Hacker News new | past | comments | ask | show | jobs | submit login

I support the c coders. Rewriting linux in rust is an existential threat to the infosec industry where I work



You can still write security software that fucks up the kernel in Rust!

Edit: just in case anyone took this too seriously, it was facetious.


Would a new competitor "cloudstrike-rs" be too blatant a trademark infringement?


Close. What about Ruststrike?

Edit: I don't even know Rust but I wrote a prototype:

    fn main() {
        const LOL: *mut u64 = 1 as *mut u64;
        unsafe {
            std::ptr::write(LOL, 0);
        }
    }
Edit 2: fuck that's ugly.


Well, the infosec industry itself is an existential threat to sane, responsive software for power users without the cult of safetyism, so it is potentially still a net win.

The safest software is the one that does nothing.


That's the spirit! People with attitudes like that are why my salary keeps going up.


If your program eats all computer resources given specific inputs, is this a DoS vulnerability, simply a bug or even expected behaviour? It depends.

Is Spectre a vulnerability? Even that depends on what code you run and on which machine.

The reason your salary is going up is because there is no sensible access control management and sensible threat model for software. Can we know in which circumstances some software (or CPU) will be used? Can we assume who the users are? No, we can't because there are billions of computers out there and, thus, billions of different use-cases. And we all have to suffer from slower execution because someone wants to expose access to their machine through a multi-tenant single-process cloud environment or whatnot.


And unfucking things that the infosec people do keeps mine going up :)


People treat it as adversarial but really its a circular ecosystem


Yes a veritable ouroboros of suffering. I thank you for your service.


Apes together stronger!


How can I get on your (salary) bandwagon?


Practice this transition :) -> :| Maybe throw in a sigh or a smirk or something. Know that no matter what the reason for or against a change is, you should be able to find a reason why it improves or harms security

But jokes aside its mostly about realising that when you consider all aspects of computing its such a wide, deep field that no one, no matter how much of a "power user" they think they are, will ever do things perfectly, and mistakes add up over time until one day Validimir Hackowski is running bitcoin miners in your AWS account. Then you find one aspect or more of computing and investigate the infosec fields that help find those bugs/mistakes and fix them. I like websec and linux/windows config security, myself, all of which is in high demand.


First develop some level of loathing and disgust at the state of all software. Let this fuel your desire to break it. Then learn to build it securely. Then market yourself as a security engineer. PROFIT!


As someone who has been doing "software" for about 30 years now, I completely agree with this. The only people I know who are good at what they do, do it because they use the hatred and disgust of the state of things as fuel for the fire. Optimism and anything similarly airy-fairy doesn't burn as well.


To be fair, I have been in offensive security and security engineering for like 18 years now. I genuinely have an optimistic outlook. But some days the rage wins and I hack/build in anger lol. I tame it. It is fleeting. The mission matters more to me in the long run. And security engineering as practiced in many big tech style firms genuinely matters and makes a holistic difference for users and everyone. It isn’t perfect, but it is way better than 18 years ago.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: