Connect with us

Tech

The Rust programming language just took a huge step forwards – ZDNet

Published

 on


Programming language Rust now has the backing of the Rust Foundation, an independent organization that will steward the language’s future as more developers begin using it. 

Rust, hatched at Mozilla as a safer alternative to C and C++, has quickly become one of the most favored languages for system development, even though it’s not widely used for application development.

Google is backing Rust for a key component of the the Apache HTTP web server project, Amazon Web Services (AWS) is investing in the Rust community and is a key sponsor, while Microsoft is eyeing it to replace some components of Windows written in C/C++ and to develop components for the Azure cloud. 

Rust only reached version 1.0 in 2015, so it’s a relatively young language compared to the likes of Python, Java and JavaScript. 

The language allowed Mozilla engineers to remove memory-related security bugs in Firefox’s Gecko rendering engine that were written in C++. Developers replaced about 160,000 lines of C++ code in Firefox with 85,000 lines of Rust. The language was critical for Mozilla’s Servo browser engine.  

Establishing the Rust Foundation is an important milestone for the language. As Niko Matsakis, an ex-Mozilla engineer, core Rust contributor and now AWS engineer pointed out recently, there is a misperception that Rust is owned by Mozilla. 

The foundation creates a vehicle to accept financing from organizations beyond Mozilla, such as AWS and Microsoft Azure. 

“Unfortunately, there is sometimes a lingering perception that Mozilla “owns” Rust, which can discourage companies from getting invested, or create the perception that there is no need to support Rust since Mozilla is footing the bill. Establishing a foundation will make official what has been true in practice for a long time: that Rust is an independent project,” Matsakis wrote recently

“We have also heard a few times from companies, large and small, who would like to support Rust financially, but right now there is no clear way to do that. Creating a foundation creates a place where that support can be directed.”

Mozilla will continue to support Rust, but it won’t sponsor the project alone. The Rust Foundation will hold its first board meeting February 9th. 

The board of directors includes representatives from AWS, Huawei, Google, Microsoft, and Mozilla.

Over the past year Microsoft has footed Rust’s continuous integration (CI) bills, while AWS has supported its storage costs through S3 for several years.  

Until now, the Rust did not operate as a distinct legal entity, which was previously Mozilla’s responsibility. These issues affected the project in various ways, including Rust trademarks and Rust’s package management system, crates.io. Mozilla was also responsible for handling copyright takedown requests under The Digital Millennium Copyright Act (DMCA).  

The Rust team couldn’t do simple things like signing a contract and or establish a bank account from which to manage funds from sponsors like Microsoft and AWS. 

“One common example that arises is the need to have some entity that can legally sign contracts “for the Rust project”. For example, we wished recently to sign up for Github’s Token Scanning program, but we weren’t able to figure out who ought to sign the contract,” notes Matsakis. 

As part of the new arrangement, Mozilla transferred all trademark and infrastructure assets to the Rust Foundation, including the crates.io package registry

“This marks a huge step in the growth of Rust on several axes; not the least of which, a formal, financial commitment from a set of global industry leading companies, heralding Rust’s arrival as an enterprise production-ready technology,” said Ashley Williams, interim executive director of the Rust Foundation. 

“I am personally moved, and motivated, by the sense of responsibility that comes from this commitment. Our founding sponsors’ eager and enthusiastic participation is not only a promise to maintain and sustain Rust as what it is today, but an endorsement of Rust’s values and a dedication to share the responsibility of cultivating the future that Rust aspires to.”

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Amazon, Apple not to charge extra for lossless music

Published

 on

Amazon.com Inc and Apple Inc will let users stream high-quality lossless audio at no extra charge, as they explore new ways to keep subscribers tuned in to their services amid intense competition.

Amazon Music, which so far charged a premium for lossless audio, became the first major music service on Monday to upgrade its subscribers to the format.

Lossless is a higher quality audio format that preserves every detail of the original audio file without compressing the quality while streaming.

American rapper Jay-Z’s Tidal was among the first to roll out the technology, charging $19.99 per month for lossless music.

The e-commerce giant’s Amazon Music Unlimited with lossless music will cost less than half that at the industry standard price of $9.99 per month.

Separately, Apple said subscribers would be able to listen to its entire music catalog of more than 75 million songs by next month in the lossless format at no additional cost.

 

(Reporting by Eva Mathews and Subrat Patnaik in Bengaluru; Editing by Anil D’Silva)

Continue Reading

Tech

Cyberattack exposes lack of required defenses on U.S. pipelines

Published

 on

The shutdown of the biggest U.S. fuel pipeline by a ransomware attack highlights a systemic vulnerability: Pipeline operators have no requirement to implement cyber defenses.

The U.S. government has had robust, compulsory cybersecurity protocols for most of the power grid for about 10 years to prevent debilitating hacks by criminals or state actors.

But the country’s 2.7 million miles (4.3 million km) of oil, natural gas and hazardous liquid pipelines have only voluntary measures, which leaves security up to the individual operators, experts said.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” Richard Glick, the chairman of the Federal Energy Regulatory Commission (FERC), said.

Protections could include requirements for encryption, multifactor authentication, backup systems, personnel training and segmenting networks so access to the most sensitive elements can be restricted.

FERC’s authority to impose cyber standards on the electric grid came from a 2005 law but it does not extend to pipelines.

Colonial Pipeline, the largest U.S. oil products pipeline and source of nearly half the supply on the East Coast, has been shut since Friday after a ransomware attack the FBI attributed to DarkSide, a group cyber experts believe is based in Russia or Eastern Europe.

The outage has led to higher gasoline prices in the U.S. South and worries about wider shortages and potential price gouging ahead of the Memorial Day holiday.

Colonial did not immediately respond to a query about whether cybersecurity standards should be mandatory.

The American Petroleum Institute lobbying group said it was talking with the Transportation Security Administration (TSA), the Energy Department and others to understand the threat and mitigate risk.

THIN STAFFING

Cyber oversight of pipelines falls to the TSA, an office of the Department of Homeland Security (DHS), which has provided voluntary security guidelines to pipeline companies.

The General Accountability Office, the congressional watchdog, said in a 2019 report that the TSA only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices.

The TSA said it has since expanded staff to 34 positions on pipeline and cybersecurity. It did not immediately respond to a request for comment on whether it supports mandatory protections.

When asked by reporters whether the Biden administration would put in place rules, DHS Secretary Alejandro Mayorkas said it was discussing administrative and legislative options to “raise the cyber hygiene across the country.”

President Joe Biden is hoping Congress will pass a $2.3 billion infrastructure package, and pipeline requirements could be put into that legislation. But experts said there was no quick fix.

“The hard part is who do you tell what to do and what do you tell them to do,” Christi Tezak, an analyst at ClearView Energy Partners, said.

U.S. Representatives Fred Upton, a Republican, and Bobby Rush, a Democrat, said on Wednesday they have reintroduced legislation requiring the Department of Energy to ensure the security of natural gas and hazardous liquid pipelines. Such legislation could get folded into a wider bill.

The power grid is regulated by FERC, and mostly organized into nonprofit regional organizations. That made it relatively easy for legislators to put forward the 2005 law that allows FERC to approve mandatory cyber measures.

A range of public and private companies own pipelines. They mostly operate independently and lack a robust federal regulator.

Their oversight falls under different laws depending on what they carry. Products include crude oil, fuels, water, hazardous liquids and – potentially – carbon dioxide for burial underground to control climate change. This diversity could make it harder for legislators to impose a unified requirement.

Tristan Abbey, a former aide to Republican Senator Lisa Murkowski who worked at the White House national security council under former President Donald Trump, said Congress is both the best and worst way to tackle the problem.

“Legislation may be necessary when jurisdiction is ambiguous and agencies lack resources,” said Abbey, now president of Comarus Analytics LLC.

But a bill should not be seen as a magic wand, he said.

“Standards may be part of the answer, but federal regulations need to mesh with state requirements without stifling innovation.”

 

(Reporting by Timothy Gardner; Editing by Cynthia Osterman and Marguerita Choy)

Continue Reading

Tech

U.S. senator asks firms about sales of hard disk drives to Huawei

Published

 on

A senior Republican U.S. senator on Tuesday asked the chief executives of Toshiba America Electronic Components, Seagate Technology, and Western Digital Corp if the companies are improperly supplying Huawei with foreign-produced hard disk drives.

Senator Roger Wicker, the ranking member of the Commerce Committee, said a 2020 U.S. Commerce Department regulation sought to “tighten Huawei’s ability to procure items that are the direct product of specified U.S. technology or software, such as hard disk drives.”

He said he was engaged “in a fact-finding process… about whether leading global suppliers of hard disk drives are complying” with the regulation.

(Reporting by David Shepardson, Editing by Rosalba O’Brien)

Continue Reading

Trending