Bulk rewrites of everything into Rust with AI assistance?

foobiekr 4 hours ago | parent | next [-]

I am looking at the results of a mass vulnerability scan as I type this. Half of the bugs in one case are in fact (binary) parser errors for hand-written parsers. These really should not exist in any language - but in C it's particularly bad. Kaitai Struct or something similar would broadly have prevented these. Rust would help here, but less than a parser generator (because it could automate error checking insertion for things that aren't just out of bound access).

However, half of the vulnerabilities are logic errors in terms of what I would call RBAC enforcement, incorrect access permissions, and so on. Rust won't help at all with any of these.

▲

jiggawatts 4 hours ago | parent [-]

I was just working on a system best thought of as a “dinosaur”: written almost entirely in C (and a bit of PERL) and running on an appliance with BSD as the kernel.

It’s full of bugs and has had a string of RCE vulnerabilities published recently, probably because of Mythos.

Working with it day to day I get this feeling that the tech stack used results in a system that’s… clumsy and constrained.

Little things give me that impression, and I can’t quite put it in words, but it’s thirty years of experience working with dozens of languages and platforms speaking here.

Using C makes you clumsy.

It makes you trip over things other languages don’t.

It makes it obscenely difficult to do even simple things. It’s like trying to put a delicate ship into a bottle while wearing oven mitts.

Switching to a better language isn’t just about the specific capabilities of its compiler, it’s also about what it enables in the humans using it.

	▲	foobiekr 4 hours ago \| parent [-]
		I don't disagree with that, but my point is that Rust will not really solve vulnerabilities.

▲

0xbadcafebee 3 hours ago | parent | prev [-]

Rust is overly complex and difficult, Go is simpler and easier and has the memory protection people are obsessed with