TL;DR: If you are stupid, no tool in the world can save you.

On the topic of immutability by default, one reason why I think it's great is that it inherently gives you a heads up when something is immutable when it should be mutable because it will throw an error when you try to mutate that variable. On the contrary, when something is mutable when it should be immutable, it's much more difficult to detect. I haven't actually written any Rust myself yet, but immutability by default is one of the several language features that greatly interest me about the language.

26:29 - "C is best async lang. You just open new thread" GIGACHAD chat moment

> you can on average bring more developers from "javascript is the only thing that should ever exist" into "oh ok, I understand why we have static typed languages" using something like Go, than using something like Rust... if that makes sense. Yes. It does make sense. Lots of sense.

The OCaml feature you mention at 19:20 is "local mode" - it's not in the official compiler yet tho :) It's only in the Jane Street branch of the compiler, they're still working on it. But it's a cool idea regardless, yeah

I gotta say, when I started programming Rust I didn't like having to opt in to mutability. Now that I'm used to it though, I love it. And the REASON I love it is because every time my code doesn't work and it says I need to make some variable mut, I stop and ask myself WHY I'm mutating this variable. Do I NEED to do that? What ramifications will this have up the chain? 99% of the time it's fine and I just mark it mut, but just having the compiler force me to ask myself these questions is great imo.

Primeagen: "[Not having null] is something I wish we had more of." Me: "So what you're saying is we need more less nothing?" Ron Burgunudy: "That doesn't make sense."

The private/public language-level accessor argument is pointless on two levels: 1) Anyone can call a function as long as it's in the symbol table: you can bypass the language restrictions. 2) The presence of a function in a library isn't a security threat per se, it's the fault of an application if it adds ways to make it callable via another process or network connection, which doesn't happen magically.

Before hearing about rust, I was using a Borland C++ compiler, when I updated my tool chain, I got an LLVM/CLANG compiler instead, and this was with embarcadero. It was like chalk and cheese, the LLVM implementation was amazingly better at picking up tiny/subtle errors in your code that will compile. I always thought that if those people behind the LLVM, or clang tool chain, continue doing their thing, then C++ would eventually turn out to be a safe language. Even so, I have some very good lint tools, and run time tools, that makes it very difficult for bugs to pass by me. I am not sure if moving to rust makes you no longer necessary to test code but I can't see myself not testing my code both static and runtime

Rust cant save you from skill issue syndrome

If you think declaring a method public makes it available for hackers to call, or that declaring a method private prevents hackers from calling it, you are badly mistaken. Those keywords are for the design of your code, they do not have any special powers. I call private methods from libraries all the time.

Only society can save itself not just with better tools, but with better wisdom. Yet it chooses not to do so because it doesn't see an immediate ROI with better wisdom, but there's an immediate stonk feedback for laying off wisdom that made the product.

But.... but.... function visibility has very little to do with actual security... it's about logic encapsulation and minimizing the API surface more for readability... There's no actual safety in declaring something as private (and in fact, an attacker with JAR/DLL access can just call it anyway using reflection). That function visibility example is utterly useless...

7:30 Java has reflection right? What does public/private have to do with it?

He's so proud of almost shutting down netflix 💀💀💀

Rust won’t save us, but HolyC will

Im learning rust and c at the same time. Trying to get old school new school yin yang interaction going

I like your take on skill-issues across the board -- regardless of which framework, language, methodology -- if the team is mid, the product is mid.

class visibility is not a security feature...

I'm not on the Rust hype train bc of what problems Rust solves the best but bc it's the nicest language and environment to program in. Most of the other languages suck one way or another. Rust has the beautiful type system of Haskell, the power of C, the modern features of Python or C# or whatnot, and the best build system on planet Earth. It just does everything well. So what if it won't magically fix all problems? It's still the most enjoyable problem solving experience.

2:45 lol a few years ago (2020 I believe) a representative of one of Sweden's largest political parties was talking about cybersecurity on TV ahead of the election, and on the wall behind him was a sheet of paper with the SSID and password for the wi-fi at their HQ. Swedish public service TV ended up taking down the clip and reposting it with the info blurred after people made fun of it a ton online, lol.

Are you gonna write drop database in your Turso project

private by default won't save anyone ever. If someone thinks it needs to be public, they'll just make it public. That's why people type `public void foo` instead of `private void foo` from muscle memory. immutable by default won't save anyone ever. If someone comes across a case where a thing needs to be mutated, they'll make a new object with the thing set to the new state. OOPs encapsulation techniques are not security features. They're encapsulation techniques. Don't let security "experts" tell you otherwise. Having setters is not a security vulnerability. Don't let security "experts" tell you otherwise. Having a DB object that has a dropDatabase function that you can call isn't a security vulnerability. Even if it was private, there was someway to get that function to be called. That Confluence bug was because any-bloody-one could set an admin flag through the URL. Not because you can instantiate a class that inherits from somewhere that has a field that can be set. That ASPX bug was because someone custom wrote their own header parsing, not because they had a header. I'm so sick of "security experts" coming in from literally nowhere acting big brain and holier than thou with these shit programming takes. No offense to this ghostbyte person. All of the "vulnerabilities" showcased didn't need to not exist, they needed to be behind another layer of defense. I bet that's how Atlassian fixed the confluence bug, instead of changing their inheritance hierarchy.

We're in the horrizone!

I like c++. (But yeah, const default would be nice)

In java you can use reflection to at runtime change a private function public and call it

Article: 9 min read. Prime: Hold my bear

24:45 it's hard for me to parse rust and c++ code to ast inside head so I don't know what kind to thing I don't know

“For security to work it has to be baked in from the start” Is what exactly rust does

25:31 where can I find the "New Rust Async" book?

Repulsive Grizzly ! Amazing !

the beautiful thing about computing is that most computing problems (and solutions) relate to life in general. The problem about language safety has nothing to do with the language itself - it has to do with the programmer. Isn't the industry dominated by Javascript, that tool forged in Hell by S4tan himself? You just cannot put enough fences around stupid people. They'll always find a way to be stupid and abuse/misuse tools. And there always be predators looking to prey upon the weaker amongst the flock. Rust is not intended to be "stupid-proof". You can abuse it still. It's intended to make it harder for you to *accidentally* make a mistake and make something stupid *in C*. And it does that well.

You don't use unwrap or expect in production, unless during initialization. And unlike nulls, unwrap/expect do not surprise you. It's an explicit crash. Meaning it has to be put on purpose and could be looked for during text search in your code

23:08 what kind of device you need to touch sawblade to turn it off!?

8:49 is the risk still relevant even if you do `pub(crate)`?

I like static typed languages for just about all but web development. Once we pass JSON and user form data around, I really prefer to manupulate it with PHP. I just assume that all data is strings and tainted and cast it when it needs to interact with internal things.

IEF can be fixed with rust, with public and private functions?

All true until you write unsafe somewhere. Then everything goes out of the window. Even if you dont use unsafe, there are decent chances some of your dependencies do

16:54 someone had to say it. I guess the problem is that in the years many gave null a meaning, so in order to get rid of null you have to manage what null has been used for (aka nullable boolean fields? evil).

19:22 yeah OCaml !!!

Am i missing something, or do public/private modifiers have nothing to do with an insecure exposed function vulnerability? For IEF you have to expose the function to the outside world, like through an HTTP API. Just marking something as public only exposes it within the current code base, which is not the "outside world"

Who else thinks there will be another language that will eventually replace rust? It will have many of the benefits, like immutability, Options, Error handling, Enums, but will be simpler to read, compile and run like Go.

i think elixir is the best for async

Why would I want a crab to shave me?

27:01 why does prime give people like that so much attention?

Weak encryption? Don't tell me they cracked ROT13 already!

I dare the author to write a role based system in Rust, using type-state or witness design patterns and then make that claim. The Rust type system can be used to save us, so the bold statement "can't" is false. Of course that not utilizing the language intelligently when using it's features, would not save you. But compare to other language, you have a lot more to utilize for the safety parts

Imma feed you to the sigma

It's been 6 months since I started studying Java, it's been 6 months since I started watching this channel, and every time I watch a video from this channel, it makes me think I made a bad decision

I'm curious why Zig has null instead of none, as null can only be used on an option anyway. My guess is for C library compatibility.

Yeah, I agree on that last bit about bringing TS (or whatever) devs over. I spent about 4 years having Go be my main language. I've been on a 2 year journey at Rust and although it has gone quicker, I think: "are other people really going to do this too?". I'm not an island. :\

Sounds like Nim lang to me, with borrow checker added :D Eventually everybody switch to OCaml. :v

I don't understand article when they do a full paragraph for every single sentence.

In 2040, people are still coding in Java and still it's a mainstream language. Though many fast languages evolved in last 20 years, like go/rust/mojo/mojo++/Microsoft's copy lang C##/etc. But they are too fast to handle for human. That's why people left them and again started using Java. Also, the trending of superfast language has been banned, because many developers have become TikToker, due to short and superfast productivity mindset.

I was taught to pronounce IOCTLs as Eye-octals

G L E A M L A N G

22:25 true

Rust has its space, but I don’t think it’s the best language for MOST software.

0:10 I think Rust has got to have the most aggressive programming language community. I can't think of any language with such a frequent hostile appearance. And quantity of drama is also a measure I'm sure. Individuals have been awful in other languages. But the amount of shit anyone who suggests flaws with Rust get is incredible. I'm not sure I understand why, maybe it's that Rust is a very significant time investment to learn well and critics are seen to threaten that investment. I don't agree with that perspective. Good critics are very important for the improvement of anything. C++ programmers should be in that same position. But at the same time who could be a passionate defender of a language like C++? 😂 If I'm right with the investment argument this blogpost is really a massive sore point. I browsed HN. So much hate. But in fairness to them a lot of it picked on one particular example that was apparently fixed. I think the accusation that the article is deceptive/dishonest is just silly.

Great now I'll never pronounce SQL the same

I personally would never write a function/method to drop a database. That is something you would want to manually login and do. Just as I have decided to never write a pipeline that would call terraform destroy. You just don't do it.

10:04 why can you call arbitrary public method by http(s) request!?

Wait... I thought the definition of "variable" was something that can "vary" or "mutate".... If you want a placeholder constant, call it that instead.

How much do we get per 1000 occurences of the word "Rust"? Asking for a friend who's looking for a side hustle.

19:54 It's perfect to pronounce horizon like you and the majority of european languages do. English is the black duck, segregated away from the rest of us, alone on its island.

Either way, I get the vibe the author knows only some Rust. 'Cause how can you be Rust proficient and not know about 'pub(crate)'?

You won escape mutexes

I will say, on the topic of Immutability by Default: I think Herb Sutter has it right with his CppFront project, where the programmer gets the choice of whether to have immutability by default or not on a scope level rather than it being declared from on high by the language designers. He did make Immutability the absolute default, but the programmer has the ability to say "for this part of code, I want mutability by default instead", which I think is really neat. I think if, as a language designer, you're *forced* to choose one, it makes sense to choose Immutability by Default rather than the opposite, but I also have a lot of experience working contexts where being forced to explicitly declare every single variable as non-const would degrade productivity really badly.

pretty sure "drop database" doesn't exist in sqlite, a database in sqlite is a file.

I'm trying to imagine the context in which a public function would be available to a hacker while a private one wouldn't. Your program would have to somehow be running in some kind of permissions context that the hacker wouldn't otherwise have. What did you do, sticky-bit your program and auto-generate a web service from your public interface or something? And you never, like, glanced over the manifest and noticed the "DropDatabase" function? Yeah, I dunno. I think the right answer there isn't to force all devs to never make public functions that shouldn't be accessible to hackers. That's just not really tenable. I think maybe a better plan might be to have super clear delineations around things like *what programs are going behind auto-gen'd web services.*

I don't really like the DropDatabase example - if someone is actually writing code using that package and running it, then it means they already have access to the database credentials in some form or another.. if they want to drop the database, then making the function private will not stop them at all. It might be a good idea to make it private to try to reduce user error, but that's not really a security issue - if it being public is a security issue, then you always have bigger security issues.

Typescript is both statically typed and dynamically typed.

bro forgot that windows just announced many things will be redone in rust :3

Wtf is this article talking about. Default function visibility doesn't have anything to do with security. It doesn't matter if your function is marked public or private. If a malicious actor can arbitrarily choose to execute any public function they want, then you are f***ed either way. The only case where function visibility matters is if you are automatically generating external endpoints based on the function visibility, which is extremely rare in static languages and should be only done on classes/objects/modules that are specifically designated as external API surfaces.

Dude, you have to tell us, how is it possible a loop could destroy netflix permanently? wth how is that a thing?

re: "why opt into mutating?" (as opposed to opting into const-ing.) If you write modern C++, and follow "best practices," you're typing const for practically every variable, every parameter, lots of functions, it's silly. And you're probably doing it twice because of the freaking headers, unless you're writing header-only stuff or using C++20 modules. So Rust just makes everything immutable by default. Good plan. Saves typing.

SQL is sequel no squill ....

why are private methods safer by default? this doesn't sound right...

I've heard Jesus didn't make mistakes.

...Are you serious?

We don't need to be saved.

Insecure Exposed Function? Nowadays that just means API.

IOCTL is pronounced eye-AWK-tul where I come from

I don't like rust because it's a low level type thing with high level looking syntax. It rocks my brain to no end.

"Extracting nulls" is not much of a tradeoff imo, because in a language with non-nullable types, 99% of the time a value simply can't be null and there's no need to check. You're only checking in the cases where explicitly a value can be null. In a language that doesn't support non-nullable types, you never know if the value you received from a method call can be null and either have to always check or keep it in your head, adding to mental load.

Don't you drop a SQEALite databases with `rm -f user.sqlite`?

Rust 2,0 will fix Rust and finally defeat Dreamberd as the perfect language,

Love from India❤

Java functions eh?

DO. NOT. WRITE. THAT. removeDatabase. FUNCTION! Not with embedded SQL. In fact, I wrote my own database system that has 2 languages with isolated processors: 1 client-side, 1 server-side. So, there are certain things that you just can't (directly) do client-side. Deleting a database is one of them.

As the post shows, once again someone assumes Rust only exists help with memmory safety and completely misses the point.

Rust won’t, but Jesus does

I understood nothing from 2 vulnerabilities this guy presented as examples. And Rust magically should have fixed them. Ok, that was interesting (it wasn't)

I tried golang last week and i hated the way go exports vars and funcs

21:02- "writing their frontend and backend in the same language" And that language being JavaScript doesn't help

Developers' whims go too far! If we satisfy them on security issues today, tomorrow they'll be demanding that language syntaxes make sense.

Why prime is opposing rust, the point he's made, 6 months back he was praising the same points.. lol.

Rust is the least secure language, except for every other language that has been tried

Lots of big talk the article but the two "example" of vulnerability provided is pure skill issue. Who's in their sane mind is allowing user to edit application config in runtime via this long dot namespaced parameters? wut. Then header parsing, seems like reinvented the wheel there and put shitty string manipulation code. No need to use rust or similar fancy tech to prevent this. Just use common sense. For example even in symfony (php) these wouldn't happen as framework has standard sane ways of both dealing with app config and http headers.

Honestly I despise a lot of the Rust community, it doesn't serve an original purpose, it co-opts the purposes of other languages, sometimes without good justification compared to the alternatives, and then it gets injected everywhere like "replace everything with Rust" no matter how unsuitable it would be for that. Aside from despising the language for numerous reasons (its ideas are nice, but its implementation is the worst way you could've done it) the community is absolutely horrible for Rust, I've been in regular non-rust programming places, but as soon as you criticize Rust for anything, they absolutely lose their crap and call you names. I can't stand Rust, and even more I can't stand its community, its no wonder its representatives are so crap.