Interesting. Do you know of any good, recent benchmarks of Rust? I haven't seen a whole lot. The Benchmarks Game mostly appears to show Rust being closer than that in general, though the Rust benchmarks seem to be kind of crap.
I made sure to make the packets in Tox as easy to parse as possible which greatly lowers the chances of fatal packet parsing bugs being present.
As for the main tool I use to find bugs, it's asan (the clang address sanitizer) which is much more useful than static analysis for finding actual bugs.
Of course the main thing I do to try to prevent bugs is reread the code again and again which is what catches pretty much everything.
It's open source so anyone can run their favourite tool on it,
>Proplex, a long-time member of the Tox-Foundation and in charge of both infrastructure and marketing, called out tox devs because the 2 people in charge (irungentoo and stqism) were dealing with money in a shady way and he got suspicious
We barely get any donations. We barely have money and we are very transparent about it, look at our donations page.
>After he went away and stopped to pay for the website and other servers (he hosted everything)
He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
>Tox devs got angry and tracked his online activity by his browser UA, read his private email sent to his @tox.im address and considered breaking into his VPS account
Yes because I wanted to know if he had done anything weird on the site. We never considered breaking into his account. His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email.
>Members of the Tox Foundation such as stqism try constantly to sneak in copyright changes
I'm a member of the Tox foundation and I don't sneak in copyright changes in my repo. He also didn't try to sneak it in. I never merge pull requests before reading everything first.
>After it got out of hand and too many people called out the Tox Foundation, this happened
Yes and I explained exactly what happened. What is the issue?
>irungentoo enforced censorship on his github repo to try to cover everything up
Because kicking trolls is censorship?
>irungentoo claims Tox is secure just because he uses a secure primitive
Scroll down to my next comment in that thread.
Sorry for my previous comment. This one should be better.
>We barely get any donations. We barely have money
That's relative and your wording is slippery here. What is "barely no money"? $50? $100? In any case, donated money should be dealt with in a better way. Even an ex-member of the foundation (Proplex) had a big issue with this. He actually left because of the shady way you dealt with money and, since then, nothing changed.
>we are very transparent about it, look at our donations page.
That page tell barely nothing and is outdated. What's the money being spent on? Who's the financial manager? As a donator, how can I be sure my money is being spent on Tox and not on personal servers, vacations, etc. by the Tox Foundation leaders? There were rumors about that, and although I don't believe them, this is a serious issue anyway.
>He disappeared one day, didn't warn us or anything and took everything (including backups) with him.
And on the same day you started harassing him, without even listening to his side of the story? And what do you mean with backups? You are saying you or other project members didn't keep local backups? That would be an amateur mistake to make.
>Yes because I wanted to know if he had done anything weird on the site
And the NSA just wants to know if we had done anything weird on their country. /sarcasm
Do you think that justifies spying on him?
>We never considered breaking into his account
But you said the following at #tox-secret on January 14th: "urras, if you want to forcefully gain access to his digital ocean account I can reset his pass" SOURCE: https://archive.today/Y6LEw (line 45)
>His tox.im mail was never remade on the new tox.im mail server so all emails sent to it ended up in our catch all email
As soon as he left the project you should have deleted his @tox.im email account or at least temporarily disabled it. It's unethical to keep receiving (and reading) emails that were meant to someone else.
>Because kicking trolls is censorship?
Tell me, how is this a troll? http://i.imgur.com/HNFtcOG.png Keep in mind the title was defaced (and later on the message) by irungentoo.
As soon as dfortner raised up those questions, you locked the issue, edited his messages to say garbage, hurting his image, and banned him from the repository so he couldn't raise the issue again.
>Sorry for my previous comment. This one should be better.
This one isn't a blatant rant without content like the other one, it's just some damage control. I honestly don't know what is worse, but I guess you are right on saying this is a little better.
First of all the choice of C is because it was the language I was the most confidant writing secure code in. I'm not going to learn a new language and then right away start try to write secure code with it.
Clang has some great tools I use like the various sanitizers. Static analysis sucks and almost never finds any real issues but we still use it.
If you think toxcore should use protocol buffers, feel free to port it. This is an open source project and contributions are welcome. If you do a better job than me then I will merge your contribution. We are at #tox-dev on freenode.
You are just some troll trying to kill our project with fabrications and lies. You twist the truth to fit your own agenda.
The guy in question tried to damage the project on his way out so yes I grepped our server logs for his ips because I wanted to know if he had tried anything weird.
This guy posting this comment here is someone who decided to start this war against the project after I refused to kick someone who actually did something from our project. He posts this bullshit everywhere.
It doesn't help that you have zero clue how to answer professionally to actual trolls.
Hint: it involves replying to actual concerns rather than ad hominems. I mean, it's not like GP doesn't have any material on you, there's some pretty shitty stuff going on there.
Our threat model is an attacker that wants to read and record the contents of conversations between everyone, they have the ability to modify/add/remove and log any packets. We assume they do not have any access to the actual machines Tox is running on.
The main goal of Tox is to make it hard for a global threat to conduct mass surveillance on everyone at the same time without sacrificing performance.
If the majority of the people using Tox have "nothing to hide" and use it because it works better than skype, the minority that does need the crypto will be able to use it without being discriminated against.
http://dl.ifip.org/db/conf/aims/aims2009/BocekPHHS09.pdf
seems to be the correct link.