Vulnerability In Font Processing Library Affects Linux, OpenOffice, Firefox

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Re:Another buffer overflow

We all know about Rust. We know its syntax is a step backward from C, C++, Java, C#, and even PHP. We know its resource management approach is confusing, even when you understand how it works and how to use it. We know there's only one implementation of it, and according to its issue tracker it's really buggy (which is even funnier because the Rust compiler and standard libraries are implemented in Rust and Rust is supposed to have been designed to make bugs less likely!). We know it took them fucking forever get Rust 1.0 out the door, and even then it wasn't stable. We know that it hasn't lived up to the hype since then. We know their leadership includes prominent former Ruby on Railers who jumped ship when it became obvious that RoR was no longer trendy. We know the Rust standard library is quite shitty and lacking. We know that C++ has continued to evolve and can offer pretty much everything Rust offers. We know that the Rust community is quite totalitarian, with an intolerant code of conduct and a mod team to take out anyone they don't like. We question Mozilla's future, seeing as how Firefox's market share is dropping like a rock thanks to Mozilla treating its users so badly and subjecting them to so many unwanted changes in Firefox, and Firefox is really Mozilla's only product that sees use these days. We know that the Servo project, which is written in Rust, is going nowhere. We ignore Rust because it just isn't a viable option!

Re:Another buffer overflow

I get that you clearly have an axe to grind about Rust for some reason, but you have not explained why it isn't viable. It's impossible to take you seriously when you make empty claims about Servo "going nowhere" when components written in Rust for Servo are being added to Firefox as we speak, or that Rust's syntax is "a step backward" from the likes of C++ or PHP, or argue that you might as well use C++ instead, despite the fact that C++ offers too many convenient footguns to make such a thing viable without expensive static analysis tools to make sure you aren't screwing up... which Rust offers built-in as part of the compilation process.

It honestly sounds like you're just unwilling to acknowledge Rust because Mozilla did something to piss you off. Maybe they removed a feature from Firefox you don't like, or maybe you just think they should have pushed Rust out the door faster than any other advanced language, or maybe you just don't like some people working on Rust or at Mozilla. At any rate, you are doing a piss poor job of convincing anybody as to what Rust's actual flaws are. The standard library not being as mature as the ones in older languages? That's really the only substantive thing you've mentioned here that doesn't smack of petty sensationalism.