Hacker News new | past | comments | ask | show | jobs | submit login

The replacement should be written in a memory-safe language. Including the TLS library.

"There is more to life than increasing its speed."






Does it start with an "R" and rhyme with "repeated-so-often-its-been-ground-into-the-dust"?

Go has the advantage in having a native mature TLS stack.

It's not a memory safe language though.

> The replacement should be written in a memory-safe language. Including the TLS library.

No. Memory safety is a vanishingly small subset of all bugs and security problems. PHP is memory-safe, for example. Where has that gotten us?

> "There is more to life than increasing its speed."

Not if you're a computer.


I'm not sure if you are trolling or not. Just in case: all rce vulns in nginx have been memory safety bugs: https://www.cvedetails.com/vulnerability-list/vendor_id-1004...

Read what I posted again.

The number of security vulnerabilities due to PHP's crappiness is two orders of magnitude greater than all of nginx vulnerabilities combined.

Yet PHP is a memory-safe language.

Memory safety won't fix anything by itself, it will just shuffle the shit into some other place.

Now if you're claiming that if you take nginx developers and force them to use Rust they'll somehow start writing better code, then that's a valid point. Although I'm in extreme doubt that it is realistic or even true.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: