Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
IshKebab 5 days ago

That feels like a very binary view of security. There are certainly cases where something like RLBox takes you from "horrific anything-goes C security" to "probably fine". Image parsing for example, which is a common source of vulnerabilities.

So the question of performance is still relevant, even if RLBox's security properties are less tight.

pizlonator 5 days ago | parent [-]

I think you're trying to compare RLBox and Fil-C because you view them both as "add more security". I get it and that's not entirely unfair, but...

They're just way too different. RLBox is a containerization technology. Fil-C is a memory safety technology.

Like, there's a world where you would use both of them stacked on top of one another, because Fil-C does memory safety without containerizing while RLBox does containerization without memory safety.

IshKebab 4 days ago | parent [-]

Yeah, because they are both "add more security". I totally understand that they are different. But if you just want "more security" then they are both reasonable options to pick, and it makes sense to compare their performance.

It's like comparing apples and oranges - which I always found to be a weird saying because of course it makes sense to compare apples and oranges.

Edit: looked it up and apparently it was originally "apples and oysters" which makes way more sense

https://english.stackexchange.com/a/132907/114887

Although even then it isn't incorrect to compare them. Perhaps you have to choose a canapé, we could have tiny slices of delicious apples, or succulent oysters. But it's impossible to chose because there's no way to compare them arrrghhh!

I wonder what the "most different" two things are.

pizlonator 4 days ago | parent | next [-]

> But if you just want "more security" then they are both reasonable options to pick

The only people doing “more security” are the actors in the security theater business.

If you’re serious about security, you’re going to have a threat model. And I cannot imagine a threat model that is addressed by both Fil-C and RLbox in a similar enough way to where you’d be choosing between them based on perf

kragen 4 days ago | parent | prev [-]

Apples and the abstract concept of the imaginary unit i?