Still not getting your point. Is there a reason I should read about Redishell?

the only loss here is my time as a moderator :P

I value mine more than yours, sorry.

Do keep in mind that all this has a lot of “editor wars” vibes. But the conflict goes beyond Debian (e.g. including Rust in Linux kernel), and actual harmful discussions between Rust and C/C++ people is REAL, damaging our communities, and very much driven by generations/ network-effect. And this is just sad. It’s not a technical issue, and overcoming it seems nearly impossible at the moment.

Is this the reason you give me a “warning” later in your reply? I’m not getting the exact point clearly. This topic is “harmful,” but I don’t think you warned everyone else discussing it? So what is the actual warning? Are you telling me not to reply in threads on this topic in the future?

backdoors to me are a smaller concern in the software industry nowadays in comparison to the Redishell provided that you were unable to fully understand

Backdoors are a top priority concern in consumer electronics. I hope nobody lets themselves be mislead on that fact here.

I have no idea what “Redishell” is. I don’t think there was any point in this thread where I said anything about it, so what are you talking about with me being “unable to fully understand” it? Couldn’t you try telling me what it is and checking how much I understand before saying that? Am I totally forgetting something?

Whatever it is, it sounds like you’re implying it’s a security vulnerability that cannot be a backdoor, which I definitely don’t understand when I have no idea what it is.

deleted by creator

systemd

Looks like it’s already time to move away from MX Linux. That sucks. Whole Linux ecosystem back to getting worse instead of better?

I think youre reading way too much into having sails or not lol

I’m not. My point is you don’t realize how many areas you should be applying this kind of thinking in.

I would not want to go back to that era of illiteracy, poverty and disease.

But you’d want to stay in this one? Or what’s your point supposed to be?

Adapting old ideas into the modern world where it makes sense is good though

I’m saying, when you think about how fucked up it is that we went so far with removing sails from cargo ships, you can see more of how deep we are in misuse of technology. It’s a microcosm of a big picture.

What do you mean?

For anyone confused:

• Make sure you know exactly what “compiler” and “backdoor” mean. With that, you can probably skip the rest of this comment.
• aubeynarf seems to be framing things in a way that might make you think C is immune to compiler backdoors, and might also make you think we’re in agreement on that point. That’s based on absolutely nothing. C has no special resistance to compiler backdoors. I hear Rust introduces new risk here, but I don’t see any reason to reframe that as all the risk with C being in other areas.
• aubeynarf seems to be framing things in a way that might make you think security exploits all have similar levels of severity. Like, if you make a list of 100 exploits, it will be about the same severity as any other list of 100 exploits. That is not true. Scoring would be based on what damage the exploits can do, not how many there are.
• If aubeynarf’s framing makes it seem like known exploits are scored by sheer quantity, that would also imply security experts put a lot of focus on “scoring” known exploits at all. We don’t. We might put a lot of energy into counting and scoring unknown exploits if we could, but we can’t, so this is again not an honest mistake or a slight twist from reality - it’s completely made up from nothing. Not only would quantity be unrelated if we did have a big use for scoring known exploits, but we don’t. Known exploits are not unknown exploits. We’re trying to expose unknown exploits, and fix them. Counting and scoring the known ones is just something that happens along the way. We would never weigh the entire concept of compiler backdoors by counting the ones we’ve identified.
• aubeynarf seems to be framing things to set an impression of “oh this guy knows what he’s talking about and he thinks compiler backdoors are no big deal, so they must be no big deal.” If you fall for that, there’s not much I or anyone can do for you.

While you’re spouting nonsense

I’m the guy you were replying to here. I’m not spouting any nonsense in this thread. Did you reply to the wrong person, or is this a false accusation?

this is happening:

https://www.infoq.com/news/2025/11/redis-vulnerability-redishell/

The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code. This grants full host access, enabling data theft, wiping, encryption, resource hijacking, and lateral movement within cloud environments.

13 years. That’s how long it took to find a critical safety vulnerability in one of the most popular C open source codebases, Redis. This is software that was expertly written by some of the best engineers in the world and yet, mistakes can still happen! It’s just that in C a “mistake” can often mean a memory-safety bug that would put user data at risk (…) That’s the nature of memory-safety bugs in C: they can hide in plain sight.

Why did you make me read these paragraphs without explaining how they connect to the context? Let me guess: they don’t connect to the context, you’re just designing your replies to mislead people dumb enough to be vulnerable to your manipulation tactics? With no consideration for me whose time/energy you’re wasting, much less them who you’re confusing?

You care

About random numbers? Not really

you are the one that brought it up as an issue with rust.

Are you referring to where I said “I want to know some random numbers Rust isn’t giving me, and that’s a problem with Rust?”

Because that was in your imagination.

Or are you referring to where I said “Rust wants to know some random numbers it isn’t giving itself?”

Because that was also in your imagination.

In reality, I brought up that I’ve heard Rust adds another layer of trusting the compiler isn’t backdoored.

how many compiler back doors have we seen versus use-after-free/stack overflow attacks?

Who cares? Why do you ask?

The anti-Rust crowd baffles me. Maybe C++ has rotted their brain to the point they can’t “get” the borrow checker.

I can’t code, so C++ doesn’t have much space in my brain, but Rust still seems a lot more sus to me than C.

We did without auxiliary motors for a long time. The only reason a motor would be needed is if everyone is too greedy to pay for the work to be done right (having a big enough crew for rowing).

But the crew can’t stop the world from being greedy, so it makes sense that they’re using sails and a motor to improve on what they can.

This era honestly sucks so much, the only way the next era can show a lot of progress is if it shows a lot of reversion.

“What if we took the sails off every fucking cargo ship?” is a sick question, and when society has answered that with “yeah let’s do it,” the sickness runs a lot deeper than that. We’ve just been taking insane/stupid ideas and running with them for a long time.

Rust adds another layer of trusting the compiler isn’t backdoored. All UNIX/Linux systems use the gcc toolchain, so having it written in C would mean less dependencies for the OS.

• paraphrased from someone who seemed to know more about this stuff in this unrelated discussion yesterday

Strange times.

Obviously a fake rule, since I don’t see any risk of the person I was replying to being banned.

Like most online discussion spaces these days, the “moderation” isn’t spam filtering, it’s censorship by bullies who conveniently pretend they’re only censoring bullies. At least that’s my guess based on vote scores on certain content

Seems like you’re trying to bait me into a response that could be used as an excuse to ban me. Try this bullshit on nostr if you can handle talking somewhere you can’t just ban people who stand up to your bullying.

If you copy and paste your reply to me on nostr, I’ll be happy to explain the basic English definitions you’re asking me for (instead of a dictionary) while insulting my intelligence, but I’ll also insult yours back in a more appropriate way.

Edit - you obviously won’t actually reply on nostr, because you’re an authoritarian bully, but if you did, I’d feel a bit proven wrong about you and not immediately say anything I’d get banned for. It’s only here, that I want to say anything I’d get banned here for. Kind of a catch 22 type thing

What does that have to do with the context where you’re replying? I was talking about censorship, not community building / spam filtering

If humans can avoid extinction and keep the internet online for a long enough time, it shouldn’t be too hard for them to eventually figure out censorship is bad

Then you’re really saying the internet is dying faster than it can develop. I think that’s just psychologically defensive defeatism, tied to stuff like saying humans can’t survive climate change

Inevitably, either nostr will take over the internet, or the internet will be gone faster than nostr can develop to that point