think that would be a pretty dumb move, not that LLVM doesn't have it's flaws but compiler backends are a pretty big ordeal, in fact one of the reasons the gcc-rust project exists is because gcc still supports more architectures than LLVM.
Plus you'd need to be careful to not generate bad code while still providing a good level of optimisation (after all idiomatic Rust is a bit known for sometimes having better performance than idiomatic C). -
Embed this notice
Bricky (thatbrickster@shitposter.world)'s status on Friday, 12-Apr-2024 11:25:57 JST 
Bricky
@ceooffuggy At one point, replacing LLVM with their own code was considered. I would certainly still like to see it in 2.x.
@r000t
All GNU social JP content and data are available under the