Defining the Rust 2024 edition

Posted Jan 31, 2024 15:58 UTC (Wed) by mb (subscriber, #50428)
In reply to: Defining the Rust 2024 edition by bluca
Parent article: Defining the Rust 2024 edition

I didn't say never.
But the error rate *is* relevant for the rebuild-the-world argument.
Rust code has a *much* smaller CVE defect rate than C code. Therefore, the effect of rebuild the world due to CVE is much smaller than you expect.

Defining the Rust 2024 edition

Posted Jan 31, 2024 17:54 UTC (Wed) by LtWorf (subscriber, #124958) [Link] (8 responses)

The amount of rust code is also much less… ping me when rust will have libraries to read pdf, mp3, jpeg files and all sort of malformed files will cause continuous issues, as usual.

Defining the Rust 2024 edition

Posted Jan 31, 2024 18:45 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

Time to wake up!

PDF: https://github.com/pdf-rs/pdf (with automated fuzz tests)
MP3 (and other audio formats): https://crates.io/crates/symphonia (100% safe Rust)
JPEG: https://github.com/etemesi254/zune-image (with SIMD and turbo-speed, continuously fuzzed!)

Rust ecosystem is already far surpassing the quality of even the old C-based libraries.

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:05 UTC (Wed) by LtWorf (subscriber, #124958) [Link] (1 responses)

You sound like one of the usual trolls who could write curl in a weekend.

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:27 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

Yet it was you who listed formats off the cuff, without even doing a Google search to verify your prejudices.

The new ecosystem in modern languages is already outpacing the traditional creaky old C-based infrastructure, that is mostly held together by duct tape and wishful thinking. So new languages are clearly doing something right (and some things wrong, of course) and perhaps you should actually look at what they're doing? Instead of just mandating that cars should have a flagman walking ahead of them to make sure they don't scare horses.

Defining the Rust 2024 edition

Posted Jan 31, 2024 18:50 UTC (Wed) by mb (subscriber, #50428) [Link] (4 responses)

>The amount of rust code is also much less

https://security.googleblog.com/2022/12/memory-safe-langu...

> Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language.
> 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.
> To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:04 UTC (Wed) by LtWorf (subscriber, #124958) [Link] (3 responses)

The majority of the ADDED code isn't the majority of ALL the code.

As you know perfectly well.

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:12 UTC (Wed) by mb (subscriber, #50428) [Link] (1 responses)

> The majority of the ADDED code isn't the majority of ALL the code.

And I didn't say that.
As you know perfectly well.

Do you understand what zero means in denominators?

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:13 UTC (Wed) by mb (subscriber, #50428) [Link]

numerator, of course.

Defining the Rust 2024 edition

Posted Jan 31, 2024 19:43 UTC (Wed) by Wol (subscriber, #4433) [Link]

> The majority of the ADDED code isn't the majority of ALL the code.

Who cares. Classic "lying with statistics".

If you want to argue that Rust has fewer bugs because it has fewer lines of code, that may be true. But that's not the argument being made.

The argument is that Rust has fewer bugs per KLoc. Which given that C has had $deity knows how many years to get rid of bugs, is rather telling.

Especially if Rust's "fewer" bugs is ZERO bugs.

Cheers,
Wol