HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ericseppanen

no profile record

comments

ericseppanen
·3 tahun yang lalu·discuss
This is so true.

The idea that a program can approach some optimal bug-free state, never to be modified or refactored again, doesn't resemble any project I've ever encountered.
ericseppanen
·3 tahun yang lalu·discuss
"we model a scenario where the original code is memory-safe; the ported code is memory-safe; and we consider memory safety and undefined behavior that may arise across the FFI layer between the two pieces of code."

I may be stating the obvious, but that's a bit of a strawman. Yes, writing good FFI code is hard; yes it could result in security/soundness issues; yes, we could use better tools in this space.

But nobody rewrites C code in Rust if they believe existing codebase is free of memory safety hazards; they rewrite it because they think the result will contain fewer hazards, even accounting for the potential problems at the FFI boundary.

If I could remove tens of thousands of lines of hard-to-analyze C code, and replace it with tens of thousands of lines of safe Rust, paired with a few hundred lines of hard-to-analyze FFI adapters, that sounds like a pretty good tradeoff to me. I now know exactly where to focus my attention, and I can have confidence that the situation will only improve with time: better tooling may allow me to improve the dangerous FFI layer, and in the meantime I can recklessly improve the safe Rust module without fear of introducing new memory unsafety bugs, unsound behavior, or data races.
ericseppanen
·5 tahun yang lalu·discuss
This article is plagiarized from the Rust Book: https://doc.rust-lang.org/stable/book/ch15-01-box.html
ericseppanen
·5 tahun yang lalu·discuss
I have no firsthand information, but reading https://github.com/solokeys/solo

"Solo Hacker can be converted to a secure version, but normal Solo cannot be converted to a Hacker version."
ericseppanen
·5 tahun yang lalu·discuss
I don't think this is true in the general case. Most Solokeys come in a "locked" form-- they will only accept firmware updates that are signed by the manufacturer. You can buy a "hacker" variant that is unlocked (meant for those that want to tinker with the firmware), but if you were to use one of those you're giving up security against someone loading malicious firmware onto your device.

This is probably the right tradeoff for most users. Solokeys has done a great job of providing continuous support for all of their products, and their software stack has been open source since the beginning. That (combined with the low price) makes them my first choice for a hardware security token.