>Is low-level C code full of if-branching and gotos going to survive AI
scrutiny?
As we saw in a previous thread (>>108706847), there is an unstable rust std library feature (`iter.next_chunk::<N>()`) that would have made N=0 a compile error before stabilization. But as it is currently implemented, this is not the case. And guess what? "AI" found that one bad branch for N=0:
https://github.com/Swival/security-audits/blob/main/rust-stdlib/184-zero-length-chunk-writes-out-of-bounds.md
Imagine the tens of thousands (conservative) of bad branches in linux, and combine that with gotos!

Weird. Doesn't work on a lot of supposedly vulnerable Linux distributions.
Surely he'll patch the repo to not call it universal.

By the way, buy an ad, Anthropic

>>108777825
This reminds me of a comment I saw on Lemmy the other day, commenting on the curl guy blog post about "approaching zero bugs":
https://daniel.haxx.se/blog/2026/04/30/approaching-zero-bugs/

The comment:
"There is no substitute for the static analyzer within the compiler informed by the type system. Near-zero bugs require provable static analysis that guarantees preventing a certain bug class, i.e. (safe) Rust for the bug classes it guarantees preventing. Hopefully, future languages with even better type systems will help with even more bug classes, or incrementally improves on what Rust currently has to offer.

C code simply doesn’t have enough info for an external tool to push bugs down to near-zero count. This is also exactly the point of struggle that lead to complete failure in delivering guaranteed safety to C++.

There has been murmurings, mainly from non-technical people, about how “AI” will render advancements in safer type systems nearly useless, because the magic (mushroom) AI will just find all the issues in code written in older languages. What they don’t realize is that the effect will be reversed. Many established projects that come with a high reputation, and a veneer of maturity, indestructibility, and meticulousness will simply, and perhaps unfairly, lose that perception under the continuous barrage of potentially high impact bugs and vulnerabilities surfaced by these tools, with not enough human bandwidth to keep up with them, and with new code susceptible to the same problems repeating over and over. This will effectively lead to an even harder push for adopting technologies that prevent a good chunk of these bugs from ever happening at any point, not the other way around."

>>108777847
>murmurings, mainly from non-technical people, about how “AI” will render advancements in safer type systems nearly useless
lol i think he is talking about our /g/eet tards

>>108777834
>buy an ad, Anthropic
oh you couldn't be more wrong about who i am desu.
"AI" companies will probably be behind most leaks because "scary" news makes better marketing. and no one should trust a leaker.
this doesn't change the technical side of things though. and there are other AI companies doing analysis that are less known to the public (see Daniel's blog linked by another anon above).

good thread

>>108777789
>there is no substitute for "goto". we must use it. --/g/eet sophomores a few months ago
lol

>>108777866
>curl dev
>AI company
Talking out your ass is hackerjews behavior

from spam thread (move here anon instead of conversing with retards like the one who replied to you):
>This is only a logic error in the sense that they needed to mentally maintain the logic to keep track of mutability and memory bounds. A language problem.
To expand on that, and beyond the "direct" safety features, Rust (and more languages in the future hopefully) offer abstractions and type system features that model invariants in a much cleaner way, from sum types to type classes to RAII, not to mention extensive pattern support and "everything is an expression".
but even if you end up with boolean conditions somehow. you can always go with a "truth table" match (i do), where you can't "forget" any branches.

// usually it's not just bools, but that's where patterns come handy
match (cond1, cond2, cond3) {
  (false, false, false) => ...,
  // all 7 remaining "branches", otherwise it's a compile error
}

in that, you can also make supposedly non-existing combinations "unreachable!()", so you hopefully pre-catch any potential room for a future vulnerability.
tl;dr: merely having idiomatic exhaustive checking wins you a lot.

>>108778050
you have worse reading comprehension than an LLM /g/eetoid

>>108778076
You have failed the captcha.
Buy an ad, Anthropic.

>>108778107
>/g/eet can't comprehend basic english
your retarded existence is half the reason why LLMs pass as good

>useless back and forth
i don't even know why i bother creating good threads

>>108777789
So are you telling me I need to run sudo apt upgrade ??
The horror!

I should probably also ask here.
So which devices are actually affected by this?
esp4, esp6 and rxprc do not show under lsmod of my arch system nor xubuntu vm.

>>108778509
esp6/rxprc do not show for me either on Arch and Debian Trixie but I can run the exploit to get root access on both systems.

I’m learning Rust by reading the 2025 ed book. Where are the forums and communities at?

>>108778004
Personally I like do { } while(0) and you can break instead of goto. Gives you a semblance of structured concurrency.

>>108777789
What does "breaking the embargo" mean?

File: 1777000843799322.png (42 KB, 920x688)

42 KB PNG

>cniles can't go one week without AI finding some major vulnerability
time to move on

>>108778544
everywhere.
official forum:
https://users.rust-lang.org/
for r*ddit-like communities, i prefer the slower paced lemmy (e.g. !rust@programming.dev). it's ideal for general questions and casual asynchronous chat.
for synchronous/interactive chat, Zulip is where serious chat happens, otherwise you can chat in irc or matrix, or wherever (you should know to not use discrod because it's spyware).

>>108778509

# cat /etc/modprobe.d/dirtyfrag.conf
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false

hope that helps. technically it's some other crypto code but otherwise, ya.

>>108778509
>>108778527

% zgrep -i '_esp' /proc/config.gz
CONFIG_X86_ESPFIX64=y
CONFIG_XFRM_ESP=m
CONFIG_XFRM_ESPINTCP=y
CONFIG_INET_ESP=m
CONFIG_INET_ESP_OFFLOAD=m
CONFIG_INET_ESPINTCP=y
CONFIG_INET6_ESP=m
CONFIG_INET6_ESP_OFFLOAD=m
CONFIG_INET6_ESPINTCP=y
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y

>>108778508
you need to wait. this got published early because someone leaked it.

>>108778544
obviously /g/ - Technology.

Who cares? All my systems have NOPASSWD in /etc/sudoers anyway. Free exploits for anyone.

>>108778582
means talking about a vulnerability outside of the designated private mailing lists before a period of time passes. it's connected to "responsible disclosure", and meant to give vendors time to ship updates before things go public.

>>108778544
>>>/lgbt/

>>108778652
literally zero threads about Rust, are (You) trolling?

>>108778628
>no such file or directory

>>108778660
you're talking to a zoggie (or a retard who fell for zoggie tactics) who calls rust tranny because it makes zoggies' job harder.

>>108778675

grep -i '_esp' /usr/src/kernels/"$(uname -r)"/.config

>>108778675

% zgrep -i CONFIG_IKCONFIG_PROC /proc/config.gz
CONFIG_IKCONFIG_PROC=y

>>108778624
Just checked, those modules aren't loaded on my Debian server, so it wouldn't work.

>>108778713
you sure they aren't on-demand loaded?

>>108778713
you should check the exploit itself in a virtual machine, because the exploit itself could load them.
also, depending on kernel config, they could be built in, so they wouldn't show up as modules anyway.

>>108778611
They can't. They're baby duck lead poisoned boomers.

File: 1778160976217372.png (2.44 MB, 2880x2880)

2.44 MB PNG

>>108777789
>module anti-maxxing
As a Gentoomen I already do that.
More people should get into compiling their own kernels, but of course /g/ barely talks about this too busy spamming AI slop.
>>108778070
Rust remains a shitty language and a walking supply chain attack vector.
We need a better language than both C and Rust for kernel level stuff.
One made by sane people.

>>108778839
Ya ok retard. Good luck with your meme language that won't be half as complete and have even less users than memes like hare, D, vlang, mojo and vale.

>>108778509
Just ran the exploit and it worked, the modules seem to be loaded on demand.
I then did this >>108778624 and rebooted, now it errors out.
Thanks for the response bros.

>>108778839
>As a Gentoomen I already do that.
post "zgrep -i '_esp' /proc/config.gz".
these exploits unfortunately don't depend on random unused driver modules. so even a config racer may not have disabled them.
>rust bad bla bla supply chain bla bla
explain with technical details how rust in the kernel is a "muh supply chain" risk

>>108779065
they soft of do rely on unused modules. who really uses ipsec these days? i hate ipsec. please rip it out of the kernel so no one can use it.

>>108779094
>please rip it out of the kernel so no one can use it.
kernel fork with all the legacy boomer cruft removed when

>>108779094
these modules are not hardware driver ones, was the point.
config minimalism has always focused on disabling unused hardware drivers, because that's where most of the bloat comes from, and that's what the majority of kernel code is.
other modules get enabled because some application/use-case *may* require them.
op points to a potential new trend that could emerge, where kernel configs get minimalized to the maximum, then enabling "protocol modules" and their likes one by one whenever a need for them emerges.
this would probably require some recompilations early on, until users find a configuration they can settle on. but still, the potential protection from such vulnerabilities could be more than tempting.

>>108779065
Gentoo users can choose not to compile in config

>>108779325
everyone can compile their own kernel. this is not special. but did that gentoo user actually disable those modules *specifically*....before the vulneribility became public? that's the question.
also see >>108779323

the thread turned good. that's more like it.

>>108779065
For me:

$ zcat /proc/config.gz | grep -i _esp                                                                                                                                               
# CONFIG_INET_ESP is not set
# CONFIG_INET6_ESP is not set

>>108778070
sounds like bloat to me
i guess if you are retarded and have never worked with any kind of logic or ever used a computer before i might see how you could think that a system where each row in a truth table had to be written out in code explicitly would be a useful construct.
in the real world why not just have people who aren't completely braindead write the code in the first place, and if you can find a second person who is also vaguely competent (i know, its extremely difficult) to review it then we can just keep on with the current system of using our brains and minds to think about what conditions we actually need to even test for at all or act upon, and which of these actions are common etc.
you know, basic fucking boolean algebra that every person who writes software should be familiar with.

>>108780260
>nocoder wanted to participate