Windows gets Rust(y)!
May. 18th, 2023 10:08 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThis is excellent news. Most of Windows is written in C and C++. Those languages have memory problems. Let's use a simple example. There's a programming construct known as an array, it's sort of an indexed list. Let's say we have an array called MyList(10). It has ten elements to it, what's in them doesn't really matter. What happens when you try to reference element 11?
Usually in the C family of languages, you access the memory 'above' the tenth element and what is returned is undefined: we don't know what it will contain. Maybe it overlaps with the password cache, perhaps it has your banking account number in it.
Now, to be fair to C (personally I hate the C/C++ languages, but I firmly believe in 'to each their own'), later versions have better protection against accessing outside array boundaries and things like that which can cause information to leak.
A while back another programming language came to town, Rust. And it is designed, from the clear page, to have memory protection that will prevent access to element 11 and other buffer/memory issues. Which means that code, properly developed! (always a big problem), will theoretically be safer/more secure than C family languages.
Microsoft is now rewriting some subsystems in the Windows operating system into Rust!!!
This is excellent news. The ability to improve security is always a good thing, and this is the first step in doing it. You simply cannot rewrite the entirety of Windows in Rust in one swell foop, but you can rewrite portions of it - letting you see how it works - and progressively get the whole thing redone eventually!
This is now in an Insider edition of Windows 11, meaning it will eventually see the light of day to all users, and should be completely transparent.
In other Rust news, Linux has started rewriting SUDO into Rust. Sudo is a program that lets an account that does not have administrative permission run admin commands if they have the password for it. A fundamental rule of network security, and computer security in general, is to NEVER let your users run their local machines as administrator! Aside from the fact that it gives them far too much control to utterly screw their machine over - and I've seen it! - if your account with admin permissions gets taken over by malware, that's a leverage point to get into the entire network and subvert it!
Speaking as a system administrator, we see far too many programs that won't work if the user is not an administrator on the machine. The normal vendor solution? Make the user an admin. Usually this is caused by the bad coding practice of the developers having admin access on their computers, which really ticks me off. If a software package only runs as administrator, then it's badly written. We can usually develop some selective permissions to make such software work without giving the user admin, but it's always a PITB.
https://www.thurrott.com/windows/windows-11/282995/first-rust-code-shows-up-in-the-windows-11-kernel
Usually in the C family of languages, you access the memory 'above' the tenth element and what is returned is undefined: we don't know what it will contain. Maybe it overlaps with the password cache, perhaps it has your banking account number in it.
Now, to be fair to C (personally I hate the C/C++ languages, but I firmly believe in 'to each their own'), later versions have better protection against accessing outside array boundaries and things like that which can cause information to leak.
A while back another programming language came to town, Rust. And it is designed, from the clear page, to have memory protection that will prevent access to element 11 and other buffer/memory issues. Which means that code, properly developed! (always a big problem), will theoretically be safer/more secure than C family languages.
Microsoft is now rewriting some subsystems in the Windows operating system into Rust!!!
This is excellent news. The ability to improve security is always a good thing, and this is the first step in doing it. You simply cannot rewrite the entirety of Windows in Rust in one swell foop, but you can rewrite portions of it - letting you see how it works - and progressively get the whole thing redone eventually!
This is now in an Insider edition of Windows 11, meaning it will eventually see the light of day to all users, and should be completely transparent.
In other Rust news, Linux has started rewriting SUDO into Rust. Sudo is a program that lets an account that does not have administrative permission run admin commands if they have the password for it. A fundamental rule of network security, and computer security in general, is to NEVER let your users run their local machines as administrator! Aside from the fact that it gives them far too much control to utterly screw their machine over - and I've seen it! - if your account with admin permissions gets taken over by malware, that's a leverage point to get into the entire network and subvert it!
Speaking as a system administrator, we see far too many programs that won't work if the user is not an administrator on the machine. The normal vendor solution? Make the user an admin. Usually this is caused by the bad coding practice of the developers having admin access on their computers, which really ticks me off. If a software package only runs as administrator, then it's badly written. We can usually develop some selective permissions to make such software work without giving the user admin, but it's always a PITB.
https://www.thurrott.com/windows/windows-11/282995/first-rust-code-shows-up-in-the-windows-11-kernel
no subject
Date: 2023-05-19 11:46 pm (UTC)lol...........
Hugs, Jon
no subject
Date: 2023-05-20 05:20 pm (UTC)And, of course, most Windows machines work with the first account being the administrator account, and there's never a second account that gets created, while with Linux, they do a better job of separating powers and controlling the power and who gets access to act as the super user when needed.
If only we had software that could do all of its tasks without requiring administrative access to it. (On the flip side, if we only had administrators who are willing to admit when we might have a point and they should change their software image so that we can do our jobs better instead of having to rely solely on cloud-based services because we can't get anything good locally.)
no subject
Date: 2023-05-20 07:39 pm (UTC)I like Mac's implementation of admin privileges. I have an admin account on my systems, but I run as a non-privileged user and it works quite well for me. Quite similar to the Linux implementation.
no subject
Date: 2023-05-20 08:22 pm (UTC)