Post
Was just going on a grey-beard rant about how Rust give developers a false sense of security.
I didn't even notice the TARMageddon vulnerability until now and well this grey beard really only can say "told you so".
This is -precisely- the class of bugs I was describing, and -exactly- due to the reasons I outlined.
The blast radius of this thing is also freaking epic, almost anything that used tar in Rust is vulnerable to possible RCEs lmao.
So what were my cautions about Rust?
1. Be careful re-writing old stuff. You will repeat all the 30yr old logic bugs bc Rust is memory safe NOT provable correct.
2. Ppl-power. Lots of rewrites IS dividing our ppl-power. Be mindful of unmaintained core components
3. Vibe coded Rust is just as dangerous as any other language
4. Rust still can be used in memory unsafe ways. You actually have to audit the code to know if they did Rust right.
I've coded in C / C++ / Java / Python / JS and anything else needed to get the job done.
I have never heard any group of devs so quickly dismiss security concerns about their ecosystem as rapidly as Rust devs.
YES the language IS type safe and that's a big value add.
But that value add can quickly be cancelled out without significant attention to detail.
The EXACT same attention to detail I code with in C / C++ / Java / Python / JS etc.
This time, is not different.
@Prma The preferred install method of rust/cargo is still curl output piped to a shell.
@nullagent I don’t know man, I’ve been around the block a few time in the dev community and I feel like dismissing legitimate concerns in favor of vaporware hype is really status quo across the board.
I love rust, it’s what I write when I want to have fun, but as always there’s gonna be a group that can’t seem to distinguish hype from reality.
You ain't wrong. I kinda forget how exciting the new language/tech hype train can be.
A space for Bonfire maintainers and contributors to communicate
