
“Why was Rust chosen for Libra?” in congressional hearing [video] - mgraczyk
https://www.c-span.org/video/?c4808083/rust-language-chosen
======
cj
Congressman: I was really surprised about the Rust language. So my first
question is, why was the Rust language chosen as the implementation language
for Libra? Do you believe it's mature enough to handle the security challenges
that will affect these large cryptocurrency transactions?

Facebook: [We will own & control the code.]

Congressman: It looks like Libra was built on the nightly build of the Rust
programming language. It's interesting because that's not how we did releases
at the DoD. What features of Rust are only available in the nightly build that
aren't in the official releases of Rust? Does Facebook see it as a concern
that they are dependent on unofficially released features of the Rust
language? Why the nightly releases? Do you see this as a function of the
prototyping phase of this?

Facebook: [No answer]

~~~
elgenie
The first question summary is … poor. Congressman's biggest concern after
poking around on github seemed to be about international committers and a
"native Nigerian" committing a lot of the code. (based on looking around the
github-generated contributors pages for the libra and rust repos, I have no
idea who he's talking about).

The second answer was: "This is a very technical question. We'll get back to
you." Which is to be expected; there's no reason for Mr. Marcus to risk a
felony by bullshitting in front of Congress about technical decisions.

~~~
zwp
> I have no idea who he's talking about

This comment buried below:
[https://news.ycombinator.com/item?id=20467750](https://news.ycombinator.com/item?id=20467750)

points to this repo "A javascript client for libra":
[https://github.com/perfectmak/libra-
core](https://github.com/perfectmak/libra-core)

@perfectmak is in Lagos.

------
tvanantwerp
I don't think I've ever heard of a Congressman going to GitHub, poking around
in some open source code, and then asking very cogent and relevant questions
about it. This video is incredible if only because of that.

~~~
pohl
Probably an intern on his staff did the research.

~~~
sudhirj
No it sounds like he was either an engineer or engineering manager somewhere
in the DoD.

~~~
killjoywashere
[https://en.wikipedia.org/wiki/Denver_Riggleman](https://en.wikipedia.org/wiki/Denver_Riggleman)

Associate of Science (AS) in Avionics Systems from the Community College of
the Air Force in 1996.

Graduate Certificate (GradCert) in Project Managment from Villanova University
in 2007.

Air Force for eleven years, serving as an intelligence officer. He then worked
as a contractor for the National Security Agency

------
jasonhansel
This congressman (or his aides) is surprisingly knowledgeable. I'm impressed
with whoever thought to ask about nightly builds.

Edit: for reference, this is the congressman who was accused of writing
"Bigfoot erotica" during his campaign.

~~~
ceejayoz
That edit took a real turn.

~~~
killjoywashere
He's a bigfoot nerd. He posted a stupid book on his instagram feed and his
opponent tried to make him out like a weirdo. It would be like a candidate
posting the cover of star wars fan fiction and their opponent accusing them of
being a alien conspiracy theorist.

------
jdavis703
This is a good question to ask, especially about the nightly builds from
upstream. There have been NPM exploits targeted at crypto currency developers
(e.g. the event-stream breach), so it seems FB would be placing a lot of trust
in the Rust developers. This is not to say Rust maintainers are dishonest, but
all it takes is one person who's authentication credentials gets comprised.

~~~
incompatible
Wouldn't the same apply to practically any programming language and
development tools? What if they'd chosen Microsoft Visual C++? Would that be
less exploitable?

~~~
Uehreka
With nightly builds, there’s more of a chance that a piece of malware could
sneak in and get used to build a release of Libra. I’m sure the Rust
maintainers would find it fairly quickly, but even within a few days there
would be tons of Libra users with compromised wallets.

More scrutiny goes into stable release builds than nightly builds, and more
mature languages and tools have more experienced maintainers who are often
(but of course, not always) better at scrutinizing releases. It’s not that
MSVC++ can’t be compromised, but it’s pretty unlikely that it would be.

~~~
jhgg
I don’t think anyone actually runs nightly against what’s on the latest /
master. I know at work, we use nightly rust, but we pin to a specific date
release, usually when the around latest stable is cut.

------
bvinc
I just tried to build libra on stable rust. At least the first thing that
failed is that it's depending on futures 0.3. So it's almost certainly using
async/await.

------
phlip9
[https://github.com/perfectmak/libra-
core](https://github.com/perfectmak/libra-core)

It seems the Congressman mistook an unofficial 3rd-party js repo whose author
is Nigerian as an official Libra project...

------
axaxs
I feel like this is blindly upvoted. The video is underwhelming, and doesn't
come close to answering the question.

That said, I'm very impressed by the congressman in the video, as it sounds
like he knows what he's talking about. Wikipedia doesn't mention much about
programming in his bio...

~~~
protomyth
The title is misleading although technically correct. They did respond just
not with anything more than a "we'll get back to you".

I do like the basics of his questions "who is committing code to Libra" and
"why are using nightly build of Rust". I get the feeling he is not happy with
it given his mention of "not how we usually did releases in the DOD" and
pointing out the non-US coder. It will be interesting to see the technical
response and his response to that.

~~~
MrMorden
Of course Rust is international. Windows is international; Linux is
international; VMS might possibly not be international. You'd think DoD would
be buying Talos systems as fast as Raptor could spit them out, given all the
talk about wanting things to be made in the USA, but even those will likely
have parts from dozens of countries.

I don't want to knock Rep. Riggleman too hard, since knowing what Github is
(let alone how to use it) puts him in the top one or two percent of Congress;
but DoD is by no means a paragon of software development practice. It cares
far too much about compliance for the sake of compliance and far too little
about whether that compliance enables business objectives such as security or
reliability. (And waivers are easy to obtain when compliance makes things
better, but difficult when compliance makes things worse.)

~~~
epoch_100
In the video, Rep. Riggleman doesn't find issue with Rust being international;
he instead notes that one of the primary committers to _Libra Core_ (not Rust)
is Nigerian.

I had a similar response to yours when I read the top-level comment, but
watching the video it's clear that his issue is very much _not_ with Rust
having an international development team.

~~~
protomyth
His issue is Libra having a international development (or more specifically
random international development), and his issue with Rust is using the
nightly builds instead of a stable release.

------
twunde
For those wondering the Congressman in question is Denver Riggleman, (R)
representing VA's 5th district.

------
m0zg
There's hope for Congress after all. We can now be sure we have at least one
congressman there who can tell a nightly build from a hole in the ground. It's
very unusual to see congressional inquiry where the person _asking_ questions
is more competent than the person(s) answering them. Most congress(men|women)
struggle to complete coherent sentences, let alone talk about anything
technically sophisticated.

------
k__
Didn't expect a congressman to be so technical

------
booleanbetrayal
Even if it was well-rehearsed, he's earned my respect for bringing about
questions that are pointedly relevant, both materially and topically.

------
172742451
I was dispointed by the facebook side, they should answer the question in
details.

------
cookieswumchorr
I spent several minutes looking at the video for signs of editing, believing
that's a joke do demonstrate some new kind of deepfake AI. I have no idea who
those guys are, but it is astonishing to see politicians being competent in
technology outside of MS-Word power user level

------
derefr
Is there a reason that it matters what the _reference implementation_ of Libra
is written in?

A blockchain network is usually not considered healthy until it has multiple
implementations of nodes running non-negligible parts of the network. I would
say that Libra having such alternate impls is almost inevitable.

Exploiting any flaw in a particular blockchain node impl, when there are
multiple such impls, would then require either finding the same vulnerability
in all other clients; or else, attacking that one client, forcing a hard fork,
and then having that client’s version of events “win” such that other node
software choose to adopt it by hardcoding a switchover. Neither is ever very
likely.

~~~
fourier_mode
> Is there a reason that it matters what the reference implementation of Libra
> is written in?

If a language implementation is new, then it is (in the pragmatic sense) more
susceptible to security issues.

~~~
voxl
Two counters:

1\. You entirely ignored the thesis of the comment you responded to. Which is
that other nodes can be implemented in more "mature" languages.

2\. I don't buy for a second that new languages are more susceptible. You can
attach pragmatic all you want to the sentiment but it's not an argument.

------
randaouser
the rust nightly build has the ECC curve functionality. Most of the crypto
related prototyping on rust requires the nightly atm. Heres hoping integration
onto wide release for the sake of the crypto dev community

------
hsaliak
This is a deeply technical and insightful question to ask. However, is this
question on implementation detail the best question he could ask to determine
the impact of Libra on the people he represents, or does it serve to satisfy
his curiosity?

~~~
Lowkeyloki
I agree that unless the point of the question was more of a power move to show
he's not an idiot and that they shouldn't try jerking him around, the question
doesn't seem particularly useful.

The action of creating Libra could be interpreted as an attempt to undermine
US federal currency. Facebook is the first company with enough clout to
actually succeed at widespread cryptocurrency adoption to attempt something
like this. I think there are bigger issues to deal with than quibbling about
languages and release cycles. I know that the congressman's unspoken question
is really whether Facebook has considered the security ramifications of
allowing foreign nation-states to meddle directly with our system of currency
like they were able to meddle with our news media, etc. But we all know that
great programs can be written in terrible languages and terrible programs can
be written in great languages. If the congressman is thinking what I think
he's thinking, I wish he'd come out and say it instead of beating around the
bush.

