~jpastuszek/blog

e61b9c697ed5223c27becc9e9afd21172318f5ea — Jakub Pastuszek 3 months ago 82965df master
more about Rust and fixed spelling
1 files changed, 69 insertions(+), 14 deletions(-)

M content/future.md
M content/future.md => content/future.md +69 -14
@@ 1,3 1,12 @@
# TODO:

* make this post less angry :D
* add links to other posts
 * there are good post about Rust "weaknesses" <- claiming them and also disproving them
 * lots of Plan 9 stuff out there
 * CVE stats
 * links to docs talking about ACLs vs ocaps

# Main problems we need to solve for the future

## Security


@@ 11,9 20,10 @@ We need to address main reasons for CVEs:
* Buffer over/under flow
* Free after use
* Double free
* Integer under/overflow errors
* Type confusion
* Code injection (XSS, SQLi etc.)
* Confused Deputy problems (Cross-site request forgery, priviledge escalation)
* Confused Deputy problems (Cross-site request forgery, privilege escalation)
* Race conditions
* Large attack surface
* Logic errors


@@ 21,23 31,23 @@ We need to address main reasons for CVEs:
DDoS due to crashes:

* Null pointers
* Concurent access errors
* Concurrent access errors

## Spyware

All commercial software is already spayware or will become one thanks to "data is new oil" mentality - thanks ML people!
Advertisement is pushing humanity into consumerism and that will eventually end us due to resource depeletion and environment destructiopn - this needs to stop.
Advertisement is pushing humanity into consumerism and that will eventually end us due to resource depletion and environment destruction - this needs to stop.

### Why?

You cannot have democracy, freedom of expression, fredom of your onw thought process while being contantly surveiled.
You cannot have democracy, freedom of expression, freedom of your own thought process while being constantly surveilled.
You cannot think for yourself if you are bombarded by highly targeted messages.

### What?

Windows is a spyware - "telemetry" cannot be turned off - it is illegal to do so!
MacOS now does the same as Windows, you cannot turn it off as it uses "hardware root of trust" chain to prevent tempering. iOS is beign like that for many years now.
Anything Google is same, they became evil since they aquired Double Click (?).
MacOS now does the same as Windows, you cannot turn it off as it uses "hardware root of trust" chain to prevent tempering. iOS is being like that for many years now.
Anything Google is same, they became evil since they acquired Double Click (?).

# What future do we need



@@ 45,9 55,9 @@ We need new free as in freedom OS that addresses security issues and is not spyw

## Why?

Linux is based on Unix design. This design was created before networks were a thing. It's security model is broken (Access Control Lists) by design. Any attempt to fix it is a hack that adds to attac surface and complexity (Docker, Nix).
Linux is based on Unix design. This design was created before networks were a thing. It's security model is broken (Access Control Lists) by design. Any attempt to fix it is a hack that adds to attack surface and complexity (Docker, Nix).

Plan 9 is still written in C (reason for the top CVEs) and is still using ACL security model (although lots of it is accidentally(?) based on object-capabilites thanks to P9 protocol).
Plan 9 is still written in C (reason for the top CVEs) and is still using ACL security model (although lots of it is accidentally(?) based on object-capabilities thanks to P9 protocol).

## How?



@@ 56,22 66,67 @@ Plan 9 is still written in C (reason for the top CVEs) and is still using ACL se
To address top CVE classes we need to stop using programming languages that lead to them.
The "given enough eyeballs, all bugs are shallow" proved to be insufficient. Only mathematically verified models that verify your programs automatically can work for security.

There is only one language currently available that goes far enought to address most of this CVE classes and that is Rust.
There is only one language currently available that goes far enough to address most of this CVE classes and that is Rust.

So we need OS that is written in Rust and that if free as in freedom and that gets "enough eyballs" to weed out logic errors that Rust only helps to avoid with it's type system.
So we need OS that is written in Rust and that if free as in freedom and that gets "enough eyeballs" to weed out logic errors that Rust only helps to avoid with it's type system.

### OS design

Linux has large attac surface (still tiny compared to Windows). To address this we need better obstractions on OS leve. Plan 9 protocol (P9) does provide an exellent example of such abstraction. Plan 9 has very small set of API primitives that were designed for the networking. This allows it to be much more secure than Linux.
Linux has large attack surface (still tiny compared to Windows). To address this we need better abstractions on OS leve. Plan 9 protocol (P9) does provide an excellent example of such abstraction. Plan 9 has very small set of API primitives that were designed for the networking. This allows it to be much more secure than Linux.

Still Plan 9 will have buffer under/over flow issues, use after free, etc. due to use of C programming language - this is not avoidable!
Alos Plan 9 uses ACLs that lead to Confused Deputy problems and in the end to priviledge escalations. P9 protocol is object-capability based in practice so it does offer way more sofisticated security comparred to Linux making such hacks like Docker and Nix not necessary.
Also Plan 9 uses ACLs that lead to Confused Deputy problems and in the end to privilege escalations. P9 protocol is object-capability based in practice so it does offer way more sophisticated security compared to Linux making such hacks like Docker and Nix not necessary.

So the new OS apart from being written in Rust needs to be using object-capability based security model from exclusively.

# The future

Free as in freedom, open source OS based on prooven ideas from Plan 9 (P9 ptotocol), with object-capability based security model and written in Rust is the way of the future.
We already live in the world where most population is surviled in 1984 dystopia style where 20 successful ranswmware attacs are performed weekly on companies that loose billions to get their data back or prvent them from beign published (exfiltraion). Internet is a warzone with it's "background radiation" (all the scanning and attac traffic) going strong - just set up WordPress instance and wait few minutes, see what happens.
Free as in freedom, open source OS based on proofed ideas from Plan 9 (P9 protocol), with object-capability based security model and written in Rust is the way of the future.
We already live in the world where most population is surveilled in 1984 dystopia style where 20 successful ransomware attacks are performed weekly on companies that loose billions to get their data back or prevent them from being published (ex-filtration). Internet is a war zone with it's "background radiation" (all the scanning and attack traffic) going strong - just set up WordPress instance and wait few minutes, see what happens.

We must not fail!

# Please help this future to happen

## Rust complaints

### X is not as mature as C

Well, really? How did you figure it out. Nothing crated in last 50 years won't be as mature as C by definition, how brain dead are you!
Wow, so shocking that something created 10 years ago (version 1.0.0 released in 2015) is not as mature as something crated 1972 (48 years ago) and extremely successful and widely used since then.

Instead of complaining and discouraging people for using Rust, and this way delaying it becoming mature, why won't you help instead!

### But Rust has only one compiler implementations

First, see above!
Second this is false: https://github.com/thepowersgang/mrustc, and it is used in Guix to bootstrap Rust compiler written in Rust.
Also there exists original ML implementation.

Again stop being a moppet and help instead. This is not constructive!

### But Rust is slow!

"Rust is slowly compiling fast software" <- this. Again this is down to "X is not as mature as C" and also due to laws of physics - Rust compiler runs a complex correctness verification proof of your entire program so it will require more CPU cycles to do that.
Still there has been some impressive work done on Rust compiler to allow incremental compilation and to redesign the compiler using novel architecture that will speed it up further.

### But Rust programs have 300+ dependencies

Also true for C programs that:
* depend on many pre installed libraries
* often contain one file libraries "vendored" in there source code (XML parsers, gzip, base64, hash maps etc. are often included in) - this is due to lack of proper package manager like cargo.
* often use plugin/module system that hides dependencies (VLC, httpd, etc.)

Rust does statically link binaries to address broken OS design as described above. It is a compromise between having to manage all dependencies externally on OS level leading to conflicts and dependency hell and finally to Docker as a hack workaround to bad OS design and vendoring by hand buggy and unfixable impls in your program on rewriting everything from scratch every fucking time like C developers love to do (how many "growing vector" implementations are out there? how mayn of them has been fuzzed!?!).

Having well tested and secure implementations of basic things used everywhere is critical for security - stop writing Vec, HashMap and XML parsers just because it is easier than using existing libraries! Stop vendoring source code as no admin will ever know about it and it may contain critical issues!

# Want to help?

If you don't like Rust for some reason (e.g. because of the hype train that Mozilla crated at some sage) than at leas stop misleading people with false or logically dubious messages.
Ditch proprietary spyware - use Linux, learn Plan 9.
Ditch the Web, Facebook, Twitter, Google and all the other broken spyware - use Gropher, Geminin, Mastodon (I know it is a Web standard but still), XMPP, etc. as much as feasible.

Help projects like Redox and other new OS designs.
And for god sake stop deploying WordPress - this is literary destroying the internet due to being so popular and such a security disaster.
Don't use JS as it lock the Web in Google and enables all the tracking.