Announcement

**Volta** · 11 November 2022, 10:47 AM

Separately, yesterday the US National Security Agency published guidance on protecting against memory safety issues.

How about protecting users from Platform Security Processor and Management Engine?

**dlq84** · 11 November 2022, 10:52 AM

Originally posted by uid313 View Post

NSA suggesting Ruby is quite scary!
I never liked Ruby, eww.

They look at memory safety in isolation, and ignoring everything else about the languages.

**mdedetrich** · 11 November 2022, 12:45 PM

Originally posted by uid313 View Post

Ruby is a terrible language for security despite being memory safe, not because of the terrible syntax, but because it is dynamically interpreted so it has poor handling of data types and null values.

I think you are confusing dynamic vs static typing with strong vs weak typing. Ruby, similar to Python, is strongly typed which means that if you do something like trying add 2 objects it will fail immediately. Now because its dynamically typed it happens at runtime but unlike Javascript, its not going to silently coerce the object to something else and actually try to add 2 nonsensical things.

wrt to nil (not null, Ruby doesn't have null) although there are problems with it, they still at least have syntax helpers to help deal with the problem, i.e. https://stackoverflow.com/questions/...uby-on-rails-2

**luno** · 11 November 2022, 04:39 PM

Originally posted by uid313 View Post

NSA suggesting Ruby is quite scary!
I never liked Ruby, eww.

I like Rust but would much prefer that the syntax used a single dot instead of this noisy double colon syntax.
Also I find the module system confusing, I have to create a file with the same name as the directory to export files inside the directory.

I feel like there is good syntax programming language inside Rust which is waiting to coming out, something which is simple to read and memory safe

**cj.wijtmans** · 11 November 2022, 08:38 PM

Modern C++ compilers has ASAN. I dont know if that would make it "memory safe" but its pretty much similar to rust that it can be turned off and on. Again the issue is not with c++ its with the implementations and tooling. Rust syntax cringes me out but also its centralized tooling and lack of standards are scary as well. You can see why big corp are pushing out.

**cj.wijtmans** · 11 November 2022, 08:39 PM

Originally posted by Volta View Post

How about protecting users from Platform Security Processor and Management Engine?

They provide security from you not for you 🤔. what about NSA encryption backdoors? Router backdoors? Firmware backdoors? Cpu backdoors? What about Xkeyscore? NSA dont make me laugh.

**NobodyXu** · 11 November 2022, 09:06 PM

Originally posted by cj.wijtmans View Post

Modern C++ compilers has ASAN. I dont know if that would make it "memory safe" but its pretty much similar to rust that it can be turned off and on. Again the issue is not with c++ its with the implementations and tooling. Rust syntax cringes me out but also its centralized tooling and lack of standards are scary as well. You can see why big corp are pushing out.

Rust's memory safety checking cannot be turned off.
It's just that you can add unsafe blocks to call unsafe function and dereference pointers.
Unsafe can be easily spotted in interviews and then reviewed carefully, while everything else is guaranteed to be memory safe.

The development of Rust happens entirely on github in a transparent manner, unlike C/C++ which happens in the committee and requires you to pay some money just to download some RFCs or join in the committee.

If eanything, you should be more scary of C/C++, because their language spec are completely in control of the big corp and the committee itself is not transparent.

And C/C++ also get pushed by the big corp initially, so I don't see any problem with that.

**bachchain** · 12 November 2022, 12:10 AM

Originally posted by cj.wijtmans View Post

the issue is not with c++ its with the implementations and tooling.

So...the issue is with C++? Sure it's nice to fantasize about theoreticals, but, here in reality, what matters are the things that can actually exist. The fact of the matter is that the C family has spent billions of dollars and millions of man-hours over the past fifty years trying to "fix it with tooling", yet we're nowhere near close. I hate to be the one to break it to you, but it's never going to happen.

**CommunityMember** · 12 November 2022, 12:30 AM

Originally posted by cj.wijtmans View Post

NSA dont make me laugh.

What many do not understand is that the NSA has multiple directorates, some are responsible for (and good at) pure math (i.e. crypto), some are responsible for (and good at) finding bugs to exploit to meet the countries objectives for infiltrating other countries security, and some are responsible for (and good at) defensive processes and recommendations for the country. The later directorate recommending that companies do not do stupid is not exactly rocket science (that would be NASA :-)), but the NSA "brand" gives a certain amount of authority and recommendation for CIO/CTOs to be able to say to the CEO that if we continue to do stupid, it is on "us", which could be a really really big fine, so lets stop doing stupid.

**rogerx** · 12 November 2022, 01:57 AM

I do not like the ideology of accepting something that enjoys deprecating technology in secret or in a subdued manor.

Think this will really slow down the kernel. So far, I have not seen much use for rust or ruby, or any of the newer languages, except for maybe go programming language.

Announcement

Rust Developers Move Ahead With Preparing To Upstream More Code Into The Linux Kernel

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment