One time fee… what a guy. The courses are timeless but mate how are you going to continue to monetise future courses if all existing people get them for free? Genuinely curious - not trying to be a d bag

C#

what happened to your lip

Another great tool is loom, which can be used to exhaustively check all possible thread orderings in a multithreaded test suite - this can verify the correctness of concurrent data structures so you can rely on their synchronization while using unsafe.

true it makes it way easier to "ctrl f" it and work on finding a solution.

@@JessicaFEREM software future is in great hands if that's the case that you "fix" code by ctrl+f /s

Yeah. That is the same as npm and pip

Those supply chain attacks will need a way to get into each system deeper. So they may need to depend on memory exploits like this in the end

Same thing with every other package manager, like Github Actions. I maintain a fairly large repo that handles user account tokens and I recently wanted to add a job to automatically run my unit tests. I looked on the marketplace and found 9 different packages, and all they do is wrap the test command from the SDK. The scariest part is they had a fairly substantial amounts of downloads, making supply chain attacks fairly easy against any repo making use of those actions.

@@bdfb-th5ek the problem is that nobody has the time to check all (recursive) dependencies when updating them, while not updating them leaves known vulnerabilities open.. so someone just has to add something malicious to their package edit: Sorry I think I misunderstood you. Yes, for some projects maybe, others can get pretty deep into the system this way already.

@@bdfb-th5ek Running an executable is a pretty deep in into a system already. Even without root

Yes, coming from dynamic typing and haskell background, not having proper sum types (*tagged* unions enabling pattern matching and overloading) in other languages often annoys me (especially when inheritance is overused).

As a Scala dev, you are appealing to me now

No, it's not possible. A lot of system architectures have memory mapped IO registers at a particular address, just being able to create and use a raw pointer to one of those registers is a requirement for systems language.

That's the thing people forget. The point of unsafe blocks is you create a safe wrapper around unsafe code that cannot cause any memory unsafety when used in safe code. If your program segfaults the only possible reason are unsafe blocks which are very clearly marked

​@@kylek.3689yep. Computers are intrinsically unsafe. You always need to deal with stuff that you do not know if it's safe, like doing IO.

@@pxolqopt3597Exactly. The Rust stdlib uses a lot of unsafe under the hood, exposing mostly the safe parts.

That's what a debugger is for

Sadly, this is not always possible. An unsafe block might not cause a crash outright, but might instead put your application into a UB state, which would lead to a crash at a future point. As an example, it may create a NonZero which actually has a zero value, and crash will only happen when some other code expects that value to be non-zero.

excpet that zig sucks. zig users also called ziggers are idiot who dont know C and dont know rust so they learn the useless language that is never used so their garbage subhumen code cannot be audited because no one uses it.

Totally agree. I definitely find to be Zig more ergonomic than Rust. Though that may be because Rust is supposed to replace C++, while Zig is supposed to replace C.

​@@ZenonLite Zig replacing C and Rust replacing C++ is just marketing. Both have their own pros and cons for different usages.

Memory safety isn't Rust's top feature, imo. There are a ton of things in Rust that make it easier to work with.

@@tinrabYeah memory safety is an extremely basic and bare-minimum feature Now, enums and errors-as-values? Incredible

Is not safe in sense of Rust but has defer and also you must opt-in for null pointers so good start over C, but using pointers you can always shoot the foot off 😅

@@AK-vx4dy yeah, I guess not having null pointers by default is an upgrade over C++. C++ has RAII just like Rust, which fills the same role as defer most of the time. overall, it seems to me like idiomatic C++ would be around as safe as idiomatic zig, but I'm probably missing something important?

@@asdfghyter I wrote C not C++, I don't know full posibilties of zig, I wrote what I remember. And comment was about Zig. But generally zig and idiomatic c++ should be comparable. But I and many people see zig more like current era C replacement.

@@AK-vx4dy yes, absolutely, I was the one who started talking about C++ in my top level comment. There's no doubt that Zig is safer than C, but the question I asked in my first comment is if it's any safer than C++ and if C++ level safety is the standards that LLL means when he says "tastes like it's memory safe"

@@asdfghyter maybe difference is in defaults, starting with that you can literally or just in style write C inside C++, and maybe get warnings, maybe zig directs people to safer paths just by language construction and less safer path need more work to use them and clarity (no behind scene magic), but you must ask LLL himself ;)

Is Rust the next white-paper ingredient to replace Haskell?

The fewer live lines of code, the fewer points of failure

memory leaks dont corrupt memory so yes they are memory safe

A slow, poorly optimized, memory hogging program is perfectly safe if it does exactly what you expect it to. Which it does if you use safe Rust

Is this comment supposed to be a joke

​@@tiranito2834 Crashing is well defined behaviour. Rust can't stop you from writing bad code.

​@@tiranito2834 The term "memory safety" has an actual meaning in its context here. I don't even particularly like Rust, I went the Zig path myself, but this argument doesn't even make sense as a "gotcha" against Rust. I personally am not aware of a language that is immune to memory leaks, and AFAIK, no one has ever claimed that Rust is. I think too many people simply don't understand what "memory safety" means, which is evident my some of the replies here.

Safe? 450Kb of "Hello world" Rust app (compare to 6Kb in C++) - is more than enough for adding backdoor into any small Rust app.

It's actually not. In fact mere printing to stdout is a fairly complicated thing under the hood. And inherently not thread safe btw. Especially when you realize that stdin/stdout of your process can be manipulated from outside. It opens a way to a whole class of nasty hacks.

Perfect! Because that's the only code I can write.

char hello[4]; strcpy(hello, "Hello World"); puts(hello);

@@mk72v2oq true

All of us are telling a computer what to do. The mathematicians are trying to figure out how best to tell the computer how to do.

Good joke

Or dealing with people that makes stack overflow feel loving. I'm fuzzy on the numbers but input sanitation and process chain validation for fault tolerance would be top 10 culprits.

Look up rust AtomicBool/u64/etc. Thread safe and much faster than mutex or rwlock

If it's just a bool and missing the value once is acceptable you could easily use unsafe rust to set the value, but if you want to avoid unsafe, atomics like atomicbool are thread safe and cost I believe one extra CPU instruction per read, which, on the scale of a ghz CPU, even 1024 threads aren't going to have a major performance impact over all from a single atomic

​@DissyFanart I am pretty sure atomic types don't cause any overhead on x86_64 cpus unless you use Ordering::SeqCst

@@DissyFanart Depends on the architecture. In x86 most operations are already atomic. The ordering is mostly used so that the compiler doesn't mess it up.

@@Turalcar UB in Rust language is UB regardless of the target architecture.

my guess is the linux API just has less functions than the win API, but I'm not sure

Doesn't really exist from a practical standpoint. But I guess technically, its C++, hands down

@@devon9374 what about C it's good or bad than C++

C and C++. In terms of getting stuff done, they are here, have always been here, and will always be here.

MS does invest into Rust. The future is safe.

@@techpriest4787 Investing into Rust doesn't mean Windows is gonna be re-written in that language. Now more than ever Microsoft is focusing Windows in backwards-compatibility.

cargo check is slow if you're running it on every save though. it gets annoying

@9SMTM6 provided a awnser in another comment. I would've linked to/copied it if I weren't on mobile.

Basically there's a bug in the compiler's type inference which they use to extend the lifetime of a string reference to borrow its memory after the compiler frees it. It's not something you would do on accident, though. The file "lifetime_expansion.rs" in the cve-rs repo has an explanation, KZbin won't let me link it

I think my reply got attached to the wrong comment.

true, but to be fair they haven't done anything bad in like a year. the trademark thing never even went through which a lot of people aren't even aware about

And rust users

It's not hard to learn, though. The argument of "it's still unsafe" is just "I don't want to wear a helmet while riding a motorcycle, because it's still unsafe"

Rust really isn't hard to learn if you already know a statically typed language. Hard to master, very much so.

@@MaybeADragon it's annoying to read and write, thus harder to learn for beginner.

@@nordgaren2358 wearing a helmet is easy and doesnt require effort unlike writing safe code in rust. unrelated analogy

there is even a repository which managed to create quite a few memory corruptions fully in safe Rust

Written in C of course, even those libraries you need to load.

@@colinmaharaj Which is written in machine code of course. But the point here is the language you write in.

2 or 3?

Yup, ain't no way I'm stopping python. Especially since it can be compiled to run faster it's definitely my swiss knife.

@@znoppen don't forget only true programmers write in ASM

NullPointerException

If Java's your safe space, just remember: in Rust, safety is guaranteed by design, not by exceptions!

zig is not memory safe language. i don't even consider it comparable. the main benefit of zig is c interop.

@@smoked-old-fashioned-hh7lo 🤦

​@@smoked-old-fashioned-hh7lomain feature of zig is no hidden, unpredictable behaviour imo.

@@darukutsu that's a fair point. comptime is definitely a nice feature to have. for me personally, the only reason i would use zig is for c interop. it's just so painful with rust. i can see it being a great choice for migrating existing code, but outside of that, i don't know if it's dramatically different enough to successfully convince your company/boss to choose it over c.

nice ironic joke lol

They harass you for no reason

@zactron1997 technically all binaries are unsafe it just depends on the context from a direct memory corruption bug sure but indirect attacks where you coax some esoteric operating system feature to mess with the binary indirectly that's a different story. I believe indirect attacks will be the future for attackers in the realm of cyber security. Like this whole safe rust/unsafe rust argument is an illusion and a scapegoat style argument because people act like memory corruption is the only type of exploit. While the most common class of bugs there's other classes such as indirect and side channel attacks.

Well keep in mind that a lot of the safety in Rust is by programmer contract. It's common practice to wrap unsafe code in safe functions with the assumption that the original code is using the unsafe parts safely, and thus the end user of the function doesn't have to worry anymore. Of course, it's important to note that this is an assumption. If that assumption doesn't hold true, even using "safe" rust can cause bad things to happen. Really the advantage of Rust is that when there is a problem with unsafe things happening, it's a lot easier to debug, because you know specifically what code blocks do unsafe operations, so it's a lot easier to find the error at least once you know it exists.

@taragnor nothing bad can happen in safe rust at least directly, people tend to repeat that but can never demonstrate a proof of concept exploit it's all nonsense. The entire point of my argument is that it doesn't matter how many fancy compile time features you have to prevent direct memory corruption all that will do is cause attackers to pivot to side channel remote memory extractions and these indirect memory corruptions that cause adjacent process memory to corrupt. There's no magical safe system that can prevent all that to prevent indirect you would have to patch all the DoS holes that lead to the types of resource exhaustion that can actually corrupt random process memory. Maybe one day in bug bounties DoS bugs will be taken seriously instead of being considered out of scope when indirect memory corruptions gains popularity.

@@coolperson5479 And seatbelts don't prevent 100% of injuries during car crashes, but they're still required by law. All security is a game of cat and mouse, malicious actors are always improving their tools and trying to gain access to bigger and better exploits. Unfortunately, C and C++ have effectively stagnated on this front for the past 30+ years. Not because they can't make the languages safer (Zig and Rust prove you can make safer systems languages), but because they're afraid of tackling the change management required to get people on board with a better version of the language. C++ has some pretty good safety features, but they're harder/more verbose to use than the unsafe ones, so of course people don't use them where it matters. At the end of the day, a malicious actor can always break into the data centre and bash at the servers with a hammer until they get what they need. What matters is removing as much of the low hanging fruit as possible, rather than just letting these people have unfettered access to increasingly important critical infrastructure. Facebook being hacked 20 years ago would suck, but not really matter. Today, I'd rather have my bank card stolen than lose access to one of those SSO accounts...

@@coolperson5479 My point was that you can very much create a safe function that calls unsafe code, and thus anyone calling that function could potentially do unsafe things (potentially unknowingly). You're relying on the writer of the original function telling you it's safe. So if you're using a create that has what you think is a safe function, it may not necessarily be, because that safe function can contain an unsafe block.

A lot of the libc crate is unsafe FFI calls to glibc functions. I don't think that's what you mean, though. The Rust stdlib implements a lot of the functionality that would be in glibc, in pure Rust, using the libc crate for unsafe bindings to things like kernel calls. I'm not sure the point you're trying to make... that every project which uses stdlib is unsafe because stdlib contains unsafe code?

Yeah, picking on the Windows crate is pointless. It's just a large API so of course it has a large number of unsafe blocks.

To statically ensure all references are valid. Why are you immediately referring to deallocating memory, that's handled by RAII, not the borrow checker.