kif.rocks ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.

Serverstatistik:

160
aktive Profile

#memorysafety

2 Beiträge2 Beteiligte0 Beiträge heute

#RemiPommarel found and fixed a bug/regression in a recent change someone had added to @batadv in the #Linux #kernel. One take home message from Remi:

"On a side note, I am all about #hardening and #MemorySafety stuff but if that means impacting readability and spending more time trying to please the tool than thinking about the #correctness of the code change, that's where we end up converting a perfectly fine #code into a logically flawed one."
(hash tags added by me)

patchwork.open-mesh.org/projec

patchwork.open-mesh.orgbatman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1() - Patchwork

Dive into today’s #eurorust24 talk with @amanda as she unpacks Rust’s Polonius project 🦀 She breaks down how it improves the borrow checker and lifetimes, allowing you to write more correct code in safe Rust, making Rust even better for your projects. Essential watching for anyone curious about Rust's borrow checker evolution.

🎥 Watch here 👉 youtu.be/uCN_LRcswts

🔐 C++ Must Become Safer — Andrew Lilley Brinker — Software Supply Chain Security

「 If a cheap-to-maintain legacy system is faced with the proposition of an expensive rewrite, it may instead be eliminated. The externalities of this kind of change are difficult to consider in advance and in general 」

alilleybrinker.com/blog/cpp-mu

www.alilleybrinker.comOpen Source Software and Corporate Influence — Andrew Lilley BrinkerOpen source software projects are frequently enmeshed with the interests of corporations. We should update mental models of who works on open source accordingly, and build or modify power structures to be more resilient to corporate capture.
#C#CPP#Rust

It's quite ridiculous that standard C still does not have vasprintf() / asprintf() after Linux and all the BSDs (and macOS) have this since basically forever (but not Windows of course), and wrong use of the non-allocating versions is a quite common cause of security bugs.

Does someone know what happened with TR 24731-2, which would add them? It looks like there has been no progress at all since 2009 while theoretically the addition of these two functions seems like a no-brainer.

Is the conclusion simply that nobody actually needs it anymore because everybody already has their own implementation of it anyway, doesn't target Windows or niche platforms, or uses a safer language?

This is a long read, don't click the link before you have your coffee/tea/mountain dew code red/beverage of choice ready!

In this blogpost, I try to explain why we at @sovtechfund are investing in #MemorySafety and reflect a bit on the awe inspiring work of critical infrastructure maintainer partners, as well as where we are at the moment and the long way ahead.

sovereigntechfund.de/news/on-r

Sovereign Tech FundOn Rust, Memory Safety, and Open Source Infrastructure | Sovereign…

Addressing #memorysafety in critical infrastructure is a complex issue with multiple approaches. The Sovereign Tech Fund supports several initiatives, and technologist @tarakiyee reflects on the long road ahead in a blog post “On Rust, Memory Safety, and Open Source Infrastructure”

sovereigntechfund.de/news/on-r

Sovereign Tech FundOn Rust, Memory Safety, and Open Source Infrastructure | Sovereign…