Another use after free... I'm on board with cisa on this one. If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
> If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
Sure, as long as you are ok being similarly sued next time you install or use windows, macos, or linux on some box you administer. Those are all written in C. I guess you're OS-less until you write one in something safe. Ditto for web browsers and bootloaders.
> next time you install or use windows, macos, or linux on some box you administer.
I don't administer other people's boxes, I provide them with programs written in safe languages (as a bootable unikernel if they want). If they choose to run them on a buggy OS that's on them.
Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.
Good on Mozilla for the rapid response.
Another use after free... I'm on board with cisa on this one. If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
Please let us know when Rust has an AIX, i/OS, z/OS, Nonstop OS, OpenVMS, or Stratus VOS target.
The headline is about Firefox on Windows for a good reason: that's where the regular users are.
If you want Rust on Nonstop, a niche proprietary platform, your large financial company is welcome to invest in it.
> AIX, i/OS, z/OS, Nonstop OS, OpenVMS, or Stratus VOS
A list of which Firefox runs on precisely none.
> I'm on board
and who are you?
His name is galangalalgol. Fashionable, visionary leader of the rust evangelism strike force. And don't you forget it.
(Read in the voice of Tribore Menendez)
> If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
Sure, as long as you are ok being similarly sued next time you install or use windows, macos, or linux on some box you administer. Those are all written in C. I guess you're OS-less until you write one in something safe. Ditto for web browsers and bootloaders.
> next time you install or use windows, macos, or linux on some box you administer.
I don't administer other people's boxes, I provide them with programs written in safe languages (as a bootable unikernel if they want). If they choose to run them on a buggy OS that's on them.
Wasn't the first cut at windows me written in c#, maybe we can start there. The servo browser on redox isn't even completely free of c I think.
I think you're thinking of Windows Longhorn (https://en.wikipedia.org/wiki/Development_of_Windows_Vista#M...). They used managed code and ended up partially scrapping it to restart development on top of Windows Server 2003.
Windows ME was just Win98SE in an ugly sweater. Mostly C/C++ with some assembly peppered in.
Maybe you’re thinking of this?
https://en.m.wikipedia.org/wiki/Singularity_(operating_syste...
Windows ME was the worst Windows though.
Hard agree.
Windows 98SE SP2 was the best
Vista was the worst in my book. And Vista was actually the real turning point when C# started to infect Windows.
Servo relies on firefox's JS runtime spidermonkey, written in C++.
Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.
It’s not negligent it use an unsafe OS if no safer options exist. It is negligent to use an unsafe language when safe alternatives exist.
Visual programming like Scratch is safer than Rust so it's negligent if we don't all use Scratch next.
Also, everyone should pee sitting down by law because some are known to pee to on their pants otherwise.
/s
I exaggerate alot but even by my standards this is ridiculous hyperbole. Rust just isn't supported on alot of platforms and libraries.