Stream: wg-secure-code

Topic: Security as 2019 goal


Shnatsel (Dec 06 2018 at 22:38, on Zulip):

A call for roadmap blogposts is now open: https://blog.rust-lang.org/2018/12/06/call-for-rust-2019-roadmap-blogposts.html
I believe security is important enough and neglected enough to qualify as one. I'm okay at presenting ideas (see https://medium.com/@shnatsel), I guess I could write one if we have a clear list of problems we want to be addressed. So let's brainstorm one!

Shnatsel (Dec 06 2018 at 22:38, on Zulip):

The ones I'm aware of are:

Shnatsel (Dec 06 2018 at 22:40, on Zulip):
Joshua Liebow-Feeser (Dec 07 2018 at 03:31, on Zulip):

I like this idea! We could even potentially publish the post under the aegis of this WG, which would help spread awareness about its existence.

Joshua Liebow-Feeser (Dec 07 2018 at 03:32, on Zulip):

Re: propagation of security updates: I think perhaps the way to sell this is that programmers shouldn't have to think about whether their dependencies have vulnerabilities - the tooling should just automatically notice when crate versions have been marked vulnerable, and should take appropriate action. It's spiritually related to the idea that programmers shouldn't have to worry about memory safety; it should just be handled by the language.

Shnatsel (Dec 07 2018 at 20:50, on Zulip):

Oh yeah, publishing it on behalf of the WG would be neat. This is probably a good occasion to make a WG blog ;)

Shnatsel (Dec 16 2018 at 23:03, on Zulip):

I'm also thinking of specifically excluding the "protect against malicious dependencies" as a 2019 goal. Rationale: it is an unsolved problem in general, even in very sandbox-friendly languages such as JavaScript, and it is not realistic to invent, thoroughly test and commit to indefinite support of a solution to it in just one year.

snf (Dec 20 2018 at 01:01, on Zulip):

Nice, I'm writing a Rust 2019 for security and came here to check if anyone else was writing one too

Tony Arcieri (Dec 20 2018 at 01:45, on Zulip):

I have a WIP one about crate/package security :wink:

Tony Arcieri (Dec 20 2018 at 01:46, on Zulip):

so far it's mostly a survey of what has and hasn't worked for other languages, and things that might help Rust

Shnatsel (Dec 21 2018 at 18:44, on Zulip):

I'm in the exactly right state of mind to write about how everything is broken and needs fixing ASAP, so I'll probably start drafting it in an hour or so

Tony Arcieri (Dec 21 2018 at 19:16, on Zulip):

it is an unsolved problem in general, even in very sandbox-friendly languages such as JavaScript

There are some pretty nice solutions in the JS ecosystem... namely SES

Tony Arcieri (Dec 21 2018 at 19:16, on Zulip):

would've been nice if Node would've found a more secure way to undo the JS sandbox. alas

Tony Arcieri (Dec 21 2018 at 19:18, on Zulip):

Rust has unsafe to lean on as a core modeling dimension for that sort of thing, which IMO makes it unique

Tony Arcieri (Dec 21 2018 at 19:22, on Zulip):

there have also been some interesting research projects about that sort of thing in the JS ecosystem which may be applicable to Rust

Tony Arcieri (Dec 21 2018 at 19:23, on Zulip):

I'll be covering this in my post, but here's one of them: https://www.cs.umd.edu/~aseem/tsstar-tr.pdf

Tony Arcieri (Dec 21 2018 at 19:24, on Zulip):

that does a sort of static taint analysis on data coming from "untrusted" parts of the code, and models it in the form of an un type

Tony Arcieri (Dec 21 2018 at 19:24, on Zulip):

I think it's more or less like what @briansmith is trying to do with the untrusted crate (well, parsing bits aside), just as a first-class part of the type system

Tony Arcieri (Dec 21 2018 at 19:25, on Zulip):

un, the type of the adversary, mediated by wrappers

Tony Arcieri (Dec 21 2018 at 19:25, on Zulip):

heh

Shnatsel (Dec 21 2018 at 19:30, on Zulip):

I always wanted to know if untrusted is suitable for parsing such formats as PNG or JPEG. Because it sure sounds nice, but according to the docs it's only applicable to a limited number of formats and I'm not sure if stuff like JPEG and PNG satisfies those constraints or not.

briansmith (Dec 21 2018 at 19:55, on Zulip):

First, I am planning to remove untrusted from the public API of both ring and webpki because people aren't using it the way I hoped they would.

briansmith (Dec 21 2018 at 20:02, on Zulip):

Second, I wouldn't use untrusted for the image parts of PNG and JPEG. It might work OK for the metadata. It is intended to handle variable-length data (in particular, vraiable-length headers), especially in tag-length-value formats like TLS, ASN.1, etc. that are inherently context-sensitive and security-critical. In particular, untrusted tries to force you to make your code very explicit about what parts of the input are being ignored, which is useful for these things but annoying for other things.

Tony Arcieri (Dec 21 2018 at 20:12, on Zulip):

@briansmith wdyt about the information you wanted untrusted to carry as part of the public API of ring and webpki being part of the type system?

Tony Arcieri (Dec 21 2018 at 20:12, on Zulip):

hypothetically (with a similar feature to something like ^^^ paper)

briansmith (Dec 21 2018 at 20:13, on Zulip):

The problem using untrusted to indicate potentially-malicious data, and unsafe to indicate potentially-unsafe code, is that they over-simplify more nuanced notions.

Tony Arcieri (Dec 21 2018 at 20:15, on Zulip):

yeah I wouldn't use unsafe for anything that didn't deal specifically with things like memory safety / data race safety

briansmith (Dec 21 2018 at 20:17, on Zulip):

I would have to see a concrete proposal specifically for Rust to say whether I like I don't like it, but practically I doubt there is any hope of such enhancements to the type system in the next couple of years.

Tony Arcieri (Dec 21 2018 at 20:18, on Zulip):

yeah that paper is built on the F* type system... which is fancier than Rusts's will probably ever be

Shnatsel (Dec 22 2018 at 19:59, on Zulip):

Okay, I have a rough outline of the the post about security as Rust goal in 2019: https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39
If you have a Medium account you can comment there. I'm not sure if you can edit, probably not.

Shnatsel (Dec 22 2018 at 20:00, on Zulip):

It didn't occur to me to put it in Google Docs or Etherpad, so if you want to make edits just copy the text to Google Docs and post the link, we'll continue there

Shnatsel (Dec 22 2018 at 20:02, on Zulip):

Since this may go out as a secure code WG post, not just my post, I want to make sure that everyone's on board with the direction, structure, etc. Also if you're against it being an official WG comm please speak up.

Tony Arcieri (Dec 24 2018 at 16:59, on Zulip):

an official WG post sounds good

Shnatsel (Dec 25 2018 at 04:30, on Zulip):

I now consider the "Security updates" section in the draft complete. Please tear it to shreds, lest I publish that part it as-is.

Zach Reizner (Dec 25 2018 at 06:55, on Zulip):

I'm unclear on if you're referring to just one section of that draft, or the entire draft. Which part will you publish first?

Zach Reizner (Dec 25 2018 at 06:55, on Zulip):

In any case, the Security Updates seems good.

Shnatsel (Dec 25 2018 at 12:43, on Zulip):

Just one section. I'll post the entire article once it's done

Shnatsel (Dec 25 2018 at 17:12, on Zulip):

The "Verification of standard library" part is complete, but I'm not 100% confident it's good. So give it a read at your leisure and let me know what can be improved. link

brycx (Dec 25 2018 at 17:42, on Zulip):

I read the article and found no issues with it, actually found it to be very well-written and everything made good sense. FWIW, I know it's a draft, some aesthetical issues:

Zach Reizner (Dec 25 2018 at 18:14, on Zulip):

Agreed with the above

Shnatsel (Dec 25 2018 at 19:17, on Zulip):

Thanks. I've replaced "What if if they are not deploying via cargo install? What if it's a library linked into another language?" with "What if the code is non-trivially deployed, like shared library linked into another language?"
Links work for me. Either way that's a Medium styling issue, I have no control over it.

Shnatsel (Dec 25 2018 at 19:18, on Zulip):

I'm considering breaking up the wall of text in "Verification of standard library" section by making static analysis, fuzzing and formal verification into list items

Shnatsel (Dec 25 2018 at 19:39, on Zulip):

Okay, it is a list now.

Shnatsel (Dec 25 2018 at 19:41, on Zulip):

Also I completely forgot to mention RustBelt and nobody corrected me :laughing:

Shnatsel (Dec 25 2018 at 21:01, on Zulip):

I ended up adding a "Code authentication and trust" section at the end talking about the general trust problem not being feasible in 2019 but something like TUF being needed.

brycx (Dec 25 2018 at 21:38, on Zulip):

Found no issues with "Code authentication and trust" either, except for maybe add "out" after "called" in "something that security researchers have called years ago.".

Shnatsel (Dec 25 2018 at 21:43, on Zulip):

What I tried to convey is that security researchers have been saying that it's a problem for years, but only recently we've disovered an actual attack in practice. I'm having trouble conveying that succinctly.

Shnatsel (Dec 25 2018 at 21:43, on Zulip):

And yeah, good point, thanks

brycx (Dec 25 2018 at 23:14, on Zulip):

No problem. If you aim for succinct, you could also write: "The recent event-stream node.js incident brought attention to a problem, pointed out by security researchers long ago: trusting third-party code." In any case, I think the point is conveyed just fine.

Shnatsel (Dec 27 2018 at 21:33, on Zulip):

Just a heads-up: I'm taking a break from everything programming-related until at least the 2nd of January, which includes WG logo design and the security as 2019 goal blog post. Feel free to complete and post the article without waiting on me. Otherwise I'll try to finish it after I return.

Shnatsel (Dec 27 2018 at 21:33, on Zulip):

ferrii.tar.gz < SVGs for logo designs I've posted so far, just in case

Shnatsel (Jan 03 2019 at 19:25, on Zulip):

There are so many Rust-related security advancements now that I have to go back and rewrite parts of the article for the second time now. First Angora got released, now this: https://www.research-collection.ethz.ch/handle/20.500.11850/311092
@RalfJ Any thoughts on this paper? This seems to be right up your alley.

RalfJ (Jan 04 2019 at 10:57, on Zulip):

yeah I talked a bit with the authors

RalfJ (Jan 04 2019 at 10:58, on Zulip):

it's pretty cool stuff IMO. still very limited right now, doesnt support complex types involving references. but still, I like where it is going.

Shnatsel (Jan 04 2019 at 20:31, on Zulip):

@Joshua Liebow-Feeser may I ask you to write the intro and outro for the security as 2019 goal post? I feel pretty much lost as to how to write those.
Also, we should probably start considering where we're going to put this. Do we want a WG publication on Medium or a static blog or something else?

Shnatsel (Jan 04 2019 at 20:33, on Zulip):

The good news is that I have just one technical paragraph to flesh out, "Use of unsafe code", the others are pretty much done

Zach Reizner (Jan 04 2019 at 21:11, on Zulip):

I would rather a static blog. I dislike seeing the (medium.com) tag on hacker news because it masks the true author/blog.

Gerardo Di Giacomo (Jan 05 2019 at 00:11, on Zulip):

does ghost.org have the same "feature" ? nvm I see that ghost hosted is not free.

Shnatsel (Jan 05 2019 at 02:20, on Zulip):

It is open-source though, so we could probably host our own instance. Spoiler alert: I'm not going to bother, I have two websites on my hand already and I know all too well that it's a dead end.

Shnatsel (Jan 05 2019 at 04:10, on Zulip):

Okay, I think everything except the intro and outro is written, I just have a couple of TODOs left, so the draft is now ready for nitpicking: https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39

Shnatsel (Jan 07 2019 at 21:10, on Zulip):

I've written an intro but I'm not 100% happy with it. I'd appreciate if someone could take a look and suggest improvements. For reference, the goals are copy-pasted from https://github.com/rust-secure-code/wg
I still have to write the conclusion and do some minor revisions to the technical sections. I will probably extract work items from the post and turn them into issues on the WG bug tracker.

Joshua Liebow-Feeser (Jan 08 2019 at 00:09, on Zulip):

Sorry for the late reply, but yeah, I'd be happy to write an intro/outro.

Joshua Liebow-Feeser (Jan 08 2019 at 00:09, on Zulip):

Still have to read the post though lol; I've been away for the past few weeks and just got back to the real world today.

Joshua Liebow-Feeser (Jan 08 2019 at 00:09, on Zulip):

When are you hoping to publish this?

Shnatsel (Jan 08 2019 at 00:21, on Zulip):

Before the deadline of Jan 15th :laughing:

Joshua Liebow-Feeser (Jan 08 2019 at 00:21, on Zulip):

Ah lol OK

Joshua Liebow-Feeser (Jan 08 2019 at 00:21, on Zulip):

I'll take a look in a few hours after work.

Shnatsel (Jan 08 2019 at 00:22, on Zulip):

I'm writing an outro right now; I'll sketch something, you're welcome to rewrite the entire thing from the ground up if you wish

Joshua Liebow-Feeser (Jan 08 2019 at 00:22, on Zulip):

OK sounds good!

Shnatsel (Jan 08 2019 at 00:27, on Zulip):

I'm also filing some work items from the post as GitHub issues on the WG repo right now

Shnatsel (Jan 08 2019 at 00:28, on Zulip):

you can make a "2019 goal" label for those later if you think it's a good idea

nikomatsakis (Jan 09 2019 at 22:31, on Zulip):

There are so many Rust-related security advancements now that I have to go back and rewrite parts of the article for the second time now. First Angora got released, now this: https://www.research-collection.ethz.ch/handle/20.500.11850/311092

btw @Shnatsel one of the authors (@Vytautas Astrauskas) is also active-ish on Zulip

snf (Jan 10 2019 at 00:22, on Zulip):

hey guys, I'm publishing mine but I'd like to know if you find any inaccuracy or have feedback: https://github.com/snf/snf.github.com/blob/rust_2019/_posts/2019-01-10-rust-2019-security.md

blitzerr (Jan 10 2019 at 01:48, on Zulip):

@snf This is great.

Vytautas Astrauskas (Jan 10 2019 at 09:43, on Zulip):

In the draft:

Tools based on theory of abstract interpretation do not work with Rust yet, but can be easily adapted — e.g. IKOS ingests LLVM IR and is not really tied to any specific language.

A tool based on abstract interpretation is work in progress with focus on taint analysis: https://github.com/facebookexperimental/MIRAI/.

Vytautas Astrauskas (Jan 10 2019 at 09:44, on Zulip):

@Shnatsel ^^

Shnatsel (Jan 10 2019 at 19:48, on Zulip):

The community has already learned that Rewrite it in Rust doesn't scale and it's a dangerous meme.

Really? I am not aware of that. In fact, I'd still push for RIIR for all existing base infrastructure, from libpng to OpenSSL. Which in some cases already happening (png and jpeg crates, lewton, rustls...). The rsvg way is still better though!

But I'm nitpicking, an interesting post overall, thanks for writing it

Shnatsel (Jan 10 2019 at 19:49, on Zulip):

And thanks for the pointer about MIRAI, I'll be sure to mention it

snf (Jan 10 2019 at 21:39, on Zulip):

Thanks @Shnatsel , I think we are referring to two different things about RIIR. libpng is not changing much so a rewrite makes sense and is not a huge effort if someone decide to make it happen. Now take Xen or KVM and it's a completely different story, it moves fast and the best way to introduce Rust in there is starting with new components or parts that are going to be rewritten anyway but RIIR is (pretty sure) off the table. In this cases I like the Servo->Firefox way

Shnatsel (Jan 10 2019 at 21:41, on Zulip):

Then I guess it's better to say "Gradually integrating Rust is a better option for fast-moving projects than a rewrite" than "RIIR is a dangerous meme" and leave it at that

snf (Jan 10 2019 at 21:42, on Zulip):

The community has already learned that Rewrite it in Rust doesn’t scale and it’s a dangerous meme.
On the other hand, one of the things that I learned is that gradually replacing C/C++ with Rust code works quite well. The same happens with encapsulating C code with safe Rust abstractions.

snf (Jan 10 2019 at 21:46, on Zulip):

But you are right, if it sounds like that I'm not explaining myself correctly. I think we both agree about the idea of RIIR

Shnatsel (Jan 12 2019 at 14:06, on Zulip):

We have thee days left to complete and publish our "Security as Rust 2019 goal" post. The current draft is here: https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39
Remaining work items:
- Improve the introduction (?)
- Write a conclusion
- Get feedback on the draft to make sure everyone is on board with it, since it's going out as an official WG comm
- Mention sanitizers and MIRI in there somewhere
- Extract work items from the post and put them in github issues on the WG repo. Bonus points for actually putting actionable work items on the issues.

Shnatsel (Jan 12 2019 at 14:08, on Zulip):

Oh and maybe make a WG blog, but I can publish it on my blog as well if needed

Shnatsel (Jan 12 2019 at 14:12, on Zulip):

Related post from RalphJ: https://www.ralfj.de/blog/2019/01/12/rust-2019.html

Tony Arcieri (Jan 12 2019 at 16:24, on Zulip):

I'd help but I'm trying to finish up my own post, which in as much as it's prescriptive doesn't have any "don't"s... slightly different tone, and also a bit of a brain dump

Shnatsel (Jan 12 2019 at 18:08, on Zulip):

@Tony Arcieri if you disagree with the post I've drafted let me know and I'll either change it or publish it as a personal article

Tony Arcieri (Jan 12 2019 at 18:17, on Zulip):

if there's a disagreement, it's my own propensity to tilt at windmills, and my post will cover that

Tony Arcieri (Jan 12 2019 at 18:18, on Zulip):

i.e. "stuff I'm willing to work on I don't expect others to, or even agree is a good idea" :stuck_out_tongue_wink:

Shnatsel (Jan 13 2019 at 20:48, on Zulip):

We have one day left until the blog post deadline. If nobody intervenes, I'm writing a conclusion as best I can and post it on my personal blog.

Shnatsel (Jan 14 2019 at 01:52, on Zulip):

@Corey Farwell could you add me to rust-secure-code on Github so I could tag 2019 goals on the bug tracker?

Corey Farwell (Jan 14 2019 at 03:12, on Zulip):

only @Joshua Liebow-Feeser has the permissions to invite to the org AFAIK

Shnatsel (Jan 14 2019 at 19:49, on Zulip):

@Joshua Liebow-Feeser heed my call.
@Joshua Liebow-Feeser I summon thee.
@Joshua Liebow-Feeser bless us with your presence.

This be my first wish: add me to rust-secure-code org on github.
This be my second wish: confirm that you're not writing the conclusion to the 2019 goals post.
This be my third wish: revocation of N-meta-rules about wishes.

Joshua Liebow-Feeser (Jan 14 2019 at 19:51, on Zulip):

Gack sorry folks. This weekend has been crazy so I've been ignoring Zulip.

Shnatsel (Jan 14 2019 at 19:51, on Zulip):

Praised be @Joshua Liebow-Feeser! Our prayers have been answered!

Shnatsel (Jan 14 2019 at 19:52, on Zulip):

But for real now, totally understandable, don't sweat it. It's just this inconvenient deadline on 2019 goals posts is kind of looming.

Joshua Liebow-Feeser (Jan 14 2019 at 19:52, on Zulip):

OK I've invited you to the org.

Joshua Liebow-Feeser (Jan 14 2019 at 19:53, on Zulip):

Also yes, confirmed that you shouldn't rely on me to write the conclusion. I will try to provide feedback if I can, but I am definitely going to be unreliable over the next few days :)

Shnatsel (Jan 14 2019 at 19:53, on Zulip):

I'm looking to complete and publish this sometime in the next 6 hours

Joshua Liebow-Feeser (Jan 14 2019 at 19:53, on Zulip):

Thank you so much to everybody who's put in work on this post, btw!

Joshua Liebow-Feeser (Jan 14 2019 at 19:54, on Zulip):

Ah OK

Shnatsel (Jan 14 2019 at 19:54, on Zulip):

Probably going on my blog because we don't have WG blog yet. I mean I could go ahead and set up a WG medium and select my submission for the logo while I'm at it but... eh. That feels narcissistic.

Shnatsel (Jan 14 2019 at 19:55, on Zulip):

Instead I'm going to move the work items from the post to the WG issue tracker and tag them as 2019 goals. If I overdo it, comment in there and we'll close the superfluous ones.

Joshua Liebow-Feeser (Jan 14 2019 at 19:57, on Zulip):

Yeah I think just putting it on your blog and marking it as the Secure Code WG post is fine.

Shnatsel (Jan 14 2019 at 20:00, on Zulip):

Okay, I think I'm all set then. Thanks!

Shnatsel (Jan 14 2019 at 21:32, on Zulip):

It has just hit me. The deadline is for submissions to the core Rust teams. The submissions are private. We can share the info with the core teams before we go for the full press release!

Joshua Liebow-Feeser (Jan 14 2019 at 21:32, on Zulip):

Oh that's awesome! So we can give them a draft and spend time polishing before we publish?

Shnatsel (Jan 14 2019 at 21:53, on Zulip):

Oh my god this is so precious! https://flic.kr/p/656T74
And it's under Creative Commons Attribution! I think we have a cover image

Shnatsel (Jan 14 2019 at 22:20, on Zulip):

I have no clue whom community@rust-lang.org actually emails, but that's the email they we're asked to submit roadmap posts to

Shnatsel (Jan 14 2019 at 22:50, on Zulip):

Okay, that's community team, not a very public mailing list, so I've submitted the draft as it is right now.

blitzerr (Jan 14 2019 at 23:24, on Zulip):

@Shnatsel , do you also plan to post it here ?

Shnatsel (Jan 14 2019 at 23:29, on Zulip):

Frankly I did not intend to. I thought Reddit would be enough, and I prefer to have all the discussion in one place. Maybe link from internals to reddit? Dunno. I certainly wouldn't stop anyone from cross-posting it, though!

Shnatsel (Jan 14 2019 at 23:32, on Zulip):

Okay, so. Current draft: https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39
Publication blockers:
1. Write a proper conclusion. I suddenly cannot into writing.
2. Find a place to put https://flic.kr/p/656T74 so that it doesn't detract from the content of the article, or give up on the idea. Probably should go to the conclusion, actually.
3. Give the article a read and see what action items I forgot to put on the WG bug tracker
Nice to haves:
1. Polish up the intro or decide it's good enough
2. Break down issues on WG repo into actionable work items

Tony Arcieri (Jan 16 2019 at 19:53, on Zulip):

I can tweet it

Tony Arcieri (Jan 16 2019 at 19:53, on Zulip):

finally something to tweet about :smiley:

Tony Arcieri (Jan 16 2019 at 19:53, on Zulip):

(with @rustsecurecode)

Shnatsel (Jan 16 2019 at 19:53, on Zulip):

Nice. We just have to finish it first though XD

Tony Arcieri (Jan 16 2019 at 19:53, on Zulip):

it has 98 followers and 1 tweet

Tony Arcieri (Jan 16 2019 at 19:53, on Zulip):

haha, ditto for my personal post :weary:

Shnatsel (Jan 16 2019 at 19:54, on Zulip):

I have about that much on Medium for 3 long-form articles, so I think that's a good number

Tony Arcieri (Jan 16 2019 at 19:54, on Zulip):

yeah this thing is a monster and I've already deleted at least half of what I've written

Shnatsel (Jan 16 2019 at 19:54, on Zulip):

I think I've just read your personal post? Did I time-travel?

Tony Arcieri (Jan 16 2019 at 19:54, on Zulip):

haha I need to note it's WIP

Shnatsel (Jan 16 2019 at 19:55, on Zulip):

https://www.reddit.com/r/rust/comments/agk3sx/ this links to your post right?

Tony Arcieri (Jan 16 2019 at 19:56, on Zulip):

yes. lol great it's already on reddit

Shnatsel (Jan 16 2019 at 19:56, on Zulip):

since 8 hours ago

Shnatsel (Jan 16 2019 at 19:57, on Zulip):

So you're still writing yours? And there I thought I'd ask you to complete the WG post, since you're clearly pretty good at this and I suddenly cannot into words

Tony Arcieri (Jan 16 2019 at 19:57, on Zulip):

haha

Tony Arcieri (Jan 16 2019 at 19:57, on Zulip):

yeah I wanted to write about crate security

Tony Arcieri (Jan 16 2019 at 19:57, on Zulip):

and also rustsec

Tony Arcieri (Jan 16 2019 at 19:58, on Zulip):

I added a WIP note at the top

Shnatsel (Jan 16 2019 at 19:58, on Zulip):

Here's a hotfix: write the conclusion for the WG post and just link to it, since we already have extensive description of that

Tony Arcieri (Jan 16 2019 at 19:58, on Zulip):

haha sure

Tony Arcieri (Jan 16 2019 at 19:58, on Zulip):

let me finish my post first :wink:

Shnatsel (Jan 16 2019 at 20:04, on Zulip):

I am somewhat surprised that the WG post draft is still not on Reddit

Tony Arcieri (Jan 16 2019 at 20:04, on Zulip):

hahaha

Gerardo Di Giacomo (Jan 17 2019 at 00:37, on Zulip):

I am somewhat surprised that the WG post draft is still not on Reddit

when will it be officially published?

nikomatsakis (Jan 17 2019 at 14:03, on Zulip):

did this make it to https://readrust.net/rust-2019/ ?

nikomatsakis (Jan 17 2019 at 14:03, on Zulip):

I've been using that as my go to list of "all the posts"

nikomatsakis (Jan 17 2019 at 14:04, on Zulip):

I didn't see it there though, maybe i'm searching for the wrong thing (there is a post by @Tony Arcieri)

Tony Arcieri (Jan 17 2019 at 15:58, on Zulip):

doesn't look like @Shnatsel posted it yet. mine is separate

Shnatsel (Jan 17 2019 at 18:18, on Zulip):

Not yet. We still need someone to write a satisfying conclusion. My ability to put thoughts into words broke down at the most inopportune moment, when deadlines were looming and other active participants were busy.

Shnatsel (Jan 17 2019 at 18:18, on Zulip):

As soon as we add those two damn paragraphs it will go live

Tony Arcieri (Jan 17 2019 at 18:22, on Zulip):

I'm still finishing mine as well, but I can take a shot at a conclusion to the WG post after that

Tony Arcieri (Jan 17 2019 at 18:43, on Zulip):

I opened an issue about reproducible build tooling which I think would make a good 2019 goal. we already have an awful lot though, so I'm curious what other people think https://github.com/rust-secure-code/wg/issues/28

Tony Arcieri (Jan 17 2019 at 18:48, on Zulip):

I should ping the Signal / OWS people I know about this. I believe they've done a bunch of work on it

Shnatsel (Jan 17 2019 at 18:50, on Zulip):

OWS uses Rust?

Shnatsel (Jan 17 2019 at 18:53, on Zulip):

For all the talk about reproducible builds and the work towards them, I've never seen anyone actually use reproducible builds in any meaningful way. Because of that I'm hesitant about taking them on as a 2019 goal. Sure, they're nice to have, but we have much bigger fish to fry

Shnatsel (Jan 17 2019 at 20:07, on Zulip):

Can anyone suggest a good crate providing safe abstractions that stdlib lacks? I hear byteorder is pretty good but I'm not sure how to even do that unsafely

Shnatsel (Jan 17 2019 at 20:30, on Zulip):

FINAL DRAFT
https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39
Please read and see if you disagree with anything or if I've missed something obvious.
There is one TODO remaining: highlight a good crate providing a safe abstraction for some common functionality. If we can't name one I'll just drop that item. nevermind, I've picked byteorder

Shnatsel (Jan 17 2019 at 20:36, on Zulip):

If there are no objections or corrections, this will go live AS IS in 14 hours from now

Shnatsel (Jan 17 2019 at 20:36, on Zulip):

@Gerardo Di Giacomo :point_of_information: that should answer your question

Gerardo Di Giacomo (Jan 17 2019 at 20:52, on Zulip):

thanks for the work @Shnatsel I hope I'll be able to contribute

Shnatsel (Jan 17 2019 at 20:58, on Zulip):

We're still missing actionable work items for many broad goals on the bug tracker. So if you're looking for something easy and important to do, you've just found it.

Shnatsel (Jan 17 2019 at 21:12, on Zulip):

Oh by Aiheu, Rust 1.32 has just dropped and made byteorder crate kinda obsolete. I have just updated the post again. A good problem to have though.

briansmith (Jan 18 2019 at 01:50, on Zulip):

@Shnatsel IMO the API that Rust 1.32 exposes for those conversions is far from Ideal, as the endianness of the data isn't reflected in the types. I wish we'd standardized something like https://github.com/briansmith/ring/blob/master/src/endian.rs. Maybe we can still do so.

briansmith (Jan 18 2019 at 01:53, on Zulip):

I actually went to update that code today to take advantage of the new stuff in 1.32 and found that 1.32 doesn't actually make anything better.

Tony Arcieri (Jan 18 2019 at 05:59, on Zulip):

haha I read what @Shnatsel said and went to check on a particular little thing that I find particularly painful

Tony Arcieri (Jan 18 2019 at 05:59, on Zulip):

which I presently solve with byteorder

Tony Arcieri (Jan 18 2019 at 05:59, on Zulip):

and... nope

Tony Arcieri (Jan 18 2019 at 06:05, on Zulip):

so right now with byteorder I do it with the I/O operations, but uhh, what I'd really like is more general than that

Tony Arcieri (Jan 18 2019 at 06:05, on Zulip):

(the I/O operations are what I was alluding to earlier)

Tony Arcieri (Jan 18 2019 at 06:06, on Zulip):

but I'd also prefer something that's #![no_std] friendly but accomplishes the same thing

Tony Arcieri (Jan 18 2019 at 06:07, on Zulip):

something like...

(EDIT: lol as I write this it is clearly not the correct abstraction but I'll try anyway so you can all revel in the horror and think of something better)

Tony Arcieri (Jan 18 2019 at 06:08, on Zulip):

let's see if @briansmith has a better solution first

Tony Arcieri (Jan 18 2019 at 06:09, on Zulip):

hmm doesn't look like it guess I'll post my horrible half-baked thing

Tony Arcieri (Jan 18 2019 at 06:10, on Zulip):
impl Iterator<Item = u8> {
    pub try_take_u128_le(self) -> Option<u128> {
        [...]
    }

    [... and so on ...]
}
Tony Arcieri (Jan 18 2019 at 06:11, on Zulip):

ok maybe not that bad

Tony Arcieri (Jan 18 2019 at 06:13, on Zulip):

perhaps that should return a Take<u128>?

Tony Arcieri (Jan 18 2019 at 06:13, on Zulip):

ok round two I guess:

impl Iterator<Item = u8> {
    pub take_u128_le(self) -> Take<u128> {
        [...]
    }

    [... and so on ...]
}
Shnatsel (Jan 18 2019 at 18:22, on Zulip):

Okay, nobody objected, so it is now live: https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39

Shnatsel (Jan 18 2019 at 18:29, on Zulip):

Reddit thread: https://www.reddit.com/r/rust/comments/ahdc9e/

Shnatsel (Jan 18 2019 at 18:29, on Zulip):

Maybe I should get around to requesting a lobste.rs account

Tony Arcieri (Jan 18 2019 at 18:54, on Zulip):

nice! I'll tweet it

Tony Arcieri (Jan 18 2019 at 18:59, on Zulip):

https://twitter.com/rustsecurecode/status/1086337299393110016

Gerardo Di Giacomo (Jan 18 2019 at 19:09, on Zulip):

I tweeted it too but I'm not as famous as @Tony Arcieri :D

Shnatsel (Jan 18 2019 at 20:40, on Zulip):

it's kinda obscure on reddit still, so upvotes would be appreciated: https://www.reddit.com/r/rust/comments/ahdc9e/

Shnatsel (Jan 18 2019 at 20:44, on Zulip):

Cross-posted to internals forum too: https://internals.rust-lang.org/t/rust-secure-code-wg-2019-roadmap/9237

Shnatsel (Jan 19 2019 at 00:59, on Zulip):

Eh, it's not really taking off. Maybe I should have invested time in a flashier headline.

Gerardo Di Giacomo (Jan 19 2019 at 01:03, on Zulip):

posted it on hackernews as well https://news.ycombinator.com/item?id=18944569

Shnatsel (Jan 19 2019 at 11:54, on Zulip):

Just 1250 views in one day? I must be losing my touch.

Shnatsel (Jan 20 2019 at 15:59, on Zulip):

Turns out there is a Rust codegen WG, we might want to keep in touch with them on the issue of better compiler optimizations so that people would not resort to unsafe: https://internals.rust-lang.org/t/announcing-the-codegen-working-group/7434?u=shnatsel

Shnatsel (Jan 22 2019 at 02:00, on Zulip):

The article seems to have topped out at 1.6k views and 500 reads. I'll try a catchier headline next time.

Last update: Nov 11 2019 at 21:55UTC