I’m the Never Ending Pie Throwing Robot, aka NEPTR.
Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.
TL;DR I am a nerd.
Zig is designed as a successor to C, no? So i assume it does syntax and things quite similarly. Rust is not a C-like language, so i dont think this a fair comparison at all.
But in the end, learning syntax isnt the hard part of a new language (even if it is annoying sometimes).
All the different tests ive seen comparing Rust and C put compile times in the same ballpark. Even if somehow every test is unrepresentative of real-world compile times, I doubt it is “order[s] of magnitude” worse.
I remember watching someone test the performance of host a HTTP webpage and comparing the performance of Zig, Rust w/ C HTTP library, and Rust native. Rust native easily beat them out and was able to handle like 10s of thousands more client connections. While I know this isnt directly relevant to Kernels, the most popular C HTTP library is most likely quite optimized.
Memory related vulnerabilities are consistently in the top reported vulnerabilities. It is a big deal, and no, you can’t just program around it. Everyone makes mistakes, has a bad day, or something on their mind. Moments of human fallibility. Eliminating an entire class of the vulnerabilites while staying competitive with C is a hard task, but entirely worth doing.
OP mentioned that it was the Flatpak version, which doesnt add anything to root owned parts of the filesystem.
Yes. I dont remember the word exactly but it might have the word “performance” or “hardware”
Yeah, I’ve seen them called guard or guardian models.
Check this out: https://github.com/wayland-transpositor/wprs
And I dont deny that. There are a lot of programmers, and not all had eduction on designing secure software. Even with the knowledge and experience, what if the programmer is tired or makes a similar mistake. Only one mess-up away from a potential vulnerability or instability of the app and system as a whole. I need more experience with C to form a better opinion.
I do not agree with the Dev who stepped down.
But on the topic of C, I wouldn’t measure the quality of a language based on its adoption. C is a relatively old language and therefore benefits from getting wide-use before other languages were born. It will never die because who would ever want to rewrite every project in existence in another language.
Memory safety is very important since it has consistently been one of the largest sources of vulnerabilities throughout software history.
C is not a bad language, but it has flaws. Performance at the cost of safety is not a good trade-off in most scenarios. There is no such thing as a “perfect programmer” who won’t make mistakes.
Actually, in the case of a web browser, Flatpak weakens both Firefox’s and Chromium’s internal sandboxing, possibly allowing for breaking of cross-site or site-host boundaries. Firefox is even weaker then Chromium as a Flatpak because it can’t use the zypak fork server. Both are weakened, best to avoid.
For basically any other app, Flatpak can be beneficial as a sandbox.
Basically, don’t sandbox browsers because its like wearing 2 condoms. The only sandboxing tool I know that doesn’t interfere with the browser’s sandbox (and also doesnt allow for the possibility of privilege escalation, like Firejail) is Bubblejail
PS: Since you mentioned you are on Fedora, Bubblejail is offered through this COPR repo from the Secureblue team. It provides a sandbox without interfering with the browser’s sandbox. It comes with profiles for Firefox and Chromium. Only issue ive experienced is that the sandbox works, aka it means I can’t access files from my home directory unless explicitly given permission to a folder.