Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So it validated in the input and failed in an unsafe way. Is that what you’re saying? Instead of rejecting the input and failing in a safe way.

My only point was, the language doesn’t matter. It could have been written in brainfuck.

I’m bitching about the rust evangelism, obviously. Neat language, protects against NPEs et. al. It isn’t a magic bullet and it never was.





> So it validated in the input and failed in an unsafe way. Is that what you’re saying? Instead of rejecting the input and failing in a safe way.

It rejected the input and "failed" in a loud way (showing an error) for the user, as opposed to not rejecting the invalid input and continuing anyway in a degraded/invalid state, which would instead have allowed users to continue browsing but would not have worked properly for some other purposes (e.g. it probably would not have continued blocking malicious/bad scraper requests). Neither is ideal, though of course depending on your priorities one might be better than the other.

> My only point was, the language doesn’t matter. It could have been written in brainfuck.

Yeah I definitely agree. My point was that the error was also somewhere else, since an internally-controlled input was invalid.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: