- You think programming languages should be closed and proprietary - You like random pauses caused by forced collection of the garbage - You think program start-up should take minutes so you use stupid VM-languages instead - You like broken features and memory corruption - You sell hardware and want to deploy inefficient scripting languages only to sell more - You only do pure programs that don't interact with the world - You are a retard who doesn't understand the concept of ownership
Anything else?
Name:
Anonymous2015-04-12 9:57
>>40 It is you who is misguided. Security does mean lack of backdoors. What you are talking about, on the other hand, is correctness, or, more precisely, the formal verification of correctness.
Name:
Anonymous2015-04-12 10:04
>>41 "Security does mean lack of backdoors." Software with exploits, buffer overflows, data corruption and crashes every time it get a bad packet is now secure. (/prog/ security experts , 2015)
Name:
Anonymous2015-04-12 10:06
>>42 With exploits? No. Otherwise, yeah, it would be secure. In fact, most of the software considered secure today is chock-full of data corruption, crashes, glitches etc, exactly because people care more about security than they care about correctness.
Application security (short: AppSec) encompasses measures taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.
Name:
Anonymous2015-04-12 10:39
>>45 So? Flaws in the design== incorrect design==insecure app
flaws in the design, development, deployment, upgrade, or maintenance of the application.
Name:
Anonymous2015-04-12 10:50
Also don't forget physical security: if key developers aren't anonymous and don't use tor/i2p they could be easily assassinated by CIA(C Implementation Agency) and the programmers will switch back to C.
Name:
Anonymous2015-04-12 10:50
Also don't forget physical security: if key developers aren't anonymous and don't use tor/i2p they could be easily assassinated by CIA(C Implementation Agency) and the programmers will switch back to C.
Name:
Anonymous2015-04-12 10:55
>>46 Not all design flaws are a threat to security. Your == signs are ill-placed.
>>47 Why murder the devs when you can force them to plant backdoors into the implementation and then exploit those backdoors to your great profit?
Name:
Anonymous2015-04-12 11:06
Rust leverages core developer skillsets and world-class team synergy through Github to provide programmers worldwide with robust, scalable, modern turnkey implementations of flexible, memory-safe, cutting edge ownership-based compile-time systems programming stack of algorithmic architectures that accelerate response to theoretic and real-world security demands and reliably adapt to evolving software needs, seamlessly and efficiently integrating and synchronizing with their existing legacy codebases, enhancing the debugging capabilities of their code production environments across the enterprise while giving them a critical competitive advantage and taking them to the next level.
Name:
Anonymous2015-04-12 11:14
>>49 1. They are a threat to quality. Saying its "its open source"=="its secure" is actually "if its broken, fix it yourself". 2.backdoors can be noticed by outsiders.
Name:
Anonymous2015-04-12 11:20
>>51 1. Quality has no relation to security. You can have a totally secure program with no quality, e.g. any "hello world" program.
2. Like in OpenSSL, right?
Name:
Anonymous2015-04-12 11:26
>>52 Hello World is a quality program in theory: it does what it designed to do, doesn't crash or leak memory, doesn't connect to random servers in china every day and is inherently stable due no external dependencies...wait a moment... if libc is compromised, this isn't the case. Printf/Puts could be sending your bank data to russian botnets right now. Unless you control the entire stack "Hello world" is as secure as trojan.exe.
Name:
Anonymous2015-04-12 11:38
The only way to safety is to create a proven hypervisor program, inside which a proven secure OS(without any access to hypervisor) running a proven secure Virtual Machine(which has zero access to the OS) inside another Virtual Machine with different proven secure codebase(which has restricted access to the OS). Load this from a USB stick and save data into another USB stick(encrypted of course). Now you can claim security of the entire stack...and then your Intel CPU receives a specific Wifi signal...
Name:
copy pasted blogshit2015-04-12 13:19
>>54 this offers nothing but an illusion of security theatre, that is, until the formal prover that you use has been formally proven to be correct (on a formally proved secure OS). Therefore by godels theorem all software is not only insecure but impossible to prove secure. The conclusion is that we should give up and use rust even though it has no specification and no is able to prove things like memory safety that keeps being claimed about it.
Name:
Anonymous2015-04-12 13:20
>>55 The conclusion is that we should give up and use PHP even though it has no specification and is not able to prove things like memory safety which it nevertheless has.
Name:
Anonymous2015-04-12 13:39
>>55 Rust claimed "safety" is bullshit, but thats not a reason NOT to use it, its just unstable hipster lang which could mutate in a week.
Name:
Anonymous2015-04-12 13:39
>>55 Rust claimed "safety" is bullshit, but thats not a reason NOT to use it, its just unstable hipster lang which could mutate in a week.
>>60 Oh. You're an idiot, then. Haskell has no formal specification either, which doesn't prevent it from being one of the most secure and safe languages.
Name:
Anonymous2015-04-12 14:40
>>61 Have you read the sources of your 'Haskell'? Its runtime is bunch of horrible, cludgy C that hasn't even been audited or seen any "verification" in years.
>>65 Thank you. My point is that having source allows a security audit to be performed if one is desired.
If what you really want is a formally verified language, all I can say is good luck with that. The process is simply too slow to practically replace existing languages like C or C++ that were never held to that standard. Merely eliminating a few of the foremost sources of bugs in those languages is a big enough win to justify Rust's existence.
Name:
Anonymous2015-04-12 20:16
a big enough win to justify Rust's existence.
But not big enough to switch. I'd check it at v2.0 to see how they fare against C++.
>>74 I never understood what tabs are or what they're good for. I always use spaces.
Name:
Anonymous2015-04-15 10:36
Rust does not have the "C-style" for loop on purpose. Manually controlling each element of the loop is complicated and error prone, even for experienced C developers.
Experienced programmers are too stupid to be trusted implementing for loops. And here I thought Python's ``developers are too stupid to format their code or press ctrl-shift-f in their IDE to clean up messy code'' mentality was the worst.