Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Browser Will Feature More Rust Code (bleepingcomputer.com)

Posted by EditorDavid on from the Rusty-routers dept.

An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all.
"Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

9 of 149 comments (clear)

  1. And the barrier for Rust isn't? by AuMatar · · Score: 3, Insightful

    I'm pretty sure the number of programmers who know C is several orders of magnitude higher than Rust.

    --
    I still have more fans than freaks. WTF is wrong with you people?
    1. Re:And the barrier for Rust isn't? by ljw1004 · · Score: 4, Insightful

      I'm pretty sure the number of programmers who know C is several orders of magnitude higher than Rust.

      I can't imagine that being a problem. Rust is a familiar looking language designed not to have shoot-yourself-in-the-foot holes. I'd expect a good developer, who's already familiar with other languages, to be contributing good PRs in Rust within a day.

    2. Re:And the barrier for Rust isn't? by ljw1004 · · Score: 5, Informative

      You want an app that's supposed to protect your security online to be written by someone who hasn't studied or used the language but decided they could do well enough "within a day"? Yeah, no thanks.

      Honestly, yes. A clean language like Rust means that you won't get problems due to misuse of the language no matter how new you are to it; only due to misunderstanding of algorithms or architecture or security principals. The whole point of the comparison with C is that after a decade of experience in C you'll still find accidental security flaws due to unspotted buffer overruns or read-after-free.

    3. Re:And the barrier for Rust isn't? by IAN · · Score: 4, Informative

      Quick goggle tells me that rust compiler is written in C.

      That's why nobody seriously uses Goggle. Now if you tried Google, you'd get a snippet mentioning a "self-hosting compiler written in Rust" as the first result.

      (Yes, Rust's code generation backend is LLVM, written in C++. Don't try to build strawmen out of this.)

  2. Re:Well rust must be reallllly good... by KiloByte · · Score: 4, Funny

    No one is suicidal enough to write critical code in C. What would happen if someone wrote, say, a kernel, in C!?!

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. Rust never sleeps by Anonymous Coward · · Score: 4, Funny

    This is a browser for Johnny Rotten

  4. I am all for it by Anonymous Coward · · Score: 4, Interesting

    I am all for it. I know there will appear a group of people here bragging how they are good programmers and never do memory bugs in C. Maybe it is true, maybe not. Still, show me even one bigger project written in C that never had any memory management related bug!

    In a bigger project, you will not have just have programmers belonging to this elite. You will also attract less skilled developers. This could partly be solved by having more peer-review, but the more peer-review you have of the code and the more checks you do before committing, the slower the development process becomes. And even high class projects with amazing history of C usage like, OpenBSD, occasionally have their bugs.

    My opinion is that it is better if the peer-review time and development time is spent on getting the algorithms correct rather than hunting around for memory handling issues.

    My biggest concern about this move is the state of Rust. It is still somewhat "unstable" as it is a young language with heavy development.

  5. Re:Well rust must be reallllly good... by K.+S.+Kyosuke · · Score: 4, Informative

    What would happen if someone wrote, say, a kernel, in C!?!

    The thing you observe around you right now: holes in kernels, servers, browsers, virtual machines, regular security announcements... (Because everyone decided to repeat the same mistake.)

    --
    Ezekiel 23:20
  6. Firefox is a project without a system engineer by Big+Smirk · · Score: 4, Insightful

    Is it so hard to write code that compiles with 0 errors and 0 warnings that will pass valgrind with with 0 warnings?

    Firefox (and by extension Tor) need to figure out why with 70+ threads they still have deadlocks. Perhaps they need a language that doesn't do threading?

    Actually I exaggerated, currently Firefox is only using 68 threads to display this page...

    Project without a _REAL_ system engineer?

    --
    TODO: create/find/steal funny sig.