> > Normally no one talks anymore about things like buffer overflows, use after free,... since years
> Some of the biggest vulnerabilities of recent years (e.g. Heartbleed) were out-of-bounds access.
If I understand the Heartbleed bug correctly, it did not involved buffer overflows. It was a logical bug where they "trusted" the user-provided payload length (that can be much larger than the actual payload) and allocated the response buffer accordingly without zeroing it (malloc vs calloc). The "trash" in the uninitialized memory turned out to be quite valuable.
"Defence Intelligence of Ukraine shares footage of the targeting of two Russian Pantsir-S1 air defence systems. Looks like loitering munition was used. As said, today in the Belgorod region of Russia."
"Prions bind to plants and bound-PrPSc efficiently sustain prion replication
Roots and leaves were washed thoroughly and analyzed for the presence of PrPSc by serial PMCA (Morales et al., 2012). The results show that even highly diluted PrPSc can bind to roots and leaves and sustain PrPC conversion (Fig. 1A). [...] However, both roots and leaves capture PrPSc efficiently, even at very small concentrations, equivalent to those present in biological fluids, such as blood and urine (Chen et al., 2010).
Animals can be infected by oral ingestion of prion-contaminated plants
After exposure, plants were extensively washed 5 times with water and animals fed with dried material orally. [...] All animals that ingested prion contaminated leaves and roots developed typical prion disease. Although the incubation times were significantly longer in animals ingesting prions attached to leaves and roots as compared with those fed directly with the brain material, the differences were not as high as one could have expected (Fig. 2A)."
---
Something developed sporadic prion disease (in humans its called "Sporadic Creutzfeldt-Jakob disease": https://pubmed.ncbi.nlm.nih.gov/29887134/ ), died from it, plants grew on the fertilized land and were eaten by deer, the cycle repeats.
CWD-infected deer shred prions in urine, feces, probably saliva too (the aforementioned paper mentions that this is enough for plant-mediated infection), a trait shared with scrapie-infected sheep, hamsters and, i assume, BSE-infected cows.
"Oral exposure to prion-tainted blood, urine, saliva and feces have been suggested as modes of transmission for CWD and scrapie among herbivores susceptible to these diseases. Both CWD and scrapie infection is thought likely to enter the body through gut-associated lymphoid tissues, in Peyer's patches in the alimentary tract. Moreover, the presence of the infectious isoform of the prion protein, designated PrPSc, in Peyer's patches suggests alimentary shedding of CWD and scrapie prions into feces. [...]
When noninfected Syrian hamsters were cohabitated with Syrian hamsters orally infected with Sc237 prions, we observed 80–100% infection rates within 14 days after oral challenge."
Also, birds can spread prions in their litter:
Crows don't digest prions, may transport them to other locations
"Crows fed on prion-infected brains from mice can transmit these infectious agents in their feces and may play a role in the geographic spread of diseases caused by prions, such as chronic wasting disease or scrapie."
Luckily, even most mammalian prions have some troubles jumping between mammal species.
For example, sheep scrapie can be transmitted to primates in laboratory, but to date considered non-transmissible to humans in nature (fortunately, as it is insidious and regulations on sheep and goats slaughter are laxer than on bovine):
Transmission of scrapie prions to primate after an extended silent incubation period
"However, one cynomolgus macaque exhibited obvious neurological signs more than 9 years (110 months) after intracerebral exposure to a high dose of a sheep classical scrapie isolate (25 mg of brain)."
BSE prions are much more infectious, not only for humans and ruminants, but for other species too, for example, cats and hamsters.
---
Personally, I don't expect fish or insects to be sources of infection, only potential (if relatively unlikely) transmitters.
That said, apparently nearly everything can be transmitter for prions:
* Fish have prion proteins too (currently, no fish prion diseases are known):
"To date, the occurrence of TSEs in lower vertebrates like fish and birds has received only limited attention, despite the fact that these animals possess bona fide PrPs."
---
* Birds can transmit prions in their poop, spreading them at great distances (keep it in mind when clearing bird feces):
Crows don't digest prions, may transport them to other locations
"Crows fed on prion-infected brains from mice can transmit these infectious agents in their feces and may play a role in the geographic spread of diseases caused by prions, such as chronic wasting disease or scrapie."
---
* Insects and parasites can be prion infection vectors:
Could ectoparasites act as vectors for prion diseases?
"Fly larvae and mites were exposed to brain-infected material and were readily able to transmit scrapie to hamsters. New lines of evidence have confirmed that adult flies are also able to express prion proteins."
---
* Plants are acting as prion vectors:
Grass plants bind, retain, uptake and transport infectious prions
"Prions bind to plants and bound-PrPSc efficiently sustain prion replication [...] These results indicate that leaves and roots can efficiently bind PrPSc, which remains able to catalyze PrPC to PrPSc conversion, leading to prion replication. [...] After exposure, plants were extensively washed 5 times with water and animals fed with dried material orally. [...] All animals that ingested prion contaminated leaves and roots developed typical prion disease. Although the incubation times were significantly longer in animals ingesting prions attached to leaves and roots as compared with those fed directly with the brain material, the differences were not as high as one could have expected (Fig. 2A)."
---
* Excrements can transmit prions, thus coprophagous animals, insects included, can too:
"Oral exposure to prion-tainted blood, urine, saliva and feces have been suggested as modes of transmission for CWD and scrapie among herbivores susceptible to these diseases. Both CWD and scrapie infection is thought likely to enter the body through gut-associated lymphoid tissues, in Peyer's patches in the alimentary tract. Moreover, the presence of the infectious isoform of the prion protein, designated PrPSc, in Peyer's patches suggests alimentary shedding of CWD and scrapie prions into feces. [...]
When noninfected Syrian hamsters were cohabitated with Syrian hamsters orally infected with Sc237 prions, we observed 80–100% infection rates within 14 days after oral challenge."
---
* Even dust can transmit prions:
Circulation of prions within dust on a scrapie affected farm
"Using protein misfolding cyclic amplification we demonstrate that scrapie PrP(Sc) can be detected within circulating dusts that are present on a farm that is naturally contaminated with sheep scrapie."
---
* Even ashes from not sufficiently hot cremation can transmit prions:
Infectivity studies of both ash and air emissions from simulated incineration of scrapie-contaminated tissues
"We investigated the effectiveness of 15 min exposures to 600 and 1000 degrees C in continuous flow normal and starved-air incineration-like conditions to inactivate samples [...] yielded a total of two transmissions among 21 inoculated animals from the ash of a single specimen burned in normal air at 600 degrees C."
I wonder, how bad is prion contamination of the Ganges river in India?
The hvasilev's comment got flagged and I could not reply to it anymore, so I'll reply here (sorry) and copy-paste the hvasilev's comment verbatim below, for the sake of commenting on it's claims:
---
Reality is not on the side of this language. 11 year old, has a very low adoption with virtually no jobs associated. (https://www.tiobe.com/tiobe-index/)
On the other hand if you search for "Rust" in the latest "Who wants to be hired?" thread, you will see it is quite popular with unemployed people.
The reality is that the language has a lot of friction, the ergonomics are bad, the syntax is heavy and some poor decision making has been made there for a systems-level programming language.
There are a lot of ideological traps in this industry and many people that fall for them. Why people are interested in ideologies and cults is beyond me.
Now my comments on the issues mentioned in the hvasilev's comment.
> Reality is not on the side of this language. 11 year old, has a very low adoption with virtually no jobs associated. (https://www.tiobe.com/tiobe-index/)
Tiobe index is shit. The most flattering thing I've read about it states that it (poorly) depicts quantity of educational materials available online for particular programming language. Unfortunate naming of programming languages after letters of alphabet, symbols (++, #) and real-life stuff (like islands) doesn't help this rating either.
That said, Rust isn't that popular and isn't growing much according to other better language ratings:
A Github-based rating created by the author of Context Free YouTube channel. For 2021Q3, Rust is on 18th place with Mean Score of 0.82% (up 0.01% from 2021Q2).
... listed on the largest Ukrainian programming site.
---
> The reality is that the language has a lot of friction, the ergonomics are bad, the syntax is heavy and some poor decision making has been made there for a systems-level programming language.
Well, this is matter of taste, largely. But I have a few issues with Rust syntax too (IMHO):
1. F--king single quotes. Eww, really?! IIRC, a tilde (~) character was used for lifetimes until some Europeans (?) complained that their keyboards have no tilde. I wonder, how they programmed in C++ all that time? For years, if I met online a piece of code that was highlighted as a comments mishmash I knew exactly in what language it was. Ugly as f--k.
2. Closures using pipes (|). With no arguments they look like OR operator (||). Distracting.
3. Using angle brackets for generics.
4. Double colons (::) as "path qualifier" produce too much visual noise. Java likes long pathes too and uses dot (.) as separator just fine.
5. What with this arrows (->) before return types? Seems unnecessary. Couldn't return types be purely positional as in Go?
I don't use Rust so it's mostly "glimpses from the outside".
Speaking of friction. This reminded me of a video by Jonathan Blow (creator of Braid and The Witness games and Jai programming language). The video is worth watching whole but piece about friction in gamedev starts approximately at 49:23.
"Rant: Entity systems and the Rust borrow checker ... or something."
As for poor decision making, it was pretty poor decision to include an npm knock off into the language. I'm speaking of crates.io repository. For some time it has a squatting problem that isn't fixed yet:
3 year old thread, the squatter is still there holding 104 packages. At least npm has namespaces.
I wonder, if cargo will turn into malware-ridden micro-dependency hell too?
---
> There are a lot of ideological traps in this industry and many people that fall for them. Why people are interested in ideologies and cults is beyond me.
"MongoDB is web scale" video nicely illustrates "ideological traps" and cult-like behaviors in "this industry".
And what else illustrates cult-like behaviors? Flagging an innocent comment you don't agree with. What was in the hvasilev's comment that warranted its removal? In my opinion, nothing. It contained no insults, no personal attacks, and was more or less factually correct. Rust is relatively unpopular, complex, ideological, syntactically-heavy language with relatively few job offerings, i.e. pretty much what the hvasilev's comment said.
Complaining about the comment being "off topic" is somewhat funny given Rusters' penchant for inserting their language into discussions about other programming languages (especially C, C++ and Go).
> What with this arrows (->) before return types? Seems unnecessary. Couldn't return types be purely positional as in Go?
I guess you could say `->` is too verbose and you can omit it in other languages. Rust has a complex type system and there can be confusing code when you omit `->`.
1. Closure Return Types.
You can define a closure with an explicit return type:
```
let my_closure = |i: u32| -> u64 {
i as u64
};
```
Now how do you omit the arrow here? How do you know `u64` is the return type and not constructing a struct?
2. Parsing stuff
It becomes impossible to parse none-delimited types. Is `fn() fn()` two different types or a function pointer returning a function pointer?
3. Readability
I mean, tokens can be read out loud and omitting it stops making sense.
`fn foo(bar: i32) -> f32` can be read as a "function named 'foo' that takes an argument named bar with type i32 and returns f32". The word returns directly corresponds to the `->` token.
Rust also has the `!` (read: never) type. Poorly formatted code when `->` is omitted is very confusing: `fn a()!` when compared to `fn a()->!`, or just one character generic types: `fn a<T>()T` compared to `fn a<T>()->T`.
> Complaining about the comment being "off topic" is somewhat funny given Rusters' penchant for inserting their language into discussions about other programming languages (especially C, C++ and Go).
The childlike “well they do it too” argument is almost the perfect example of how the anti-rust crowd is becoming even more obnoxious than the infamous Rust evangelism strike squad.
For the record , I’ve never written a line of rust in my life and am not particularly invented in its success or failure. And no, I didn’t flag GP.
An interesting video about human prion diseases that, among other things,
discusses epidemiology ("1 in 7000 is, actually, a lifetime risk" [in the U.S.]):
"Creutzfeldt-Jakob Disease and Other Prion Diseases - Brian Appleby, M.D."
"...and we looked at thousands of appendices... and we looked at thousands of them [appendices] and of these
12,500 we find that 3 were positive... subsequent studies on tonsils come out with broadly similar figures
so our best guess is that that currently [2010] there may be 1 in 10,000 or around 4 in 10,000 are infected
with Variant CJD in the UK..."
---
Variant Creutzfeldt–Jakob disease (vCJD), commonly referred to as "mad cow disease"...
It is caused by prions, which are misfolded proteins. Spread is believed to be primarily
due to eating bovine spongiform encephalopathy (BSE)-infected beef.
-- https://en.wikipedia.org/wiki/VCJD
"Recompose, the country’s first human composting funeral home does it like this: a corpse is placed in a cylinder with organic materials, like wood chips, plants, and straw, then heated and turned repeatedly for several weeks with a hook until it’s broken down into a nutrient-rich soil that can be delivered back to the family or used for planting."
Every time I read about using human corpses to produce soil, I recall this article:
"Grass plants bind, retain, uptake and transport infectious prions"
In the past I read about this or similar startup and they mentioned that they don't accept corpses of people diagnosed with prion diseases. IMHO, this is not enough. For example, a person with early CJD could die of other cause and never be diagnosed. Besides that, sporadic CJD isn't as rare as "1 per million" (still rare though).
Here is an interesting video about prion diseases that, among other things, discusses epidemiology ("1 in 7000 US deaths"):
"Creutzfeldt-Jakob Disease and Other Prion Diseases - Brian Appleby, M.D."
Testing of corpses based on Protein Misfolding Cyclic Amplification (PMCA) might come in handy (if it's not too expensive). It is claimed to be very sensitive. Here is presentation by Dr. Rodrigo Morales (one of the authors of the article about prion uptake by plants that I linked above):
I hope when it's time for me, I can simply be flushed down the drain:
> Alkaline hydrolysis is also used in the agricultural industry to sterilize animal carcasses that may pose a health hazard, because the process inactivates viruses, bacteria, and prions
I just posted this on another comment, but it turns out the Zoroastrians had a solution for this, which still allows the body to be recycled naturally.
https://en.wikipedia.org/wiki/Tower_of_Silence
I spent a bit of time on Recompose’s site a couple of months back out of curiosity. One of the things that stuck out to me was that there were stipulations regarding a person’s medical records. The presence of prion diseases or hepatitis were listed as reasons one could be rejected by Recompose, among other illnesses.
I want to say they’re aware of the issue, but when I went back to look for this info today I couldn’t find it. So unfortunately you’ll have to take this with a grain of salt.
> Some of the biggest vulnerabilities of recent years (e.g. Heartbleed) were out-of-bounds access.
If I understand the Heartbleed bug correctly, it did not involved buffer overflows. It was a logical bug where they "trusted" the user-provided payload length (that can be much larger than the actual payload) and allocated the response buffer accordingly without zeroing it (malloc vs calloc). The "trash" in the uninitialized memory turned out to be quite valuable.
"xkcd: Heartbleed Explanation":
https://xkcd.com/1354/
"Add heartbeat extension bounds check.":
https://github.com/openssl/openssl/commit/731f431497f463f3a2...