#rust

anonymiss@despora.de

#Google don't like C++

Based on this experience we expect that high assurance memory safety can only be achieved via a Secure-by-Design approach centered around comprehensive adoption of languages with rigorous memory safety guarantees. We see no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees that include temporal safety. As a consequence, we are considering a gradual transition of C++ code at Google towards other languages that are memory safe.

Source: https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/

#Rust. #Go and #Java will be used.


#software #development #code #language #future #memory #security #bug #exploit #program #news

azurecerulean@diasp.org

#cloudflare / #pingora : A library for building fast, reliable and evolvable network services.

Pingora is a #Rust framework to build fast, reliable and programmable networked systems.

Pingora is battle tested as it has been serving more than 40 million Internet requests per second for more than a few years.

Feature highlights
- Async Rust: fast and reliable
- HTTP 1/2 end to end proxy
- TLS over OpenSSL or BoringSSL
- gRPC and websocket proxying
- Graceful reload
- Customizable load balancing and failover strategies
- Support for a variety of observability tools

Reasons to use Pingora
- Security is your top priority: Pingora is a more memory safe alternative for services that are written in C/C++.
- Your service is performance-sensitive: Pingora is fast and efficient.
- Your service requires extensive customization: The APIs Pingora proxy framework provides are highly programmable.

https://github.com/cloudflare/pingora

waynerad@diasp.org

"Mojo vs Rust: is Mojo faster than Rust?"

"Rust was started in 2006 and Swift was started in 2010, and both are primarily built on top of LLVM IR. Mojo started in 2022 and builds on MLIR (Multi-Level Intermediate Representation), which is a more modern 'next generation' compiler stack than the LLVM IR approach that Rust uses. There is a history here: our CEO Chris Lattner started LLVM in college in Dec 2000 and learned a lot from its evolution and development over the years. He then led the development of MLIR at Google to support their TPU and other AI accelerator projects, taking that learning from LLVM IR to build the next step forward: described in this talk from 2019."

"Mojo is the first programming language to take advantage of all the advances in MLIR, both to produce more optimized CPU code generation, but also to support GPUs and other accelerators, and to also have much faster compile times than Rust. This is an advantage that no other language currently provides, and it's why a lot of AI and compiler nerds are excited about Mojo. They can build their fancy abstractions for exotic hardware, while us mere mortals can take advantage of them with Pythonic syntax."

The article goes on to describe Mojo's native support for SIMD which stands for "Single Instruction, Multiple Data" and refers to special instructions that have been part of CPUs for a long time but are hard to use.

Mojo frees memory on the last use of an object, instead of waiting for when an object goes out of scope, a subtle difference that makes a big difference in the field of AI, "where freeing an object early can mean deallocating a GPU tensor earlier, therefore fitting a larger model in GPU RAM." It's also advantageous in a type of optimization called tail call optimization that applies to recursive functions.

Mojo vs Rust: is Mojo faster than Rust?

#solidstatelife #ai #computerscience #programminglanguages #python #mojo #rust

waynerad@diasp.org

Redox is a Unix-like Operating System written in Rust. Apparently the project was started in 2015 and I only just now heard about it. However they still say it is alpha/beta quality software, not ready for daily usage yet. The name "Redox" refers to the chemical reaction (reduction-oxidation) that creates rust. Get it? The programming language is Rust and "Redox" also sounds Unix-y.

Redox is a microkernel architecture, unlike Linux or any other Unix (including Mac which uses BSD Unix under the hood) or Windows (which is VMS-like under the hood). The microkernel architecture is said to provide "true modularity". "You can modify/change many system components without a system restart, similar to but safer than livepatching."

"By isolating the system components from the kernel, the attack surface is very limited."

"The Rust compiler helps the programmer to avoid memory errors and race conditions, which reduces the probability of data corruption bugs." "The microkernel design written in Rust protects against memory defects that one might see in C/C++ programs." "Drivers written in Rust are likely to have fewer bugs and are therefore more secure."

"Redox uses RedoxFS as the default filesystem. It supports similar features as ZFS with a written-in-Rust implementation. Expect high performance and data safety (copy-on-write, data integrity, volumes, snapshots, hardened against data loss)."

Redox - Your Next(Gen) OS

#solidstatelife #rust #operatingsystems

adolar@pod.dapor.net

Buy a brand name, they said.
It costs more, but it's totally worth it in the long run, they said...
enter image description here
That box was kept closed, not open. This is btw a pretty common problem in the humid tropics. A lot of steel that may be labeled as "stainless" develops stains pretty quickly, once it gets here. Real Swiss army knives are holding up pretty well, everything else though...
#quality #tropics #humidity #rust

waynerad@diasp.org

C-rusted is a new system for applying the safety features of Rust to the venerable C language. The developers are following in the footsteps of TypeScript. They say:

"C-rusted is a pragmatic and cost effective solution to up the game of C programming to unprecedented integrity guarantees without giving up anything that the C ecosystem offers today. That is, keep using C, exactly as before, using the same compilers and the same tools, the same personnel... but incrementally adding to the program the information required to demonstrate correctness, using a system of annotations that is not based on mathematical logic and can be taught to programmers in a week of training."

"Only when the addition of annotations shows the presence of a problem will a code modification be required in order to fix the latent bug that is now visible: in all other cases, the code behavior will remain exactly the same. This technique is not new: it is called gradual typing, and consists in the addition of information that does not alter the behavior of the code, yet it is instrumental in the verification of its correctness. Gradual typing has been applied with spectacular success in the past: Typescript has been created 10 years ago, and in the last 6 years its diffusion in the community of JavaScript developers has increased from 21% to 69%. And it will continue to increase: simply put, there is no reason to write more code in the significantly less secure and verifiable JavaScript language."

They celebrate the greatness of C, citing such things as:C compilers exist for almost any processor, C compiled code is very efficient and without hidden costs, C is defined by an ISO standard, C, possibly with extensions, allows easy access to hardware, C has a long history of usage, including in critical systems, and C is widely supported by all sorts of tools. The cite disadvantages, such as he fact that C code can efficiently be compiled to machine code for almost any architecture is due to the fact that, whenever this is possible and convenient, high level constructs are mapped directly to a few machine instructions, but given that instructions sets differ from one architecture to the other, this is why the behavior of C programs is not fully defined, and that is a problem. And of course, memory references in C are raw pointers that bring with themselves no information about the associated memory block or its intended use and there are no run-time checks made to ensure the safety of pointer arithmetic, memory accesses, and memory deallocation, leading to all the problems we are familiar with: dereferencing null and invalid pointers, dangling pointers (pointers to deallocated memory), misaligned pointers, use of uninitialized memory, memory leaks, double-freeing memory, buffer overruns, and so on.

Since those of you who are familiar with Rust know its claim to fame is the borrow-checking system to ensure memory integrity, I'm going to jump right to the description of how C-rusted handles memory:

"C-rusted distinguishes between different kind of handles:"

"Owner handles: An owner handle referring to a resource has a special association with it. In a safe C-rusted program, every resource subject to explicit disposal (as opposed to implicit disposal, as in the case of stack variables going out of scope), must be associated to one (and only one) owner handle. Through the program evolution, the owner handle for a resource might change, due to a mechanism called ownership move, but at any given time said resource will have exactly one owner. The association between the current owner and the owned resource only ends when a designated function is called to dispose of the resource. Note that an owner handle is a kind of exclusive handle."

"Exclusive handles: An exclusive handle referring to a resource also has a special association with it: while the resource cannot be disposed via an exclusive non-owner handle (only an owner handle allows that), the exclusive handle allows modification of the resource. As a consequence of this fact, no more than one usable exclusive handle may exist at any given time: moreover, the existence of an usable exclusive handle is incompatible with the existence of any other usable handle."

"Shared handles: A shared handle referring to a resource can be used to access a resource without modifying it. As read-only access via multiple handles is well defined, there may exist several shared handles to a single resource. However, during the existence of a shared handle, no exclusive handle to the same resource can be used."

C-rusted in a Nutshell

#solidstatelife #computerscience #programminglanguages #rust