Thank you Zack, for calling these people out, for dragging them back down to earth, and for leading the charge to oust them from our hobbies and stop them from destroying the things we love.

"And in conclusion, we've decided not to rewrite our entire stack in Rust. Instead, we're focusing on threat modeling, proper auth, boring-ass logging, and minimizing attack surface. Any questions?" Yes, I have a question. Why didn’t you use Rust? Rust is memory safe, so it’s automatically secure. "That’s a good question. We actually do use Rust in a couple of components, but security is a lot bigger than just memory safety. You can write horribly insecure business logic in any language, including Rust." But Rust prevents bugs. The borrow checker eliminates whole classes of vulnerabilities. If it compiles, it’s basically proven correct. "Memory bugs are one class of vulnerabilities. We still have logic errors, auth bugs, crypto misuse, deserialization issues, supply-chain problems, configuration mistakes—none of that goes away just because the compiler yelled at your lifetimes." But everybody knows C is insecure and Rust is secure. That’s just how it is. C has buffer overflows. Rust doesn’t. Therefore Rust code can’t have security vulnerabilities. "Security is a complicated topic and it’s hard to make a blanket statement like that." Legacy languages weren’t built for safety. Rust was designed for safety. You turn on the borrow checker and your security just scales right up. "It may surprise you that there are a handful of high-security, actually-audited systems written in things like C, Java, even COBOL, and they’re doing just fine." Those are all vulnerable, though. They don’t have move semantics or lifetime annotations. You need Rust’s ownership model if you care about security. "I think you’re confusing ‘no use-after-free’ with ‘no bugs’. They’re not the same thing." Look, Rust is fast and safe. C is like driving drunk with scissors. Rust is like a tank with airbags and lane assist. Memory safety is security. "Rust does have some impressive properties, but it does some interesting things to get those guarantees. For example, a ton of real-world Rust code ends up using unsafe, FFI into C libraries, or blindly deserializing user input into structs. If you screw that up, you’re screwed. Does that sound magically secure to you?" If that’s what they need to do to get those kickass compile-time guarantees, then it’s a great design. "…If you’re stupid enough to completely ignore the rest of your threat model because the compiler yelled at a double-free once, I suggest you panic!() on startup and never actually listen on a socket. It will be very secure." If panicking on startup is secure, I will do it. Is that memory safe? "You’re kidding me, right? I was making a joke. I mean, if you’re happy shipping a program that never handles a single request just so you can brag that MIRI doesn’t scream at you, why not just loop { std::thread::park(); } and call it a day? It’s safe as hell." Does loop {} support async? "Holy shit. For my own mental health I’m going to assume you’re just messing with me and aren’t actually brain damaged. Do you even know what a vulnerability is?" Undefined behavior is the secret ingredient in the exploit sauce. Rust removes UB, therefore it removes exploits. It just works. "Please tell me you don’t actually make a living in the technology field." I’m a security engineer. I read a blog post about Rust once. "As of this moment I officially resign from my job as a software engineer and will take up work on a farm shoveling pig shit and administering anal suppositories to sick horses, because that will be a thousand times more tolerable than being in the same industry as dipshits like you. You read one Hacker News thread and think you’re a fucking formal methods researcher because you typed #[derive(Debug)] and wrestled with the borrow checker for an afternoon. You parrot slogans like ‘memory safe’ and ‘fearless concurrency’, but you have no idea what the fuck you are talking about. You’re going to blow some project to hell because you get a woody playing with a new language like it’s a sex toy. People have been building secure systems with boring, mature tech for decades. Yet somehow everything needs to be reinvented because $FAANG posted a whitepaper with the word ‘Rust’ in it. If you’re building a kernel, a browser engine, or some high-performance crypto library, great, maybe Rust is a fantastic choice. But if you’re like 99.9% of companies, you can probably get by very well with ‘not storing passwords in plaintext’ and ‘not giving every microservice god mode in production.’" But Rust’s type system lets you encode invariants. You just model your domain correctly and bad states become unrepresentable. "Right, now I’m thinking about how much fun it will be to castrate my first bull down on the farm. I cannot wait to cut off the testicles of a 3000-pound raging bull as it tries to kick my head in." Rust is a systems language that doesn’t need a garbage collector. It uses ownership and borrowing.