Originally posted by RahulSundaram
View Post
Announcement
Collapse
No announcement yet.
BoringTun v0.4 Released For CloudFlare's Rust-Based WireGuard
Collapse
X
-
Originally posted by jntesteves View Post
It's a well established fact that about 70% of all high- and critical-severity security vulnerabilities are the result of memory unsafety, that would have been avoided had software been written in a memory-safe language. The world's most well funded development team working on Google Chrome have acknowledged that security critical parts of it need to be rewritten in a memory-safe language.
Anyone who still fails to see the value of rewriting in rust are choosing blindness. The only reason the whole industry isn't migrating to memory-safe languages now that it's possible for pretty much every use-case is the sheer amount of work, not the lack of value. Starting to write new security-critical software in an unsafe language today would be reckless negligence.
The CF guys spent 3 years on this already, and it's still nowhere near feature parity. It's not helping anything, it's just a complete waste of time. All because some clever fella in management has warm feelings for Rust. It's all cyclic, first it was Python, then Go, now Rust is the next big thing. Quick, dump all the C(++) code in existence, because we're too stupid to call free() or check the length of our arrays!Last edited by anarki2; 08 March 2022, 04:58 PM.
- Likes 2
Comment
-
Originally posted by RahulSundaram View PostYou are missing a lot of context, it's not just about the language, refer to https://blog.cloudflare.com/boringtu...ireguard-rust/
Comment
-
Originally posted by brad0 View Post
That doesn't change what he said. It's another WireGuard implementation in another language that's less portable just as the other implementation in Go.
- Likes 2
Comment
-
Originally posted by anarki2 View PostI prefer competent programmers over fresh shiny languages. It's not that earlier programming languages were inherently horrible, it's just that programmers are getting less and less competent.
- Likes 3
Comment
-
Originally posted by Almindor View Post
This is incorrect. Unsafe is required for many low level things. In low level programming Unsafe is a requirement for most interfacing with the underlying hardware, for example accessing status register values.
I'm a big fan of Rust and their philosophy but people who tend to do things on the high level only get this odd impression that unsafe is this forbidden niche part of the language mostly just for C FFI. That's just not true.
Unsafe is not forbidden (otherwise it would not have been exposed), but it is meant to remain niche. At least as far as generic programs go. If all your code is made up of C API calls and register manipulation, then yes, it would be full of unsafe blocks.
I was also under the impression embedded is not Rust's turf yet, because of Rust including its full runtime in a statically compiled program. Turns out for embedded, you do #![no_std], #![no_main] anyway. Thanks for making me look (but I still await the day Rust will be able to also build its own runtime when building an executable).
Comment
-
Originally posted by anarki2 View PostI fail to see the point. Simply rewriting in a different language is not a plus on its own. They might as well could've sent patches for the things they want to achieve.
- Likes 3
Comment
Comment