Comments by "" (@diadetediotedio6918) on "US Government declares the safest programming language" video.

  1.  @monad_tcp  There is no UB in normal safe Rust code (and if there is it would be fixed eventually).
    8
  2. so... made by devs for devs?
    2
  3. Rust is generally safe, what CVE-rs did is very, very, very specific AND what they did it is catched by MIRI (which you should be using if you are trying to make your software the safest as possible with the language). It is also a problem that can be fixed, so it eventually will. Of course I'm not saying it is not bad, it is pretty bad, but still, edge cases does not removes the benefits on security of the language.
    1
  4.  @tiranito2834  I think you are not privileged on intellect, so I'll explain it in an easy way, ok? CVE-rs is just a <project name>, it does not expose a CVE in Rust. It exposes the <possibility> of having CVE's in safe rust due to a bug in the compiler implementation (a problem that can be caught by using MIRI for example). I'm saying that this is a very especific and extreme corner case that will probably not pop as a thing in the extreme majority of codebases <because it is so specific>. So if it happens it would be because of bad actors wanting to intentionally introducing this in projects --- maybe from crates. The problem is that this is not a thing can will spread <normally> in any codebases, because it is really a edge thing, thus it will not be a giant problem unless it is being used by these bad actors. But if the problem is the existence of malicious code in crates then you cannot do nothing about it even with a perfectly and entirely proven type system simply because a crate can always do a system call or use unsafe or whatever and steal your system data --- in other words it is a very specific problem and it does not imposes a potentially <larger> risk than anything out there would already do. I'm also not saying <this is not a problem>, I will repeat it again since you was not able to see it: ["Of course I'm not saying it is not bad, it is pretty bad, but still, edge cases does not removes the benefits on security of the language."] The Rust team is aware of this problem and <there is a way to fix it> --- and there will be a patch once that fix is ready, so nobody is just saying "oh it is Rust so is fine", people are just saying "it is such an edge and corner case that it would not matter for the extreme majority of codebases" --- but, and there is always a but, it does impose problems we need to deal because it taints the type system correctness to some extent in specific cases if used badly or unintentionally. Again, it is not really a CVE per se, and nobody is saying it is not a problem. I'm saying this comment is wrong because this does not compromise per se the safety of the language in the extreme majority of cases.
    1
  5.  @tiranito2834  Amazingly, youtube loves to delete all of my comments. I will try again here as I copied it before sending: I'll explain it in an easy way, ok? CVE-rs is just a <project name>, it does not expose a CVE in Rust. It exposes the <possibility> of having CVE's in safe rust due to a bug in the compiler implementation (a problem that can be caught by using MIRI for example). I'm saying that this is a very especific and extreme corner case that will probably not pop as a thing in the extreme majority of codebases <because it is so specific>. So if it happens it would be because of bad actors wanting to intentionally introducing this in projects --- maybe from crates. The problem is that this is not a thing can will spread <normally> in any codebases, because it is really a edge thing, thus it will not be a giant problem unless it is being used by these bad actors. But if the problem is the existence of malicious code in crates then you cannot do nothing about it even with a perfectly and entirely proven type system simply because a crate can always do a system call or use unsafe or whatever and steal your system data --- in other words it is a very specific problem and it does not imposes a potentially <larger> risk than anything out there would already do. I'm also not saying <this is not a problem>, I will repeat it again since you was not able to see it: ["Of course I'm not saying it is not bad, it is pretty bad, but still, edge cases does not removes the benefits on security of the language."] The Rust team is aware of this problem and <there is a way to fix it> --- and there will be a patch once that fix is ready, so nobody is just saying "oh it is Rust so is fine", people are just saying "it is such an edge and corner case that it would not matter for the extreme majority of codebases" --- but, and there is always a but, it does impose problems we need to deal because it taints the type system correctness to some extent in specific cases if used badly or unintentionally. Again, it is not really a CVE per se, and nobody is saying it is not a problem. I'm saying this comment is wrong because this does not compromise overhal safety of the language in the extreme majority of cases.
    1
  6.  @tiranito2834  I don't get it but my comments are all disappearing. If you want to discuss it further send me your email or something. But for a TLDR: CVE-rs is not a CVE in rust, this is a misconception, it is about creating CVE's in safe rust (which is a problem with the rustc compiler that can/should/will be fixed). And nobody is saying "it is ok".
    1
  7.  @Combat_Corgi  > Just blindly going “you clearly hate abstraction so program in assembly” is a bad faith take and you know it It literally is a good take LOL
    1
  8.  @NinjaRunningWild  ["Memory vulnerabilities are an easier beast to tame than trying to"] Yeah, that's why all these major companies are adopting Rust more and more to their core technollogies instead of just "fixing the memory vulnerabilities".
    1
  9. I don't think this is what will happen, because: (a) it is too much costly and (b) it would take decades or more to reach their maturity again So, I don't think your reasoning follows at all
    1