this post was submitted on 11 Apr 2024
89 points (87.4% liked)
Technology
59287 readers
5759 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Jeez, I love Rust as much as the next guy, but people in this thread are getting weirdly defensive about it.
Yeah, so some standard libraries don't offer that particular feature, what's the point? They also don't "offer" that vulnerability then. I can't even twist my mind around to see what kind of argument this is supposed to be.
Yes, the Windows API is a cesspool in many places, and yes, other standard libraries might still be affected by a similar issue, but Rust's stdlib also fucked it up. If you offer an interface, it's your responsibility to ensure it does what you claim, not matter how batshit insane the underlying 3rd party implementation might be. If you can't do that, I'd actually prefer if you didn't offer said interface. In any case, they handled the issue, and now it's hopefully fixed. That's fine, commendable job.
I agree the headline could have been worded differently, but we can still use Rust, it's still a great language, great goals etc., why try so hard to make it look like there wasn't an issue?
You are not your standard library, you have not been defiled. You can still open that bedside drawer and put on your little purity ring every morning if that's your thing, we won't judge you, just don't be all weird about it.
You could not have worded that more condescendingly. The issue here is that Rust is singled out for no more apparent reason than making for a clickbaity headline. The underlying Windows API function requires undocumented escaping to prevent this exploit, Microsoft won't fix that because it breaks compatibility, pretty much every programming language with a standard library that provides access to it is affected - Java won't even fix it, others have updated their documentation. Rust is the first to actually implement a fix for a vulnerability that's ultimately caused by Windows and gets called out for it for some reason. Of course people are going to get defensive about it. As they do every time a stupid headline gets published.
You are right, I was kind of a dick about it. I even realized that, deleted the most offensive lines twice and then still sent it.
On top of having a bad day in general, I encountered countless similar responses in other places, some of which were so borderline in(s)ane and over the top that I was... let's just say taken aback.
As I said, the headline could have been better, whole article honestly, same goes for the reaction of the Rust community though.
As for my own replies, I'll probably follow my gut feeling next time when having second thoughts about posting.