 This week has been a very exciting one for Rustations because on Monday, the White House put out a press release saying that future software should be memory safe. And they also linked to a report from the OWNST, the Office of the National Cyber Director, calling on the technical community to proactively reduce the attack surface in cyberspace. And in this technical report titled Back to the Building Blocks, A Path Towards Secure and Measurable Software, Rust was specifically mentioned as one of the tools that could be used to achieve this goal. So what they mean here by software that is memory safe is software that you know isn't vulnerable to bugs and attacks that exploit memory access. One of the more well-known memory access errors that you might have seen is level 256 in the game Pac-Man. The root cause of this glitchy unbeatable map is the fact that the number 256 cannot fit within 8 bits of memory. The highest number you could have is 255. So the level counter for the game ends up overflowing back to zero. And that ultimately causes the algorithm that draws fruit in the bottom right hand side of the screen that represents the current level to go haywire. And it tries to draw 256 fruit icons onto the screen. And of course that quickly goes outside of the bottom right area where the icons are usually contained in. And it wraps around to the top level of the map and starts overwriting pieces of the level with icons. And also the fruit drawing algorithm itself ends up accessing parts of memory that it's not supposed to. So after a few icons, it's not even drawing fruit anymore. It's drawing other stuff as icons to the screen. So this memory bug causes level 256 in Pac-Man to be unbeatable. But that's a fairly mild bug compared to what malicious hackers can do with memory bugs in online software or software that they're able to interact with in some way. Oftentimes those memory issues can be exploited to get the vulnerable system to just execute the hackers code and ultimately give them full control over the system. Or it can be used to read out sensitive areas of the system's memory like usernames and passwords that you obviously wouldn't want some random person to be able to view. Memory issues are responsible for something like 80% of the critical bugs that we hear about in the Infasec world. So of course this is where Rust is going to come in, right? This is the perfect fit for Rust since memory safety is one of the core principles of Rust. But I think it's important to point out, even though I love Rust, that it isn't the only answer. And it's not even the best answer a lot of the time. And hopefully if you go and read this article for yourself you'll see that it really isn't so much about recommending that people use Rust for writing new software. But rather it's recommending that people should avoid writing new software in languages like C and C++ that are much more prone to memory errors. Because most languages these days, most of the modern languages actually are memory safe since the developer doesn't ever have to deal with memory directly. Like Python, C-Sharp, Go, and Java, they all have automatic memory management in the form of garbage collection. And even though these languages weren't mentioned in this White House memo, they were mentioned in memos that were published by the NSA, CISA, and other agencies a couple of months ago. Those other languages are perfectly fine and actually better for building certain kinds of programs than Rust, unless you're really proficient in writing Rust code. But if you need to design really fast software, software that has a very minimal run time and is running closer to the kernel, or even a real-time operating system that's as memory safe as possible, then Rust is probably going to be the best tool for the job, right? And in part two of the Onest technical report, they talk about how space, like outer space, is one of the frontiers in which Rust could really shine. It reads here that the space ecosystem is not immune to memory safety vulnerabilities, of course. However, there are several constraints in space systems with regards to language use. First, the language must allow the code to be close to the kernel so that it can tightly interact with both software and hardware. So it's got to be a systems programming language. Second, the language must support determinism, so the timing of the outputs are consistent. And third, the language must not have or be able to override the garbage collector, a function that automatically reclaims memory allocated by the computer program that is no longer in use. So that overrides all those other higher-level languages that I was talking about with garbage collectors and, you know, they're high-level, right? So they're not interacting really low to the kernel like CC++ and Rust is. So according to experts, both memory safety and or both memory safe and memory unsafe programming languages meet these requirements. At the time, the most widely used languages that meet all three priorities are C and C++, which of course are not memory safe programming languages. Rust, one example of a memory safe programming language, has the three requisite properties above, but has not yet been proven in space systems. Further progress on development tool chains, workforce education, and fielded case studies are needed to demonstrate the viability of memory safe languages in these use cases. So it's right here in black and white folks. Rust looks very promising for use in space systems and with a little bit more testing, Rust very well could become the recommended programming language of the space age. I mean, it makes sense that if mankind is ever able to achieve fully automated gay space communism, that the underlying code powering that automation would be written in Rust. We could become a species that travels the galaxy in total luxury. Everyone will have their own personal robot Fenboy assistant, whose AI is written in memory safe Rust to guarantee blazingly fast results with no seg faults. It's gonna be beautiful. In all seriousness though, I really like this endorsement like the government endorsement of Rust because I think the biggest downside to learning Rust right now besides just the pure learning curve, like especially if you don't have any experience with systems programming languages. Besides the learning curve, the biggest downside is the lack of jobs that are available out there for Rust developers. Because for a lot of people, possibly even most people, they learn programming like not necessarily so much as a hobby or a passion or anything like that. It's something that they learn to make money. It's just like how I would imagine any other field of engineering is. There's probably some guys out there that are really excited about petroleum extraction, but I would imagine for a lot of the people that get into that field, it's, oh yeah, the whole world runs on oil so I can make a lot of money by learning this field. And it's not to say that people aren't good at that, right? There's obviously plenty of talented programmers out there who are just coding for the money, but because they're coding for the money, they probably are not learning Rust, at least not yet. Now, learning Rust to make money or programming in Rust to make money is becoming more and more viable as big tech companies have started using Rust in their software stack, so obviously they've got to hire people to do that programming. But most of the job listings for Rust that you're going to see on places like rustjobs.dev are still just looking for blockchain development because there's a couple of different blockchains like Solana, for example, that's written in Rust and they use Rust as the language for writing. They're smart contracts. And of course, with blockchain development and also I guess kind of with AI development, there's some people who don't want to get involved in it because they think that it's just a fad, right? Or it's just something that's only going to be a temporary job and not really a career, right? Obviously, I don't feel that way about it, but you know, this is just how people think when they're looking for jobs. So government Rust jobs could be really attractive to a lot of people, especially those career-minded people or people that want a lot of stability because government jobs by their nature tend to provide a lot of stability, right? Like essentially your boss has unlimited money that he could potentially pay you, right? The only thing that I worry about though with the government starting to hire people to do Rust jobs or wanting projects to be written in Rust is an increased cost of development. Because like I said, Rust is a challenging language to learn. Like I would say it's probably the hardest mainstream language to learn. And it's not just because it's a low-level language. Like obviously that adds a degree of difficulty to it. And also another case with low-level languages is that implementing certain things like a web server in Rust or C or C++ is going to take many more lines of code than implementing that in a language like Go. But the biggest thing that makes Rust so difficult is the memory safety. The fact that Rust compiler will not let you compile code that isn't memory safe. So it takes much longer, especially if you're not experienced with Rust, to just get any program written in Rust to compile at all. So combine that with the fact that the government tends to give projects out to the lowest bidders. And we could see billions of dollars in taxpayer money just being thrown at devs to fight with the borrowchecker all day to get something to compile, like something like a Hello World program to compile. That could become a reality if Rust evangelism goes too far in the federal government. But my hunch is that even this potential increase in the cost to just ship government code like to get anything programmed in the first place is going to pale in comparison to the money saved from eliminating like three out of four critical security exploits across these government systems. But tell me your thoughts in the comments below. Are you excited for government Rust, federally endorsed Rust? Or would you rather a different safe language like Zig get endorsed? Or should people just get good and write better C and C++? Like and share this video to hack the algorithm and buy my merch from my online store based.win where you can save 10% off your entire order automatically at checkout by paying in Monero XMR. Have a great rest of your day.