I am certain that there exist people who are 1) capable of advancing the state of the art in AI, and 2) free of the hubris that lets them believe that their making AI somehow gives them a veto over the fates of nations.
This would have to go into one big unsafe block for any nontrivial program. C doesn’t convey all of the explicit things you need to know about the code to make it even compile in Rust.
I once implemented a WASM to Rust compiler that due to WASM's safety compiles to fully safe Rust. So I was able to compile C -> WASM -> Rust and ended up with fully safe code. Though of course, just like in WASM, the C code is still able to corrupt its own linear memory, just can't escape the "sandbox". Firefox has employed a similar strategy: https://hacks.mozilla.org/2020/02/securing-firefox-with-weba...
Mark Russinovich recently gave a talk at a UK Rust conference that mentioned Microsoft's internal attempts at large scale C->Rust translation, https://www.youtube.com/watch?v=1VgptLwP588
Tools like those exist. The problem with them is that they use unsafe blocks a lot, and the code usually isn't very idiomatic. Translating global variable state machines into more idiomatic Rust state machines based on things like named enums, for instance, would be very difficult.
With the help of powerful enough AI we might be able to get a tool like this, but as AI still very much sucks at actually doing what it's supposed to do, I don't think we're quite ready yet. I imagine you'd also need enough memory to keep the entire C and Rust code base inside of your context window, which would quickly require very expensive hardware once your code grows beyond a certain threshold. If you don't, you end up like many code assisting LLMs, generating code independently that's incompatible with itself.
Still, if you're looking to take a C project and extend it in Rust, or perhaps slowly rewrite it piece by piece, https://c2rust.com/ is ready for action.
1. It means you don't need C code & a C compiler in your project any more, which simplifies infrastructure. E.g. cross compiling is easier without any C.
2. You can do LTO between Rust and the C->Rust code so in theory you could get a smaller & faster executable.
3. In most cases it is the first step to a gradual rewrite in idiomatic Rust.
I don't trust Privacy Guides. They must have some kind of deal with Brave. They didn't accept Brave and then out of nowhere they start accepting it with the excuse of having a Chromium-based browser.
Hey, I'm Justin from the 501(c)(3) fiscal host of Privacy Guides, MAGIC Grants. Us board members administer the funds for Privacy Guides, and we are different people than those who are on the Privacy Guides committee.
I assure you that Privacy Guides has not made a deal with Brave or any other of the tools that it recommends on the website. I'm happy to address any other questions about raising funds if you have them.
There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum. There is a lot of great context there.
> There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum
The process doesn't strike me as consensus driven? Mods/team have become gatekeepers (both for persisting with existing recommendations or adding new ones), including aggressively shutting down conversations/threads they personally don't like (I was told, all moderation actions are final, regardless of who on the team does it, even if why they did it doesn't hold water). I imagine, such a rigid setup is in response to prevent bad faith actors (but then, I lose count of how many times team/mods have called others "extremist", using it as a slur, just because ... reasons).
It is hard to definitively prove ulterior motive, but other folks do observe such nefariousness and come to their own conclusions, valid or not, as GP has done.
All that to say, the way it is currently run, "discussions happened" isn't really the defence you think it is.
We don't have a deal with Brave. It was added almost 3 years ago, and nobody has even proposed removing it in the time since. Furthermore, it would be insane and likely illegal for a public charity to strike a deal to serve an undisclosed advertisement for a product from a private company.
I think our position on Brave is clear enough from the very first paragraph in the guide:
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box
Just want to put emphasis on “out of the box”. Changing any of the default settings will cause you to stand out. The fingerprinting protection is essentially to have a bunch of people all using the same browser with all of the mechanisms used for fingerprinting being either disabled or giving the same results on all installations; everyone has the same fingerprint.
We cover that too [0]. In addition, while I wouldn't blanket recommend a VPN usually, it's important to use a VPN in conjunction with Mullvad Browser (specifically). If you're not blending in with a crowd of similar browsers at the network level too, the fingerprinting protections are a bit pointless.
> Like Tor Browser, Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: Standard, Safer and Safest. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default security levels. Other modifications would make your fingerprint unique, defeating the purpose of using this browser.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
What about a WebKit based browser?
"Orion comes with state-of-the-art ad and tracker blocking enabled by default, unlike any other browser in existence... Beyond blocking all ads and trackers by default, Orion is also a zero telemetry browser. It protects you from websites on the web, and the browser itself never leaks your private information anywhere."
They specifically state on their page for the Brave listing (and all the other ones) that they aren't affiliated with any of the projects they recommend. They also list the criteria they have for listing a project. If you think something shady's going on, perhaps you could point out which of their publicly available criteria Brave doesn't meet?
Agree. Firefox is the only browser I "trust". It does the best job of respecting the user out of any available option. I am the user and I deserve respect. You are also users, and you deserve respect, too.
In their defense, I think it is good to have a more private chromium browser if we’re talking about the subject of accessibility for new folks. Much easier to get them off chrome proper.
I dont understand the needed distinction between "chromium" and "non-chromium" browsers, thyre just web engines and ultimately technical details. Although chromium having significantly more compatibility (or chrome features that websites use) the average consumer will be using websites that keep strict accordance with webstandards to support safari.
For technical users its another story but for the average user the web engine of your browser doesnt matter, just the shell around it, so I find it quite silly the notion we need X browser and also an X chromium browser
Some people think it’s important to support more browser diversity by not using chromium-based browsers. Some people also think that it’s bad to use pretty much anything produced by Google. Plenty of reasons to want non-chromium browsers
For me personally, it comes down to diversity. If all other browser engines "go under" and we are only left with Chromium, websites can only be built for 1 browser. Although Chromium is a great engine (evidenced by how many browsers are built on top of it and how widely the underlying Chromium engine has been embraced), it's not without quirks, bugs, flaws, and vulnerabilities.
Firefox is built from the ground up in a different way from Chromium, with its own set of bugs, quirks, flaws, and vulnerabilities. There may be some overlap, but having entirely different architectures means we keep pushing the compatibility envelope, we get "copycat" features, where one engine does something great and the other implements it in a way that works with their own engine, etc.
It's just better to have more than 1 browser engine around. I wish it wasn't so difficult to start a new engine from scratch today, the sheer amount of features a web browser must have to get people to even consider reading your About page, and the overwhelming complexity of modern webstacks, mean you basically have to be grandfathered in as a browser that's been around for decades and has a huge amount of community support.
I am aware of alternative browsers, Arc and the like. I'm very happy to see someone seriously go after an entirely new browser engine that's not Gecko or Chromium, and the traction they're gaining while not being "fully featured" sort of sums up the sentiment of my message (I hope). Having alternatives is good.
And there’s the other side of the coin: some websites break in Firefox (and other non-Chromium brewsers, perhaps). I’m keeping Ungoogled Chromium just in case (and for testing my own websites, of course).
(Remember to complain politely, but loudly, if something works in Chromium only.)
I only started really using Firefox as a daily driver probably two or three years ago so I’ve been lucky to have my compatibility be like… 99.9%. Little snitch and my VPN break far more sites than Firefox does. But I keep brave on hand just in case.
I am somewhere in the middle. If people could see something like Privacy Guides that is trying to be a primary privacy resource, and then look up any advice on another source, it could be useful. People aren't used to challenging something they read when it comes to privacy from a "trusted source", and I think that should be a key part of privacy and security. Try to find other sources, that aren't connected, to back up a claim.
I genuinely wonder for ProtonMail (and anything web-based, really): isn't it a fact that if I use ProtonMail, my browser will download and execute a client every time? In the sense that I don't actually know what code my client is running. ProtonMail could totally decide to serve me a client that actually leaks data, and I would not know it unless I somehow save and audit the client every. single. time.
If I use e.g. Signal, I can of course build it from sources I trust, or download it from the Play Store and trust that Google won't send me a modified version of it (at least it seems less likely and harder to pull).
Am I wrong in considering that web-based clients cannot really be considered secure?
Really struggling to see how Sveltkit is a all similar to RoR. Sveltkit is just a frontend SSR framework lacking the rest of the goodies and patterns of a full stack framework. Sveltkit seems to be a next.js alternative but not a RoR alternative
It's not the same at all. I have a SvelteKit + FastAPI app that ironically I'm porting to Rails after rediscovering it.
Indeed SvelteKit is basically like NextJS for Svelte. It's just a thin server layer + routing which enables SSR, form submissions, and a few other goodies.
You don't get the kitchen sink like with Rails.
Just off the top of my head here's things you get with Rails that you don't with SvelteKit
- auth (new in Rails 8)
- background jobs
- email processing
- database connections and ORM
- caching layer
By the way this is coming as someone who is a fan of SvelteKit, it's just not objectively the same nor an evolution of rails at all.
One minor thing I would add is that of very recently, the new svc utility can set up auth, database stuff, i18n and some other things when creating a new svelte kit project.
There are about a half dozen "Rails-inspired" Rust frameworks under development. They're probably a little too early to start using in production, and you should stick with Actix/Axum Flask-style frameworks for the time being.
