Hacker News new | past | comments | ask | show | jobs | submit login

I think, that does actually work out.

The problem for humanity is not that browsers are written in C++, it's that browsers have lots of security vulnerabilities.

Being written in C++ is not helpful with that, but it's not integral to the problem. It's not impossible to produce C++-code that doesn't have vulnerabilities, it just requires a lot of effort and often years of battle-testing to close all of them.

But Firefox's source code has for the most part had those years of battle-testing. It's probably safer than if you'd completely rewrite it in Rust, at least in the short term.

Where the use of Rust can deflect most vulnerabilities is in new code. And that's what Mixed Reality is. It's gonna need to be in the browser at some point in the near future and it is a big chunk of new code. It also has harsh performance requirements, meaning they'll have to work with parallelism, which is where C++ is particularly error prone.




So we continue to play wack-a-mole with the C++ codebase rather than develop in a language that makes whole classes of exploits impossible?

Firefox is not safe. It’s been routinely exploited by law enforcement and hackers alike.


Trust me, if Mozilla actually had a choice in the matter, they would opt for just having it all in Rust, too.

But there is no choice. Rewriting Firefox from scratch is going to take decades. Firefox has to continue to function in the meantime. They do occasionally replace components with equivalent Rust components from Servo, and that's so far been a great success, but it's still scary as all heck to take a software that millions of people depend on in their daily life and wholesale replacing the CSS engine, URL parser or media decoder in it.

Besides that, it's not like Chrome/Opera, IE/Edge or Safari are bastions of security. Users can't go anywhere that's decisively safer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: