> If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
Sure, as long as you are ok being similarly sued next time you install or use windows, macos, or linux on some box you administer. Those are all written in C. I guess you're OS-less until you write one in something safe. Ditto for web browsers and bootloaders.
Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.
> next time you install or use windows, macos, or linux on some box you administer.
I don't administer other people's boxes, I provide them with programs written in safe languages (as a bootable unikernel if they want). If they choose to run them on a buggy OS that's on them.
Good on Mozilla for the rapid response.
[flagged]
I exaggerate alot but even by my standards this is ridiculous hyperbole. Rust just isn't supported on alot of platforms and libraries.
> If you add new code to a sw project in c or c++ that should be a solid case for negligence when your customers sue for losses.
Sure, as long as you are ok being similarly sued next time you install or use windows, macos, or linux on some box you administer. Those are all written in C. I guess you're OS-less until you write one in something safe. Ditto for web browsers and bootloaders.
Wasn't the first cut at windows me written in c#, maybe we can start there. The servo browser on redox isn't even completely free of c I think.
I think you're thinking of Windows Longhorn (https://en.wikipedia.org/wiki/Development_of_Windows_Vista#M...). They used managed code and ended up partially scrapping it to restart development on top of Windows Server 2003.
Windows ME was just Win98SE in an ugly sweater. Mostly C/C++ with some assembly peppered in.
Maybe you’re thinking of this?
https://en.m.wikipedia.org/wiki/Singularity_(operating_syste...
Servo relies on firefox's JS runtime spidermonkey, written in C++.
Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.
Windows ME was the worst Windows though.
Hard agree.
Windows 98SE SP2 was the best
Vista was the worst in my book. And Vista was actually the real turning point when C# started to infect Windows.
> next time you install or use windows, macos, or linux on some box you administer.
I don't administer other people's boxes, I provide them with programs written in safe languages (as a bootable unikernel if they want). If they choose to run them on a buggy OS that's on them.
Are there unsafe blocks in the bootable unikernel?
And does it actually work?
> Are there unsafe blocks in the bootable unikernel?
Probably. If that bothers you you can also run it on Lambda or something and let amazon worry about booting.
It’s not negligent it use an unsafe OS if no safer options exist. It is negligent to use an unsafe language when safe alternatives exist.
Visual programming like Scratch is safer than Rust so it's negligent if we don't all use Scratch next.
Also, everyone should pee sitting down by law because some are known to pee to on their pants otherwise.
/s
[flagged]
His name is galangalalgol. Fashionable, visionary leader of the rust evangelism strike force. And don't you forget it.
(Read in the voice of Tribore Menendez)
[flagged]
The headline is about Firefox on Windows for a good reason: that's where the regular users are.
If you want Rust on Nonstop, a niche proprietary platform, your large financial company is welcome to invest in it.
> AIX, i/OS, z/OS, Nonstop OS, OpenVMS, or Stratus VOS
A list of which Firefox runs on precisely none.
Aren't most of these servers operating systems anyway, with no GUI desktops?
AFAIK X windows runs on AIX and VMS.
JavaScript file containing the exploit
Another reason to turn off JS by default.