Microsoft To Explore Using Rust (zdnet.com) 146
Microsoft plans to explore using the Rust programming language as an alternative to C, C++, and others, as a way to improve the security posture of its and everyone else's apps. From a report: The announcement was made yesterday by Gavin Thomas, Principal Security Engineering Manager for the Microsoft Security Response Center (MSRC). "You're probably used to thinking about the Microsoft Security Response Center as a group that responds to incidents and vulnerabilities," Thomas said. "We are a response organization, but we also have a proactive role, and in a new blog series we will highlight Microsoft's exploration of safer system programming languages, starting with Rust." The end game is to find a way to move developers from the aging C and C++ programming language to so-called "memory-safe languages." Memory-safe languages, such as Rust, are designed from the ground up with protections against memory corruption vulnerabilities, such as buffer overflows, race conditions, memory leaks, use-after free and memory pointer-related bugs.
Re:#Rust (tm) (Score:5, Funny)
Re: (Score:3)
One of the issues the last time I had evaluated Rust was the lack of standardized extended libraries (Cargo). This I feel would be something that Microsoft may actually be beneficial with. Currently you will either need to code your libraries from scratch or check for one that is third party and some of the descriptions seem rather sketchy. If Microsoft were to release a common set of libraries that duplicate much of the .NET functionality, I feel the language would be more widely used.
Re: (Score:3, Informative)
It crazy, but Rust is like a functional language with interfaces..... does not require the user to manage memory, yet has no GC...... has
Re: #Rust (tm) (Score:2)
Re: (Score:2)
What? If anything memory management in Rust is more complicated.
Re: #Rust (tm) (Score:2)
Re: (Score:2)
How is it infallible? It relies on you annotating things correctly.
Re: (Score:2)
You just need to use the handy add-on Rust-Eze to clean your code and make it safe.
Looks like I'll wait to learn Rust then (Score:3)
if Microsoft is looking into Rust, I better just wait to learn it so I can focus on the largely bloated R# later on.
Re: (Score:1)
Re: (Score:1)
Wait... There's a "sharp" version of R?
Thought about that name collision also... the way I figured it, Microsoft would just combine all of the features of Rust and R together into R#. :-)
Re: (Score:2)
Re: Looks like I'll wait to learn Rust then (Score:2)
Not exactly (Score:5, Funny)
"You're probably used to thinking about the Microsoft Security Response Center as a group that responds to incidents and vulnerabilities,"
No, I was thinking, "Microsoft has a security team? Why haven't you done your job??"
Re: Not exactly (Score:2)
Re: (Score:2)
"You're probably used to thinking about the Microsoft Security Response Center as a group that responds to incidents and vulnerabilities,"
No, I was thinking, "Microsoft has a security team? Why haven't you done your job??"
because they go to their boss and they say, "i have a great idea on how to improve the security of windows!" and their boss asks, "will it make us money or will it lose us money?" and they reply, "it will lose money but..." and they are interrupted, and told, "well go away and come back with an idea that makes us money".
after six months, they quit. this is not a joke response. this is actually how it is and has been. this idea *might* be the first - ever - since the security team was set up OVER TWENTY Y
Re: (Score:2)
No inheritance, no exception handling == very cool
Why haven't they created their own safe C lang? (Score:2)
Re: (Score:2, Insightful)
Rust is "safe" from Microsoft's perspective as it is not controlled by another corporation that also sells operating systems. Swift in the case of Apple and as you pointed out Google having Go. Both of course sell their own operating systems. Mozilla does not, if anything Microsoft can certainly throw some cash their direction and have things go their way a bit more.
I'm glad that Microsoft didn't go to try to invent some new language that will take people some time to become proficient in.
Re:Why haven't they created their own safe C lang? (Score:5, Informative)
I wonder why Microsoft haven't yet created their own safe C-like language. Google has Go. Mozilla has Rust. Of course they've created C#/F# but they are for .Net applications.
They have checked C.
https://www.microsoft.com/en-u... [microsoft.com]
Re: (Score:2)
I wonder why Microsoft haven't yet created their own safe C-like language. Google has Go. Mozilla has Rust. Of course they've created C#/F# but they are for .Net applications.
Microsoft kinda tried to make C "safer" by adding all the crappy *_s() functions to the C standard, like sprintf_s().
Not sure about that... (Score:1)
As I am Googling rust+security+code and find:
How Rust’s standard library was vulnerable for years and nobody noticed
https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6
Don't Fence Me In (Score:5, Funny)
Oh, give me C, lots of pointers and assembly inner loops
Don't fence me in
Let me write algorithms without bureaucratic hoops
Don't fence me in
Let me code by myself in the midnight gloom
And listen to the humming of the machine room
Memory-safe languages will be my doom
Don't fence me in
Here's hoping... (Score:2)
Hoping that MS could take the ideas behind Rust and create a better language. However those ideas aren't innovative and I can't say I like MS language designs much...
You know its bad when (Score:5, Insightful)
The post has 35+ comments but only two are visible when browsing +2.
My take on Rust, it prevents you from making a lot of common mistakes you see in C/C++ which is a good thing. The politics surrounding it are stupid, but so much is anymore. Just shut up and code.
Re: (Score:3)
My take on Rust, it prevents you from making a lot of common mistakes you see in C/C++ which is a good thing.
Bricks are 100% free of ALL coding mistakes yet not very useful for programming. (Redstone excluded)
Most languages can be tweaked with constraints necessary to make x type of mistake go away including C. Rust itself has facilities for doing "unsafe" memory things by disabling constraints.
In terms of language evaluation the tradeoffs including remaining capabilities have to be evaluated not just the headline x is prevented from happening.
My own personal belief is general purpose language selection is effec
Re: (Score:2)
My own personal belief is general purpose language selection is effectively semantic rearrangement of deck chairs. Meaningful progress in productivity and safety will only come from pushing adoption of higher level domain specific solutions.
I agree, on a certain level it is just arguing over semantics. That is assuming other aspects being equal such as the compiler and rest of the toolchain.
Re:You know its bad when (Score:5, Interesting)
The original post has numbers showing that memory safety issues are holding steady at 70% of all security vulnerabilities in C and C++ software over the last decade. Rust eliminates these in safe code. Experience in large Rust applications (the Rust parts of Firefox, my own 140K line project) shows that you very rarely need to use 'unsafe' in Rust. When you do, the usage can almost always be encapsulated in small libraries that you can audit carefully and reuse across projects. That experience also shows that Rust can be used productively in very performance-demanding environments.
Thus there is good reason to believe that Rust would eliminate ~70% of security vulnerabilities in situations where C and C++ are currently used. That is not just "rearranging deck chairs".
Re: (Score:2)
The same argument can also be made for C++. You can easily encapsulate unsafe operations.
The reason why there are a lot of vulnerabilities in C++ is because there is much more code in it, a lot of it much older, and written by people with poor programming skill.
There is no end to the stupidity of what some people can write and the problems they can cause. If anything memory "safe" languages are a problem because they give a false sense of security. All they do is turn one type of bug into another type of bu
Re: (Score:2)
My take on Rust, it prevents you from making a lot of common mistakes you see in C/C++ which is a good thing.
At the expense of...?
Sorry, but I make it a habit to never believe anyone who tells me any change from a widely used programming language in active use is all benefits and no drawbacks.
Re: You know its bad when (Score:2)
Why not spend the effort better (Score:1)
Why not spend the effort on improving the tooling (static and runtime analysis tools, integration into IDEs, compiler warnings/errors, &c.) for existing languages that people actually use? These tools have already come a LONG way in the relatively few years since Rust was first dreamt up. The Rust borrow checker is not the only solution to the problem of memory safety, it's a rather extreme solution with some serious practical drawbacks, and it has no benefit to existing code in other languages. Effort
Re:Why not spend the effort better (Score:5, Insightful)
By the time you improve expensive, sucky tools like Coverity to be as air-tight as the Rust borrow checker, it would be implementing rules on your code that are just about as strict and annoying as the Rust borrow checker.
The only way around that would be to develop AI that thoroughly understands your algorithms and systems interactions at a high level so that it can evaluate whether any unsafe conditions could ever actually happen even with "relaxed" rules. At that point, the AI might as well write all your code on its own and you'd be out of a job anyway.
Re: (Score:3)
Why not spend the effort on improving the tooling (static and runtime analysis tools, integration into IDEs, compiler warnings/errors, &c.) for existing languages that people actually use?
Because, the tools still need to be able reason about the language. That's hard with C. Working out whether a pointer is valid or invalid in C with static analysis is impossible in general, hard in specifics. In Rust, you can tell for large parts of your code base, and the other bits are flagged as unsafe. Of course, Rust has just taken most of these techniques from "other languages that nobody uses".
The borrow checker does have some drawbacks. The rust team is working hard to decrease them. Are the drawbac
I'll believe it when Rust can be used on Xbox (Score:5, Interesting)
If Microsoft is serious about security AND high performance then I'll believe Microsoft when you can ship games on the Xbox written in Rust because there are reasons almost everyone uses C++ for console development.
Re: (Score:1)
Because games connect to the internet, sometimes allow in game purchases (e.g. access to stored credit card and identity information), and can download information (updates, add-ons). Your life might not depend on a game itself, but a security flaw in one of these areas could maybe compromise your system to the point where data, money, your identity, or something similar that your life does depend on is lost?
Re: I'll believe it when Rust can be used on Xbox (Score:2)
Evaluation is good (Score:1)
All vendors should consider if their choice of programming language (often made decades ago) is still the right one for today.
We should applaud Microsoft for being willing to accept that programmers sometimes need a bit of help writing better/safer code, and are willing to look outside their glass buildings for good ideas.
2X (Score:2)
All comments must be doubleplusgood.
Re: (Score:2)
Re: (Score:2)
CosmOs, ShrapOs, & Singularity (not necessarily written entirely in C# but written in C#)
Re: (Score:2)
Re:Firefox got worse for me after they started usi (Score:5, Informative)
Re: (Score:2)
Re: Firefox got worse for me after they started u (Score:1)
You clearly don't understand Rust and how it works.
The overhead of such "checks" (which is a bad term for what's actually going on) is minimal, because it's the semantics of the language itself that are effectively performing such "checks" by disallowing dangerous behaviors in the first place.
So effectively there aren't "checks" for the Rust compiler to perform beyond the semantic analysis it would have to be doing anyway to compile the Rust code.
Rust's compiler should theoretically be much faster than C++
Re: (Score:3)
Rust's politics are very relevant (Score:1)
Rust's politics are actually very relevant to its usability as a professional programming language. The parent should be modded up. It isn't off topic at all.
Rust's Code of Conduct and Rust's Moderation Team are huge liabilities, in my opinion.
Their mere existence suggests to me that the Rust community as a whole may have some serious emotional instability and behavioral issues if they feel the need to so heavily police and control what people say.
There is also a huge risk of the Code of Conduct and the Mod
Re: (Score:2)
Re: Rust's politics are very relevant (Score:2)
Re: (Score:2)
I don't think you have to go very far on the internet to show that you do need to police and control what people say. You absolutely need a system to prevent spam. After that, a system to prevent irrelevance is quite useful. Rust have gone slightly further, which is that they also use the same system to prevent gratuitous abuse. Slashdot has all of these as well, and viewing with Score: -1 shows why. Rust also uses the same system to prevent ongoing nastiness and just general grumpiness. You may or may not
Re: (Score:2)
I find it hypocritical for those who have no problem with RMS and GNU and his socialistic Gnu software but bash Rust unrepently. Did you refuse to learn C/C++ back in the 80's and 90's because of big old meanie Bell Labs AT&T had a monopoly on it and Unix? Did you refuse to learn Linux because RMS was a communist?
Of course not. I prefer a BSD style license myself but I will use whatever software I like. If you also use Windows it proves my point. People need to get work done at the end of the day regard