Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
tech.lgbt is one of the many independent Mastodon servers you can use to participate in the fediverse.
We welcome all marginalized identities. This Mastodon instance is generally for folks who are LGBTQIA+ and Allies with an interest in tech work, academics, or technology in general.

Administered by:

Server stats:

2.8K
active users

tech.lgbt: AboutStatusProfiles directoryPrivacy policyTerms of service

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4+glitch

Public

this latest edition of "Android team posting nothing but Ws for adopting Rust" is super important because it identifies that:

*you don't have to actually rewrite all your old unsafe C/C++ code to get the benefits of adopting safe languages, in terms of reducing vulnerabilites*

because they identify that most bugs are in new/changed code (with exponential decay!), so if you preferentially write new code in a safe language, your vulnerabilities crater even though most of your code is still unsafe!

security.googleblog.com/2024/0

Google Online Security BlogEliminating Memory Safety Vulnerabilities at the SourcePosted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threa...

@Gankra my professional opinion is that this is correct and you should RIIR mostly only if you need the code base to be safe on a shorter horizon than the half life of your bugs

Sep 25, 2024, 09:44 PM·Public
0boosts·9favorites
Public

@fay59 eh with this result you still need to riir any component that gets a lot of changes. but like any Haunted components no one touches? fuck it

Quiet public

@Gankra @fay59 just rewrite parsers and other user-input-related stuff and that already gets you like 90% there

Explore
About