Just in time for Windows to choke off and die.
deleted by creator
A lot of Windows bugs are memory corruption bugs. And those are often severe. Using Rust does actually prevent memory corruption. The rest of Windows is still probably insecure, but any security improvement is good.
Also, the SSD bugs may have been caused by prerelease SSD firmware. With all this back and forth who knows though.
Not sure what you “security” link has to do with anything, but Windows has had a pretty great security record for the past decade at least. Arguably better than Linux and at least on par. They do things like static analysis of drivers which as far as I know Linux doesn’t require.
There are still a lot of vulnerabilities, but don’t try to disprove this with a link to some CVE because there are also a ton of Linux vulnerabilities.
Also Microsoft doesn’t take the dubious view that security bugs are “just bugs” and don’t deserve special consideration.
Good for them, I refuse to write those tho
Went to this rust conf last week and the Keynote speaker did a great job!
Adding rust FFI bindings to a part of a closed-source system doesn’t magically make anything “secure”.
And ads shouldn’t be allowed here, unless real fully functional code (not just bindings) is made available. Such ads should go to [email protected] or wherever.
As a Rust dev who has to target Windows, more support for Rust from MS is very relevant and important to me. And I can’t imagine I’m alone here.
Maybe you mistook this community for [email protected]?
As a Rust dev who has to target Windows, more support for Rust from MS is very relevant and important to me.
“Target Windows” presumably doesn’t involve writing drivers. How would WDK FFI wrappers help you exactly in that context, and what non-trivial support is MS actually providing?
Maybe you mistook this community for [email protected]?
No, I didn’t. Any language community can easily become a corpo spam one if you don’t put some rules in place to filter direct and indirect ads.
Let’s analyze this “news” story as an example:
- Microsoft published trivial unsafe NDK FFI wrappers and tooling awhile ago (not new, not impressive, not news).
- Microsoft publishes an ad in their blog mentioning the published wrappers, and using a lot of marketing talk, with a random trivial
LookasideListsample wrapper sandwiched in between. The realLookasideListimplementation is of course neither available, nor is it implemented in Rust (If it was, you would be going through two layers of FFI to connect Rust to Rust, which would be even more stupid). Below that random sample code is this note:
Though we believe this wrapper to be sound for the purposes of the team that developed it, it requires further review and testing before we can publish it as the “official” wrapper for these APIs. Thus the above should be considered a possible look at what Rust abstractions for our kernel mode might look like, and not final code.
In the long term, as we make design decisions and finalize our wrappers, our intent is to publish these wrapper crates on crates.io as first-class members of the Rust ecosystem.
- Then independent “news” sites pick up on these low-in-technical-substance ads, and consume the well crafted marketing section titles like “The next steps: going from unsafe Rust to safe Rust”. So we end up with the title here “Microsoft is turning Rust into a first-class language for developing secure Windows drivers”. When in reality, almost literally nothing happened (yet). And even the premise and promise is all about making safer bindings to (presumably) non-Rust code we will never see.
For me, corpo ads with no “relevant” code is boring (or in this case, no new code at all, unless you count the sample list binding). And I can’t imagine I’m alone here.
For me, posting every single pull request from the Asterinas repo would be infinitely more interesting, and infinitely more relevant.
