Rust

Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag’s work shows how automated checks can catch breaking changes before they’re released, potentially saving projects from unexpected failures and making dependency updates less painful across the entire Rust ecosystem. Episode links Predrag’s Mastodon Predrag’s Blog “We never update unless forced to” — cargo-semver-checks 2024 Year in Review cargo-semver-checks issue 5 This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...

Josh and Kurt talk about a blog post that explains how C and C++ compilers prioritize performance over correctness. This is the class story of security vs usability. Security is never the primary goal. If a security requirement doesn’t also enable other business goals it will fail. We also touch on the news of a Rust package containing binary files. It doesn’t really have anything to do with security, it’s all about convenience. ...

Josh and Kurt talk to Carol Nichols about Rust. Carol is an authority on Rust and helps us understand how Rust works, why it’s different. Why Rust doesn’t have the same problems C and C++ have, and what the future of it all could look like. It’s a really fun show with some great questions from Carol along the way. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_362_A_lesson_in_Rust_from_Carol_Nichols.mp3 Show Notes Carol Nichols on Mastodon The Rust Programming Language, 2nd Edition Rust book online Netflix tech blog on Java performance Rust in the context of Railroad Brakes Kees Cook blog - Bounded Flexible Arrays in C Consumer Reports on memory safety OSS-Fuzz and Rust

Josh and Kurt talk about the NSA guidance on using memory safety issues. The TL;DR is to stop using C. We discuss why C has so many problem, why we can’t fix C, and what some alternatives looks like. Even the alternatives have their own set of issues and there are many options, but the one thing we can agree on is we have to stop using C. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_360_Memory_safety_and_the_NSA.mp3 Show Notes NSA Releases Guidance on How to Protect Against Software Memory Safety Issues Drum memory and the story of Mel Netflix performance Discord Go vs Rust NVIDIA switch to Spark

Josh and Kurt talk about a story from Microsoft declaring Rust the future of safe programming, replacing C and C++. We discuss how tooling affects progress and why this isn’t always obvious when you’re in the middle of progress. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_282_The_security_of_Rust_who_left_all_this_awesome_in_here.mp3 Show Notes Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming Josh’s devopsdays talk Microsoft moved font handling out of the kernel Atari 2600 emulator in Minecraft Rate of technology adoption