Oh oof I misunderstood because of the parent comment talking about NixOS oops
Oh oof I misunderstood because of the parent comment talking about NixOS oops
The top options here don’t work https://search.nixos.org/packages?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mullvad ?
Redox also takes some inspiration from Plan9 and https://doc.redox-os.org/book/ch05-00-schemes-resources.html is interesting. Also reading https://drewdevault.com/2022/11/12/In-praise-of-Plan-9.html made me a bit more interested in things trying to be more Plan9-like than Unix-like.
This doesn’t seem to be a Rust problem, but a modern development trend appearing in a Rust tool shipped with Cargo. The issue appears to be the way things are versioned and (reading between the lines maybe?) vendoring and/or lockfiles. Lockfiles exist in a lot of modern languages and package managers: Go has go.sum
, Rust has Cargo which has Cargo.lock
, Python has pip
which gives a few different ways to pin versions, JavaScript has npm
and yarn
with lock files. I’m sure there are tons of others. I’m actually surprised this doesn’t happen all the time with newer projects. Maybe it does actually and this instance just gains traction because people get to say “look Rust bad Debian doesn’t like it”.
This seems like a big issue if you want your code to be packaged by Debian, and it doesn’t seem easy to resolve if you also want to use the modern packaging tools. I’m not actually sure how they resolve this? There are real benefits to pinning versions, but there are also real benefits to Debian’s model (of controlling all the dependencies themselves, to some extent Debian is a lockfile implemented on the OS level). Seems like a tough problem and seems like it’ll end up with a lot of newer tools just not being available in Debian (by that I mean just not packaged by Debian, they’ll likely all run fine on Debian).
I agree and think that should be helpful, but I hesitate to say how much easier that actually makes writing sound unsafe code. I’d think most experienced C developers also implicitly know when they’re doing unsafe things, with or without an unsafe
block in the language – although I think the explicit unsafe
should likely help code reviewers and tired developers.
It is possible to write highly unsafe code in Rust while each individual unsafe
block appears sound. As a simple example: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=6a1428d9cae5b9343b464709573648b4 [1] Run that on Debug
and Release
builds. Notice the output is different? Don’t take that example as some sort of difficult case, you wouldn’t write this code, but the concepts in it are a bit worrisome. That code is a silly example, but each individual unsafe
block appears sound when trying to reason only within the block. There is unsafe behavior happening outside of the unsafe
blocks (the do_some_things
function should raise eyebrows), and the function we ultimately end up in has no idea something unsafe has happened.
Unsafe code in Rust is not easy, and to some extent it breaks abstractions (maybe pointers in general break abstractions to some extent?). noaliases
in that playground code rightly assumes you can’t have a &ref
and &mut ref
to the same thing, that’s undefined behavior in Rust. Yet to understand the cause of that bug you have to look at all function calls on the way, just as you would have to in C, and one of the biggest issues in the code exists outside of an unsafe
block.
[1]: If you don’t want to click that link or it breaks, here is the code:
fn uhoh() {
let val = 9;
let val_ptr: *const usize = &val;
do_some_things(val_ptr);
println!("{}", val);
}
fn do_some_things(val: *const usize) {
let valref = unsafe { val.as_ref().unwrap() };
let mut_ptr: *mut usize = val as *mut usize;
do_some_other_things(mut_ptr, valref);
}
fn do_some_other_things(val: *mut usize, normalref: &usize) {
let mutref = unsafe { val.as_mut().unwrap() };
noaliases(normalref, mutref);
}
fn noaliases(input: &usize, output: &mut usize) {
if *input < 10 {
*output = 15;
}
if *input > 10 {
*output = 5;
}
}
fn main() {
uhoh();
}
No intention of validating that behavior, it’s uncalled for and childish, but I think there is another bit of “nontechnical nonsense” on the opposite side of this silly religious war: the RIIR crowd. Longstanding C projects (sometimes even projects written in dynamic languages…?) get people that know very little about the project, or at least have never contributed, asking for it to be rewritten or refactored in Rust, and that’s likely just as tiring as the defensive C people when you want to include Rust in the kernel.
People need to chill out on both sides of this weird religious war. A programming language is just a tool: its merits in a given situation should be discussed logically.
They’re being downvoted because it’s a silly comment that is basically unrelated and also extremely unhelpful. Everyone can agree that C has footguns and isn’t memory safe, but writing a kernel isn’t memory safe. A kernel written in Rust will have tons of unsafe, just look at Redox: https://github.com/search?q=repo%3Aredox-os%2Fkernel unsafe&type=code That doesn’t mean it isn’t safer, even in kernel space, but the issues with introducing Rust into the kernel, which is already written in C and a massive project, are more nuanced than “C bad”. The religious “C bad” and “C good” arguments are kinda exactly the issue on display in the OP.
I say this as someone who writes mostly Rust instead of C and is in favor of Rust in the kernel.
The vast majority wouldn’t be able to be pulled into the kernel since they rely on the existence of the kernel via syscalls.
You can use ~/.local/lib
and LD_LIBRARY_PATH
for shared libs.
Or better yet just give in and use the nix
package manager, it is basically a virtual environment for your C programs.
Yes for example Python implements them using semaphores.
It doesn’t violate any rules… Imagine both the “speaker” and the “text” are being updated by separate threads. A program that would eventually display the behavior in this meme is simple, and I’m a bit embarrassed to have written it because of this comment:
#include <pthread.h>
#include <stdio.h>
char* speakers[] = {
"Alice",
"Bob"
};
int speaker = 0;
void* change_speaker(void* arg)
{
(void)arg;
for (;;) {
speaker = speaker == 0 ? 1 : 0;
}
}
char* texts[] = {
"Hi Bob",
"Hi Alice, what's up?",
"Not much Bob",
};
int text = 0;
void* change_text(void* arg)
{
(void)arg;
for (;;) {
switch (text) {
case 0:
text = 1;
break;
case 1:
text = 2;
break;
case 2:
text = 0;
break;
}
}
}
int main(int argc, char* argv[])
{
pthread_t speaker_swapper, text_swapper;
pthread_create(&text_swapper, NULL, change_text, NULL);
pthread_create(&speaker_swapper, NULL, change_speaker, NULL);
for (int i = 0; i < 3; ++i) {
printf("%s: %s\n", speakers[speaker], texts[text]);
}
}
Yes, but if you can’t get your own modem it’ll at least stop you from having your traffic slowed down by the router side of their hardware
Don’t know you exact situation, but you should be able to bring your own modem (or modem/router combo) or put their provided unit into bridge mode
It’s not trivial on Fedora due to SELinux; you’ll need to use https://github.com/DeterminateSystems/nix-installer
This is not necessarily true.
For example, consider the case of a 1Password vault falling into the hands of an attacker. They do not have the option to just crack your password, as the password is mixed with a randomly generated value to ultimately derive the key. They would need to simultaneously brute force your password and that random value. This should almost be impossible. However, given access to a client that already has knowledge of the secret value, it would fall back to brute forcing the password.
1Password is a solid service if you’re OK with the proprietary aspect. I use it personally and we use it at work (I’m an infosec consultant)
A lot of weird hate for 1Password on Lemmy the past couple days. I highly recommend reading their white paper, I think most of the hate comes from ignorance of what they are actually doing.
https://1passwordstatic.com/files/security/1password-white-paper.pdf
As long as it’s installed on a device you control it’s pretty easy to sniff TLS traffic from an Android application, even if they’re pinning certs. I do this all the time for work. Frida makes it extremely easy, even giving you the ability to edit boringssl if something important is happening in native code. I’ve had to do this a couple times.
If you don’t have root you’ll have to recompile the application though which could matter if you need the signature to not change, but that isn’t a common requirement.
It’d be nice to have a better way to test though; I’ve wanted to check out Waydroid. Some coworkers just use an emulator which works great if it doesn’t need specific hardware.