Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.vms > #378756

Re: No Country for Old System Administrators

From cross@spitfire.i.gajendra.net (Dan Cross)
Newsgroups comp.os.vms
Subject Re: No Country for Old System Administrators
Date 2026-05-05 21:30 +0000
Organization PANIX Public Access Internet and UNIX, NYC
Message-ID <10tdngr$t21$1@reader1.panix.com> (permalink)
References <10t685f$2ilti$1@dont-email.me> <10t6quj$2n602$2@dont-email.me> <10tcpk2$e86o$1@dont-email.me>

Show all headers | View raw

In article <10tcpk2$e86o$1@dont-email.me>,
Simon Clubley  <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote:
>On 2026-05-03, Lawrence DÿOliveiro <ldo@nz.invalid> wrote:
>> On Sun, 3 May 2026 11:25:00 +1000, Subcommandante XDelta wrote:
>>
>>> With $1 Cyberattacks on the Rise, Durable Defenses Pay Off Writing
>>> memory-safe code beats patching your way to safety
>>
>> Rust seems to be the language du jour for tackling this problem.
>>
>> Google reported a significant decrease in memory-related bugs after
>> adopting Rust into the Android code base in a major way. Though,
>> oddly, not a decrease in bugs overall ...
>
>Writing secure code is a frame of mind, not merely just using a tool
>and then expecting security magic to "just happen".
>
>Excellent example from the Rust installation web page:
>
>	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
>
>This is from: https://rust-lang.org/tools/install/

I've heard this criticism before, but it's a bad argument.

First, nothing at all is preventing you from downloading
whatever is at that URL and inspecting it yourself, verifying
that its checksum matches a known hash, etc, before running it.

Second, nothing prevents a user from running that command line
in a sandbox, even if they didn't do the first things.

And furthermore, it elides any discussion of threat models; why
would I worry about the rustup.rs side being compromised any
more than I would worry about the compiler binaries themselves
being compromised?  Is this substantially different than
downloading a tarball from somewhere, unpacking it, and running
a contained "./configure" script?

>This is an entire community that gets on its collective high horses about
>how its new language is so superior from a security point of view to
>everything else out there and starts forcing it down our throats.

I don't know that anyone is telling you its more secure; from
what I've seen, people say (correctly) that the design of the
language prevents certain types of errors that are common in
other languages and that often lead to security vulnerabilities.

No one is "forcing it down" your, or anyone else's, throats.

>It then tells us that we can install this new language by just directly
>downloading a shell script from some random website and then directly
>execute it on our own computer without bothering to first check that
>it hasn't been tampered with by someone compromising the website.

I wouldn't call that, "some random website".  It's the official
way to do that.

>Signature checking! Such an old fashioned concept! Can't let reality get
>in the way of a little temporary convenience!

See above.

>The grown up response would have been to insist on the user downloading
>the shell script as a file, verifying the signature before execution,
>and then saying that this is the kind of mindset required in this world.

But also, where do I get the signature in the first place, and
how do I verify that it is correct?  Supposing the checksum is
signed with something like PGP or an equivalent, where do I get
the public key to verify the signature, and how can I be sure
that THAT hasn't been tampered with?  What if I don't have
anyone in _my_ web of trust that verified the key the script was
signed with?  And even if I did, how do I know the key wasn't
compromised?  Some poor release engineer might be a basement
somewhere, RIGHT NOW, getting worked over by goons with a rubber
hose.  Oh my!

On the other hand, I can tell you what the Android Security team
did when they first started exploring Rust: the used `mrustc`,
which is a Rust compiler written in C++, to compile a bootstrap
compiler, using a trusted C++ compiler.

Then they started rolling forward over point versions of the
compiler (mrustc lacked some features to compile the newest),
using the previous to compile the next, until they got to the
then-newest release compiler.  Then they verified that it was
bitwise identical to what they saw coming from the Rust
project.

THAT is what the grownups do.

	- Dan C.

Back to comp.os.vms | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

No Country for Old System Administrators Subcommandante XDelta <vlf@star.enet.dec.com> - 2026-05-03 11:25 +1000
  Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-02 22:08 -0400
    Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-03 06:43 +0000
    Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-04 01:02 +0000
  Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-03 06:45 +0000
    Re: No Country for Old System Administrators bill <bill.gunshannon@gmail.com> - 2026-05-03 08:59 -0400
      Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 11:53 -0400
      Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 12:10 -0400
        Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 13:24 -0400
          Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 19:27 -0400
            Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 20:28 -0400
              Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-04 02:26 +0000
                Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 22:46 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 23:29 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 23:39 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-04 11:17 -0400
        Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-04 02:24 +0000
        Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 13:02 +0000
          Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-05 16:10 -0400
            Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 16:29 -0400
              Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-05 21:59 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 18:43 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-05 23:04 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:13 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:41 -0400
                Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-05 21:47 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 22:17 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-06 04:17 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-06 09:29 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-06 21:20 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 12:55 +0000
                Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-06 12:46 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 17:36 +0000
              New language features Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-06 12:44 +0000
      Safer programming languages Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 12:24 +0000
    Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 13:28 -0400
    Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 12:59 +0000
      Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-05 21:30 +0000
        Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:05 -0400
          Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 17:20 +0000
            Re: No Country for Old System Administrators drb@ihatespam.msu.edu (Dennis Boone) - 2026-05-07 03:04 +0000
              Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-07 12:36 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-07 14:22 +0000
              Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-07 13:00 +0000

csiph-web