Originally posted by mmstick
View Post
So, speaking for myself I'm just not going to rely on Mozilla as upstream in long term. Whatever, they shown their ugly faces with all these advertisements in new tabs, digital signatures in extensions I can't override and so on. These aren't opensource minded people and not what I've used to value anymore.
Rust on it's own... well, idea itself does not looks anyhow bad, or something. But again, I do not get who needs it. System devs & somesuch? Unlikely, C works for us, and it is nice when we can program everything from microcontroller to supercomputer, and being able to get most of particular system, if desired, and language does not gets on the way. Gamedevs? Uhm, seems they are fine with C++. It maybe not best, but it works for them. Those using newb/rapid approaches seems to like Go. Google did something between JS and C, for those who wants something lite & rapid and lacking cruft of C and disadvantages of JS. Scripters seems to be ok with python, ruby, JS and something. They do not give a fuck about speed anyway. Exotic stuff lovers have drastically different things, from Haskell to D, whatever they prefer. And who needs or wants Rust? And why? Does it offers some unique advantages others can't afford? Or, uhm, what?
Then, Servo. Whole idea using Yet Another Language to do some Better Things looks flawed to me. It never works in practice and if someone relies on language or runtime too much.... uhm, well, Mozilla recently did a really dumbass critical 0day using just JS in sandbox, dammit. Because they are nuts. First, they forgot about input validation. And so it has turned out PDF can actually be JS code. Then these perverts transform PDF to JS to render it. Uh, sure, it has demanded what followed. Rogue JS hits pdf.js, pretending to be PDF and getting executed, due to lack of validation. Dumb, but shouldn't be fatal on it's own. But Mozilla devs decided to "improve security" further, preparing code base for being muti-process. Somehow, they FUBARed it and rogue code was able to get elevated rights, pretending it is also part of PDF.js. How smart. Then, rogue code can do a lot of nasty things, practical examples usually scanned HDD and stealing everything valuable stuff they can, like SSH keys, passwords, etc. It took a really epic-scale pwnage until Mozilla devs noticed they've got EPIC FAIL. Does someone honestly thinks rewriting browser engine in different language would save THESE devs from something? IMHO, not a snowball chance in the hell. Doing critical 0day using JS, after extensive praising JS security is just EPIC. So I would think they can easily repeat EPIC FAIL with Rust. Or whatever language, as long as it allows to do anything meaningful.
Comment