top | item 39083014

(no title)

Right—and maybe those places ought to install OpenBSD. https://www.openbsd.org/

Rust is not immune to security vulnerabilities. And at the end of the day, social engineering will steal more data than "hacking the mainframe". Why break in when you can just ask to be let in?

OpenBSD has a great security track record because they resist excessive change and prefer simplicity. For those who want to add Rust to the core of FreeBSD my primary question: is it really necessary? Or is it just because a bunch of Rustaceans want to?

discuss

mcronce|2 years ago

Not solving all security issues isn't the same as not solving security issues. I'd rather my financial data be handled by software written in something that solves many whole classes of vulnerabilities than something that solves none of them.

carlmr|2 years ago

Apart from the fact that it doesn't only solve a lot of security vulnerabilities, but also avoids a lot of bugs, by virtue of having a stricter type system and memory safety.

nocombination|2 years ago

Remember we are talking about putting it into the core OS and overall what will the impact be on the stability of said OS. What folks here tend to describe is userspace applications which languages like Go/Java/C#/Erlang/Etc... already solve. In fact, most banks probably already use safer languages for the bulk of the workloads and it works just fine.

I want to point out one more thing: Rust is not a simple language by any stretch. It's equal to in complexity to C++ (yet without decades of established "good practices"). It is much preferable to have an easier to understand core and move the complexity outward—for improved stability and robustness. The core OS by nature of what it does needs to access raw resources in an "unsafe" manner. Rust kernel code will be littered with unsafe blocks and unnecessary complexity.

avgcorrection|2 years ago

> For those who want to add Rust to the core of FreeBSD my primary question: is it really necessary? Or is it just because a bunch of Rustaceans want to?

Bfha... the link is a thread by the FreeBSD devs. Stop it with this language evangelist strawman.

nordsieck|2 years ago

> Right—and maybe those places ought to install OpenBSD.

Sure.

But running on OpenBSD doesn't solve application level vulnerabilities. And sure - OpenBSD may help limit the ability of an attacker to leverage one vuln into compromising the entire system. But if the original attack was important enough, that's cold comfort.

kjs3|2 years ago

OpenBSD? So lower scalability, limited hardware support, less features and a culture that screams "screw you" at anyone who doesn't think their world view is the only One True Way. Yeah...that'd be awesome. I mean, I'm as skeptical of Rust as anyone who's been around for more than a decade, but seriously.

jimberlage|2 years ago

It seems like this isn’t actionable for me - I don’t have much sway over people’s choice of install. Given this, I think my best course of action are to push for regulation, or for standards bodies to accelerate the transition to memory safe languages.

I don’t think it was your intention, but what you just said makes me want to applaud more heavy-handed efforts to make the switch away from C/C++.

unknown|2 years ago

[deleted]