Oscar Blumberg
Oscar Blumberg
There are two distinct argument here I believe. The security one is fine, but it doesn't mean that it should be the default, just that we should have a --zero-mem...
I don't agree that "secure by default" trumps everything here. Especially if the alternative is to add a single cli flag when you run in production where sec is important...
I feel like I'm fighting a lost battle here but I'll try anyway. My point is that undefined behavior is less dangerous than almost-always-ok implicit behavior, as long as you...
Check bounds : we will never change the behavior here, which _is_ security by default. But for perf reason code has an opt-in bounds check remove that people do get...
I think performance is not the problem here. Even if we initialize all memory my point is that it should always be explicit. i.e., remove the Array constructor for bits...
It's not about deserving it, it's exactly the opposite. You can only argue for predictability if the behavior makes sense. Think of it this way : using zero will actually...
@sbromberger No because if the specification says that memory is zero, then we can never have a mode which returns garbage, it would break code. For now, it often is...
We're bound to cycle if you don't read what I'm saying. Or maybe I'm wrong because I feel I'm alone on this but I'll try one last time : I...
@StefanKarpinski this doesn't address my issue in general. I'm not talking about implementation or user interface here, but a much more fundamental point : we should never assume that a...
Well then what is the point of zeroing ? It's just as bad as random garbage except for integers and floats. We wouldn't have this discussion if, e.g, (float)0x0 was...