Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jiggawatts 25 days ago

Sorry, but that is an insanely defeatist attitude blended with a hint of blaming users for wanting features.

Image decoders are pure functions and all should have been rewritten as 100% safe Rust years ago.

Users need functionality.

It’s up to us to figure out how to provide that safely.

Saying to users they shouldn’t have those features isn’t sage advice, it’s admitting failure.

microtonal 25 days ago | parent | next [-]

They are actually pushing Rust quite hard now in Android:

https://blog.google/security/rust-in-android-move-fast-fix-t...

Even to the baseband firmware:

https://blog.google/security/bringing-rust-to-the-pixel-base...

yencabulator 24 days ago | parent | prev | next [-]

Since it's a pure function, you can even keep using the legacy C code while still putting it in a sandbox: compile to WASM, then AOT transform to native code, and now it runs in the WASM sandbox at practically-native speed.

https://hacks.mozilla.org/2021/12/webassembly-and-back-again...

(Of course, new code is preferred in Rust over C, for sure.)

anthk 24 days ago | parent | prev | next [-]

Rust wont save you from malicious SVG+JS files, EPS/PostScript files and so on.

michaelt 25 days ago | parent | prev [-]

The thing is, nobody's happy just previewing jpegs and pngs.

Before you know it, people want to preview SVGs, PDFs, video, HTML and so on.

And to do that properly means you've got to support obscure formats like JBIG2 and CCITT Fax. Malicious vector images with a billion elements to render. XML that lets one file embed another.

And good luck getting the budget to re-implement them all from scratch in a better language, when the only business value the feature delivers is a postage-stamp-sized preview image.

amarant 25 days ago | parent | next [-]

Perfection is the enemy of the perfectly good.

And let's be honest, you'll have what, 0.0001% of users who want to preview CCITT in 2026? Less? Probably less.

ValdikSS 24 days ago | parent [-]

It's a part of PDF, so if there's a PDF renderer which makes preview, it supports G4 and JBIG2.

denkmoon 25 days ago | parent | prev | next [-]

The business value is reduced attack surface which is a marketable attribute. Seems like the exact type of thing Apple would do.

marysol5 25 days ago | parent | prev | next [-]

At what point do we just refuse to parse obscure rarely used formats

jiggawatts 25 days ago | parent | prev [-]

Most of these are solved problems to one degree or another. Web browsers have generally switched over to decoding legacy unsafe formats like PDF using safe managed languages, typically JavaScript.

> JBIG2 and CCITT Fax

Since performance isn't such a critical concern with obscure legacy formats, it really wouldn't be much more than a day or two of work for a competent developer with AI agent tooling to convert an existing decoder to safe Rust.

Meta set nearly a hundred billion dollars on fire for a total failure that everybody saw coming, a trillion dollars is what the current AI investment crazy is pouring into concrete and TSMC chips, but... a couple of days for a developer is asking too much!?

anthk 24 days ago | parent [-]

> legacy unsafe formats like PDF using safe managed languages, typically JavaScript.

Are you ironic? If any JS and v8 have tons of CVE's.

Stop being deluded with these hip languages. Rust? you wish. Maybe inferno with proper namespaces AND in-kernel namespace support. No, not like Linux. LIke 9front.

https://app.opencve.io/cve/?product=v8&vendor=google