On Wed, May 28, 2014 at 3:24 AM, Michael Rogers <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 28/05/14 10:54, Mansour Moufid wrote: >> On Fri, 2014-04-25 at 09:28 -0700, Tony Arcieri wrote: >> >>> There's an entire class of memory safety bugs which are possible >>> in C but not possible in Rust. These also happen to be the class >>> of bugs that lead to Heartbleed-like secret leakage or remote >>> code execution vulnerabilities. >> >> It seems we've come to the programming version of the possibilism >> versus "revolution or nothing" debate. In politics anyway, the >> latter attitude leads to nothing rather than revolution. > > I don't think anyone's suggesting that we should rewrite all existing > software in Rust (the equivalent of revolution). But it's quite > possible to stop writing new software in C. Then we just have to wait > 50 or 100 years for most of the existing C code to fall out of use, > and we'll have a somewhat improved security landscape. Hooray!
That's already started happening. Microsoft has been pushing .NET in various guises for a while. Most desktop applications don't depend that closely on the underlying C APIs of the operating system. On the server side C seems to be losing ground: not in terms of nginx or Apache, but rather custom servers, where C/C++ is not the only choice anymore. Something like Google's Chromebook is probably exposing much less C to the network then otherwise. Unfortunately there is a catch: Google gets to know what you do with it. One can also do incremental replacement: replace Adobe Reader with something safe, and you close a big attack vector. Why does pine need to be written in C and not Ada or Java? Sincerely, Watson Ladd > > I need a drink. > > Cheers, > Michael > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEcBAEBCAAGBQJThblAAAoJEBEET9GfxSfMFzQH/06mPEaJFB+uVftwD4XWHVRy > 5pU71JlEJMLIM5d8qF6oczyT4wMOpzankOanDSGGbQnznT+jji/nn5OM4O1Asgbm > 7JQovsbNmTENHBXw2Jgk7sxU0+lNaR3ejJH2MyrsLIhrPjayFp8PBXpplWzaHQTL > pE2Y1TV5erJwGPL9zHEiH3eF5xB4egW03ZX9t5THCkzOBBoDYYLiYgcTutaV4nNU > sQQCPwNOcVhEWDMH65ooVQg1XtsblAySMWy08/kfWerdcf4xQW3rWRKUR1EGHrL/ > Qvj1X7GLM6NcIU6xXQ5pEfsaf1itN4yx3IedXupmfx7md3YRzVzgu00kKwgKCOM= > =J8dv > -----END PGP SIGNATURE----- > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
