We might also have different priorities. I do not care too much that google and apple want to lock down their smartphone spyware and sales platforms. The supply chain risks and maintenance burden imposed onto me by the Rust ecosystem are much more of an concern.
I don't know what this has to do with locking down phones, but I do appreciate not getting compromised just for cloning a repo or opening my laptop at a coffee shop.
(There is a persistent idea that the lack of memory safety in C is good because it allows people to jailbreak their phones.)
This is not what I said, but memory safety is certainly not anything which is a high priority for my own security. I still think memory safety is important and I also think Rust is an interesting language, but... the hype is exaggerated and driven by certain industry interests.
Rust isn't popular just because of memory safety though. I think the memory safety message is maybe a little too loud.
It's also a modern language with fantastic tooling, very high quality library ecosystem and a strong type system that reduces the chance of all kinds of bugs.
It's obviously not perfect: compile time is ... ok, there aren't any mature GUI toolkits (though that's true of many languages), async Rust has way too many footguns. But it's still waaaaay better than C or C++. In a different league.
Rust is a nice language, but it pushed too aggressively with the argument of "memory safety" at all cost ignoring other considerations. And Cargo is certainly a disaster even though it may be considered "fantastic tooling" by some. In any case, I do not think it is funny that I now depend on packages without timely security update in my distribution. This makes me less secure.
Is there better tooling in C/C++? No snark intended?
I guess this depends on what you consider good tooling. I am relatively happy with C tooling. But if you want to quickly assemble something from existing libraries, then language-level package managers like npm, cargo, pip are certainly super convenient. But then, I think this convenience comes at a high cost. We now have worms again, I thought those times were long over... IMHO package management belongs into a distribution with quality control and dependencies should be minimized and carefully selected.
It can have supply chain attacks like npm... That high quality library system is also a liability.
I'm an industry interest, in the sense that I work in the software industry and I have an interest in Rust.
Fair enough. I just find it mind boggling how much money flows into completely new language ecosystems compared to improvements for C/C++ tooling which would clearly much more effective if you really cared about overall security of the free software world.
The issue with investing similar levels of effort into making C++ safer is the C++ standards committee doesn't want to adopt those kinds of improvements.
Which is also the reason why we don't have #pragma once and many other extensions like it. Except we do. Compilers can add rust-like static analyzers without the standard committee mandating it.
I am not interested in C++, it is also far too complex. In my opinion software needs to become simpler and not more complicated, and I fear Rust might be a step into the wrong direction.
Personally, I use Rust (and have been using it for close to 9 years) because I've been part of multiple teams that have delivered reliable, performant systems software in it, within a budget that would clearly be impossible in any other language. Rust acts as a step change in getting things done.
While I really really want devices I can own, I don't want to compromise security to do it. We need to do two things:
1. Lobby politicians to write laws that allow us to actually own the devices we bought.
2. Stop the FUD that a device that can be jailbroken is insecure. I heard this from our frigging CSO, of all people, and it's patently false, just FUD by Apple and Google who want you to be afraid of owning your device.
I want a device that's as secure as possible, but that I can own. I don't want to hack my own self just to get what I paid for.
It is a sad thing but I do root against secure boot initiatives because they almost entirely work to limit user's freedom instead of improving their security.
Thanks, that take is... Something. I'm all for user-controllable hardware but I think that's a regulatory problem not a technical one.
How often do you clone a repo and don't immediately run build commands that execute scripts provided by the repo.
Who says you do not? :)
Oh, I think it's a real problem, that's why I'm in favor of improved tools.