Why Nostr? What is Njump?
2024-04-03 11:57:27

mleku on Nostr: #rust adherents are deluded in believing the idea that merely memory access ...

#rust adherents are deluded in believing the idea that merely memory access violations are the only kind of way in which the security of software is breached

firstly, this only applies to binary code running on physical or virtualized hardware, where a kernel is managing access to memory - it isn't relevant to such runtime environments like WASM or JVM because they already have automatic access controls and generally are not targeted by languages that have pointer arithmetic

secondly, more often the problem comes from poorly constructed access control systems, where simplicity of the code is the key thing to enabling the developers to notice that there is a problem and prevent the code running in the wild to be exploited by hackers looking to breach potentially valuable user data

thus, the more complex and circuitous the language syntax is, the more ways in which it can be made completely idiosyncratic by the use of macro programming, the harder it is to learn the language, ie, the more complex the syntax, the more ways in which errors in ACL systems can be introduced and lead to methods to bypass the ACL and/or privilege escalate to enable read/write access to data that is supposed to be privileged

and lastly, a hard to understand, and difficult to learn memory management system, that prevents the aforementioned buffer overflow attacks, creates a false sense of security for those who make decisions about what language to implement a system with

most of the shitcoins now run smart contracts written in rust, and unless i'm mistaken, the frequency of breaches and hacks has not changed one iota

#fuckrust
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku