HackUponTheGale
Yael GrauerNSA calls for a strategic shift to memory safe languages. https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
Kunal Mehta@yaelwrites <insert worst person you know makes a good point meme>
Sam@yaelwrites Fiiiine, I'll learn Rust for my next ESP32 project. 😜
Alex Zani@sam @yaelwrites Can you even build for ESP32 in Rust?
@AlexandreZani
As it turns out: yes! (I guess. I only briefly glanced through the Google search results before posting, but it's been done so it's possible. There's the question of limitations that I probably won't figure out until I try it, but I do like a challenge.)
@yaelwrites
As it turns out: yes! (I guess. I only briefly glanced through the Google search results before posting, but it's been done so it's possible. There's the question of limitations that I probably won't figure out until I try it, but I do like a challenge.)
@yaelwrites
@AlexandreZani Huh, well... okay, I looked into it a little more and the answer is more like "technically yes". So... maybe Go? Or I'll be lazy and stick with the weird C/C++ amalgamation I currently use.
Smári McCarthy@yaelwrites it would be cool if there were any such low level languages available. Rust certainly makes claims that are at least partially true, but I find the lack of a clear definition of what they actually mean by memory safety to stand out as a red light.
Michał Kawalec@smari @yaelwrites It never appeared like that to me - the Rust approach is that as long as the code is not `unsafe`, Rust statically guarantees:
- No data races (Send/Sync)
- No use after free
- No unsafe pointers of any kind
basically https://en.wikipedia.org/wiki/Rust_(programming_language)#Memory_safety
@monad_cat @yaelwrites Yeah. I read through chunks of the Rust compiler some years ago looking for where those guarantees are made explicit. Seems that most of that is just assumed to be true as an implication of the syntax and no-reuse semantics. Which is probably true. But I haven't seen the proof.
@monad_cat @yaelwrites to be clear, I'm not hating on Rust. I'm just being (perhaps excessively) formalistic because it's such a big claim.
That said, I don't really enjoy using it - because the enforcement of these safety measures isn't done by the compiler, but by the programmer by being forced to jump through inane semantic hurdles. 😅
@smari @yaelwrites My experience is that with enough suffering put into the language, subconscious takes over and semantic noise largely disappears. Until you find a compiler bug or a yet unimplemented feature because you're trying to express more complex dependencies in the type system. Good thing is those are getting rarer with time.
@monad_cat @yaelwrites I don't subscribe to the notion that suffering is inherently an acceptable sacrifice in the name of progress. I've been beta-testing the #Jai language for a few years now. It doesn't advertise itself as safe the way Rust does and it isn't, inherently, but it's got powerful metaprogramming which can provide that safety if desired. And it's a delightfully painless language to work in.
@smari @monad_cat I guess I’m more interested in, e.g., preventing the next Pegasus than whether people enjoy Rust/Go/whatever. I’m sure some people enjoy coding in memory safe languages.
sesim 
I do, to the point that coding python feels wrong, or like cheating. I'm not exactly doing it for a living, but I do genuinely enjoy coding in rust.
eevee@smari @monad_cat @yaelwrites my (limited) experience is that every time rust has been annoying, the thing i wanted to do would have been a subtle bug in c{,++}. so i'm left with the impression that the programmer is supposed to jump through those hurdles in these languages anyway, just no one's checking if you actually are
but this is also why i'm writing a game in lua now
@smari @yaelwrites That question got solved/answered with some EU funding through RustBelt: https://plv.mpi-sws.org/rustbelt/
@monad_cat @yaelwrites ah, nice! Will check.
@smari I think just avoiding C/C++ will get you there
@yaelwrites NSA wants to RIIR, nice.
ArneBab@yaelwrites seems strange that Python and even ADA Spark are missing in the example recommendations: https://www.adacore.com/papers/safe-dynamic-memory-management-in-ada-and-spark
Also I thought that Rust trademarks are now with the Rust foundation: https://foundation.rust-lang.org/policies/logo-policy-and-media-guide/
@ArneBab i was more interested in the bigger picture than nitpicking the details
@yaelwrites those are pretty nice, yes 🙂
I got into the details while reading, because the big picture was "yupp, sounds good".
acb@yaelwrites Russian cybercrime has already transitioned to Rust for their encrypters
DrWhax@yaelwrites can't wait to read a long rant by DJB to say that Rust is a NSA psyop.
Gary McGraw@yaelwrites see Java Security 1996
Java Security https://a.co/d/8aQYrZ7
yaleman@cigitalgem @yaelwrites funny how things can be improved in 26 years.
Andrew Buchanan@yaelwrites is the NSA gonna pay for all that disk space?
Xerz 💗@yaelwrites aaaaaaaaand just like with post-quantum encryption: they’re late
Cassandrich@yaelwrites Oh shit they backdoored Rust! 😂
halva
k3ym𖺀@yaelwrites what does this mean in terms of IaC? Most IaC is written in JS or Python.
Kamyar Kojouri@yaelwrites @fuomag9 This is great! I hope private sector gets behind this too. Case in point, all the OpenSSL vulnerabilities we’ve seen like Heartbleed or this most recent one could probably have been avoided if people switched to memory-safe implementations that are not written in C, like rustssl.
@etcshad0w @fuomag9 that's the point, right?
Jimmy Wylie“Breaking News: NSA finally reads decades-old programming language security research” 😃.
At this point it seems this advice boils down to:
“Use a runtime garbage collected language or Rust” Or the inverse: “Don’t use C, C++, or assembly, or any other language with unchecked pointer access”
@mayahustle it IS breaking news, though! oh and you forgot sandboxes i think
@yaelwrites
💯 I agree. (And +1 to sandboxes)
I just can’t help chuckling at the situation: An organization, typically considered at the bleeding edge of cybersecurity, publishing a paper on a decades-old idea.
Then again maybe that’s exactly what they’re thinking: “hey we know what we’re doing, and this idea still applies!”
@mayahustle I mean it's a decades-old idea, but which large orgs have fully implemented it? Uh, none.
Ilsa 🍁 ✅@yaelwrites I've been trying to push Rust at every opportunity. It is the only language that can be a true replacement to C/C++. It is not easy to learn, and that's a Good Thing(tm) because it forces you to develop a far more secure mindset.
The elephant in the room is that the majority of modern languages are enablers of terrifyingly bad quality code. A language should facilitate good code, not force you to develop conventions and code defensively.
@ilsa I think the real elephant in the room is the libraries/dependencies built over decades that don't exist in Rust yet
@yaelwrites I haven't checked other languages, but Rust is bidirectionally interoperable with C/C++. That's one of the reasons Rust is the primary contender to replace C, and why Linux is able to incorporate Rust into the kernel.
@ilsa I don't think that's the whole story, at least in IoT
@yaelwrites Of course. There are numerous factors you have to consider, the biggest ones being delivery time frame and existing developer skill/knowledge. If your project needs to be out the door next week, you don't have time to ramp up on Rust if you've never used it before.
And that's not even unique to IoT, however since you brought it up, Rust is particularly critical for IoT because you often need to get it right on the first try with no opportunity for later updates.
@ilsa I was specifically thinking of platform compatibility with semiconductor BSP vendors
@yaelwrites Oh! You should have led with that. The devil is 100% in the details on that one. If the solution is ARM or RISC based /w C-based drivers, chances are pretty good. Anything else.. I don't know.
Oh cool! I just checked and there are toolchains to use rust on certain EEPROM microcontrollers! That's so exciting!
fdeantoni@yaelwrites another good reason (among many) to use Rust! #RustLang
Mark Heyert
John Allison@yaelwrites I hope everyone will listen. Doing this is much more effective than layer upon layer of third party security software.
seabre@yaelwrites really strange that they claim that the trademark for Ruby is held by O'Reilly Media. Seems like a typo.
@seabre I can't speak for the NSA, obviously