Orman

Troof twitter.com/SwiftOnSecurit…

@a_manning0 @LukasHozda IIRC the main benefit is that it has less/smaller(?) potential soundness holes

@LizardOrman @LukasHozda Other than not being a proc macro, selfcell is just worse. Can't even choose custom field names on a self-referencing struct

In reality, `unsafe` apperas in the average Rust codebase 0 times You usually need unsafe in the following situations: - You need to interface with C libs (the compiler isn't psychic) - Same but with HW (the compiler still isn't psychic) - You know something rustc doesnt (rare)

@lordmagus @LukasHozda We just need a "Let's talk about C..." section

@LukasHozda I don't understand why people love shitting on Rust. They should all be watching the famous WAT Javascript video to occupy their time: destroyallsoftware.com/talks/wat Or it's just a cry for attention.

@coolkoon @LukasHozda Most projects can delegate

@LukasHozda "You need to interface with C libs (the compiler isn't psychic)" - ...which is 100% of the time for any reasonable-sized project.

@a_manning0 @LukasHozda IIRC selfcell is the improvement over ouroboros, FWIW.

@LukasHozda You pretty much need it for self-referencing structs also. Ouroboros is OK but is quite limited in what it can do

@kulkalkul @redixhumayun @LewisCTech @LukasHozda ...That's just the normal requirement of all interfaces?

@redixhumayun @LewisCTech @LukasHozda > What does unergonomic even mean here? You need to ensure safe interface can't mess up. Plus: doc.rust-lang.org/nomicon/. Try writing an ECS library with it and Odin.

@minz_anupam @LukasHozda Yes, that's the point - minimizing the boundary of potentially-unsound code

@LukasHozda - you don't need to interface with os - you don't need to interface with c libs - you don't need to interface with hardware Tell me you are using libraries for everything without telling me you are using libraries for everything.

@LuisUr288 @Devils_Tooth @TheatreSpoonie @LGBwiththeT Yes because things are expecting to have either elevated estrogen or higher levels of testosterone, but not both. AFAIK all the alleged negatives of puberty blockers that aren't just "you have the health risk profile of the assumed sex" go away as a result of having the other one

@LizardOrman @Devils_Tooth @TheatreSpoonie @LGBwiththeT 🫤 different chemicals for certain, however the purpose is to prevent/limit the production/use of certain hormones by the body.

🚨 So called 'Gender critical' @thatveganlass is a convicted sexual abuser (including involving 4 children): three charges of assault, two sexual assaults, two of indecent communication, one indecent assault and two offences of behaving in a threatening or abusive manner. 1/

@LuisUr288 @Devils_Tooth @TheatreSpoonie @LGBwiththeT Suppresants are not the same thing as puberty blockers.

@Devils_Tooth @LizardOrman @TheatreSpoonie @LGBwiththeT Not meant to be for legitmate reasons you can't "pause" aging. Though suppressants are still used with cross-sex HRT until SRS removal of hormone producing organs is common from what I've read.

@emojibakemono @ClassicGamerTWR you can do that /as well/? isn't having lots of threads go's whole thing? (I don't write go myself)

@LizardOrman @ClassicGamerTWR you can cause memory corruption without the use of unsafe or screwing around with the internals though. just via the lack of threat safety

“Memory safe” is the buzzword of the moment. It’s meant to evoke the idea that C++ is an unsafe languge while Rust is a “safe” language. The jury is still out whether this is true in practice. Very few large-scale system programs have been written. And the attempted linux modules have run into headwinds. Complicating matters is an excited fanbase using Rust for all the wrong reasons. “Memory safe” is often interpreted as only Rust is memory safe and all other platforms must be replaced. Web applications and rewrites of well established libraries are generating noise and wasting a lot of time. None of which helps in establishing the key finding needed to make Rust successful: Is the borrow checker a safe, secure, and performant replacement for Garbage Collection? Until the Rust community is able to focus and answer this question at scale, the safest move is for company is to stick with proven, garbage collected solutions. Which means more Java, .NET, Go, and Python. And if Rust is unable to make its case in absence of the hype, we will continue using C/C++ in systems work for a very, very, very long time.

@paul_e_jones @ClassicGamerTWR ...So you do a bunch of things to mitigate potentially bad or faulty code sneaking into the end product? That's what rust does too, just more comprehensively. It's not one or the other, you use a language that has infinitely higher standards for valid code, *and* test and review

@paul_e_jones @ClassicGamerTWR Rust basically exists because you can't "write it correctly to start with" with an error rate comparable to that of cosmic rays causing rustc to malfunction, and/or you need to take unnecessary runtime costs to do so.

@paul_e_jones @ClassicGamerTWR Sure, you can use unsafe to avoid that last bounds check (but often there's alternatives) or calling into C, but... that means you're at the same level as the C++, not any worse. And you only need to scrutinize those calls, whereas you need to scrutinize all C++ everywhere

I think a lot of people overestimate just how much Internet - especially the old Internet - the Wayback Machine has saved. There seems to be an assumption that everything which has ever existed online *must* be out there, somewhere, and that isn’t true.

@tracewoodgrains @harpersealtako2 Websites are restricting all sorts of material that may or may not fall under the act out of an abundance of caution

@tracewoodgrains @harpersealtako2 You're assuming twitter's actions are motivated sensibly

@robokoteg @ClassicGamerTWR FWIW someone linked thm elsewhere in the thread and the numbers are even more revealing x.com/LizardOrman/st…

@robokoteg @ClassicGamerTWR Not to mention that blog article from Google reporting zero memory safety issues in their rust components in Android

@mav3ri3k @HSVSphere There's laziness in the chunk().map() section because you're not landing the mapped chunks until you do the collect()

@HSVSphere Wait, I dont get it. Here he immediately collects everything, laziness is never used ? No reduction or deffering either compute or memory.

lazy computation composes & is actually as efficient as a manually written loop btw (sometimes even more efficient as iterator size hints exist)

@HSVSphere Its kinda annoying there's no stdlib combinator for doing chunks() over an iterator that's not a slice

@hecubian_devil Not to mention, having asked the question "neutrally," picking out an implication of the answer as "obvious" is an extremely loaded thing. Because I'm sure he does not mean the "obvious" reason that, y'know, Christians left fianancial services to others for religious reasons

@ClassicGamerTWR @yourerightson @JLarky @LukasHozda "...the rollback rate of Rust changes is less than half that of C++." "To date, there have been zero memory safety vulnerabilities discovered in Android’s [1.5MLOC] Rust code." "Historical vulnerability density is greater than 1/kLOC" Fail to establish a correlation? lolno

First off, thank you for bringing data! This is absolutely how we have a discussion. 🙏 I’ve seen several of these before, so allow me to break it down: 1. Google found that bugs have a half-life and that the number of issues naturally decreases over time. They mention Rust, but fail to establish a strong correlation in this article. Promising! But not yet strong data. 2. This article does a better job of establishing a correlation. The data is very promising at this point. This was published earlier in the process of converting to Rust, but does caution that most of the attack surface is Java shielding the underlying Rust. It’s honestly too bad they didn’t establish this level of correlation in the 2024 article as that article seems to undermine the thrust of this 2022 article. 3. Says nothing about the implementations that I can find. Only Microsoft’s desire to implement memory safety and the resulting challenges that arise. 4. “no serious driver has made into the mainline except for one with around 130 lines of code” - Promising, but still lacking data against the real-world deployment. Most of the paper discussed the challenges of interfacing Rust and how the authors conclude that it will probably result in fewer, but more insidious safety bugs. Is that a win? We don’t know yet. Overall, these articles are exactly my concern. Rust deployment at scale has not happened much yet, and we don’t yet have data on whether it’s working or not. The circumstantial evidence from Android is probably the strongest evidence so far. It is promising! Alas, not conclusive.

This guy knows nothing about Rust, and possibly nothing about the pros and cons of garbage collection either, or how hard it is to make largescale safe programs in C/C++ in general. Slightly better formulated linkedin slop