top | item 43395008 (no title) dbmikus | 11 months ago If the goal is safety, rewriting ancient battle-tested software is not the way to do it.The Lindy Effect for software: the longer software appears to be bug-free, the more likely it is bug-free. discuss order hn newest jorvi|11 months ago With how often severe CVEs pop up years or even decades later, that is an unwise line of thinking.In 2020, iOS suffered a zero day exploit based on font library code from the 90s. A bug that sat dormant for 30 years.As far as rewriting / rethinking core utilities, I'm glad that for example `doas` and `sudo-rs` exist to beef up root authentication.https://googleprojectzero.github.io/0days-in-the-wild/0day-R... N2yhWNXQN3k9|11 months ago True, but there is no reason that those battle-tested cases cannot be migrated into other projects by a mindful maintainer / author (not to say that language-specific issues cannot arise, yet rust vs C seems like a pond vs ocean scenario).
jorvi|11 months ago With how often severe CVEs pop up years or even decades later, that is an unwise line of thinking.In 2020, iOS suffered a zero day exploit based on font library code from the 90s. A bug that sat dormant for 30 years.As far as rewriting / rethinking core utilities, I'm glad that for example `doas` and `sudo-rs` exist to beef up root authentication.https://googleprojectzero.github.io/0days-in-the-wild/0day-R...
N2yhWNXQN3k9|11 months ago True, but there is no reason that those battle-tested cases cannot be migrated into other projects by a mindful maintainer / author (not to say that language-specific issues cannot arise, yet rust vs C seems like a pond vs ocean scenario).
jorvi|11 months ago
In 2020, iOS suffered a zero day exploit based on font library code from the 90s. A bug that sat dormant for 30 years.
As far as rewriting / rethinking core utilities, I'm glad that for example `doas` and `sudo-rs` exist to beef up root authentication.
https://googleprojectzero.github.io/0days-in-the-wild/0day-R...
N2yhWNXQN3k9|11 months ago