Originally posted by bacteriamanicure
View Post
Rustls Multi-Threaded Performance Is Battering OpenSSL
Collapse
X
-
Originally posted by TheMightyBuzzard View Post
Yes, that's exactly what I'd say. If your argument requires mental gymnastics or otherwise winks and nudges, it is crap. Hyperbole and exaggeration have no place in discussions like this. Too many people are idiots and would believe them.
Points for originality.
Comment
-
-
Originally posted by DumbFsck View Post
As I said, our disagreement must be on what you and I define as "woke" or what you and I define as "western values". Thank you for answering.
Since your definition of "woke" is that narrow, that charged, and honestly THAT private (how many people do you think would agree your definition of woke is the best description of it? Also, how many "woke" people would accept that description?) - that is where our disagreement comes from.
Originally posted by DumbFsck View PostNext,
...
I haven't seen this scientific proof, do you mind sharing? I take pride in forming and updating and changing opinions based on scientific evidence, so it would be nice.
[Edit]: Here you go: https://networkcontagion.us/wp-conte...y_11.13.24.pdf
Last edited by TheMightyBuzzard; 03 December 2024, 04:06 PM.
Comment
-
-
Originally posted by oleid View Post
What would it take to convince you that rusttls is secure?
There was, for example a formal audit a few years back: https://github.com/rustls/rustls/blo...-01-report.pdf
For example, OpenSSL has had multiple audits, yet there are still weaknesses being found. And no, don't take that as an argument for rustls. Rustls also had multiple CVEs ever since the audit you linked.
So no, an audit, especially one that is 4 years old (considering the code is in constant fluctuation), is not going to serve as proof. Actually, talking about having proof of lack of vulnerabilities is sensationalist and nonsensical. The only thing you can build is trust and confidence, not "proof". What you need is trust that there are audits done periodically, not just once in the product's lifetime that is already outdated. Trust that even though there are still vulnerabilities being found, only that many are being found despite a horde of security professionals, governments, enthusiasts, and paid auditors constantly seeking them. Trust that there is continuous funding for the development and maintenance even long-term. Trust that most multi-billionaire companies are using it in production whose reputation hangs on the line of their products being secure or not.Last edited by ultimA; 03 December 2024, 04:36 PM.
Comment
-
-
Originally posted by bacteriamanicure View PostThe wikipedia article "Gaza Genocide" has many great quotes from israeli government officials (and citations, since wikipedia is ontologically non-canon)
"there are no innocent civilians there"
"All the civilian population in Gaza is ordered to leave immediately. We will win. They will not receive a drop of water or a single battery until they leave the world."
"it might be justified and moral" to "starve 2 million people"
"Gaza will become a place where no human being can exist" and "Creating a severe humanitarian crisis in Gaza is a necessary means to achieving the goal."
I don't think you'd forgive hamas for saying this about israelis
There are no Good Guys in this fight but (and it's a pretty stretched definition admittedly) Israel is the least bad of anyone involved.
Comment
-
-
Originally posted by bacteriamanicure View Post
Okay so as long as I don't explicitly state I want to genocide israelis, I'm fine?
Points for originality.
Comment
-
-
Originally posted by ultimA View Post
The thing is, nobody is claiming rustls is insecure, what people claim is that nobody knows if it is secure or not. If you take audits as a proof of security then you still have long ways to learn. An audit increases confidence, but it doesn't lend proof. And in this regard, OpenSSL has had way more audits than rustls did, and more recent ones.
For example, OpenSSL has had multiple audits, yet there are still weaknesses being found. And no, don't take that as an argument for rustls. Rustls also had multiple CVEs ever since the audit you linked.
So no, an audit, especially one that is 4 years old (considering the code is in constant fluctuation), is not going to serve as proof. Actually, talking about having proof of lack of vulnerabilities is sensationalist and nonsensical. The only thing you can build is trust and confidence, not "proof".
There's many subtle and non-obvious ways to mess up that memory safety doesn't fix and and the rest of Rust can only make sure it's easy to not mess up
As much as I am pridefully woke and Rust pilled, the assertion that "the language is memory safe therefore it's all solved" is insane
Earlier this year there was a CVE about how Rust, Python, java, and a few other languages misparsed command line arguments for command prompt on windows, and then a second one because the initial fix wasn't quite complete
While it was hilarious that, IIRC, java just pretended it wasn't an issue, it is an important reminder that humans are both infinitely clever and infinitely stupid
Comment
-
Comment