
Abscissa: Security-oriented Rust application framework - waffle_ss
https://iqlusion.blog/introducing-abscissa-rust-application-framework
======
Twisol
This looks _amazing_. Not just for the software (which itself looks very
nice), but for the philosophy described in this post.

Some quotables:

> Abscissa applications are Rust libraries. One of our eventual goals is to
> allow several Abscissa applications to coexist in the same binary, allowing
> for things like embedding subcommands/subapplications.

Yes! I hate how often functionality is locked away behind a UI (whether GUI or
command-line). It drastically hinders composability, and hence reuse. (Yes,
you can recover some of this with shell scripts, but you're working with _text
streams_ or files, and not the richly structured data that you'd normally have
within a process.)

> As David Heinemeier Hansson says, “Great frameworks are extractions, not
> inventions”

Yes! Don't create "a pluggable, reusable framework for everything" \-- create
things, then extract the common parts. It's reusable _because_ it's already in
multiple places. You don't waste time thinking up possibilities for reuse and
customization, because you're already generalizing pre-existing patterns.

> Abscissa borrows some ideas from Entity-Component-System design (though we
> insist that it is not an ECS and should not be described as such)

I love that they have the wisdom to take ideas from ECS (which is a tragically
less-known form of architecture), and the _self-restraint_ to not use that
label when it doesn't apply.

Ignoring the technical merits altogether, this post is really well-written and
considered. I appreciate the level of detail (and humor) here, and it really
makes me very keen to use Abscissa. This is all the more, perhaps, because
most of what I've used Rust for has been exactly the kind of command-line
tooling Abscissa is targeted at, rather than microservices or embedded
software. (I think all of those things are really cool, and we definitely need
Rust in that space, but pay some mind to us folks doing the unstylish command-
line stuff!)

~~~
joshuamorton
To your first comment, I work in tools and infra at $bigco, and at this point
I essentially require that any newish tool expose an internal API that the
tool is an unprivileged consumer of.

CLI? Your Python or Java binary should be a flag parser that calls all logic
out to a library. Web api? It consumes an internal library and the server just
parses and passes arguments.

(Obviously this doesn't always work for rich interactive apps, but often
things aren't).

Then adding a new interface is easy (and can sometimes be done automatically).
It took a new hire on my team like 2 days to add a new interface to a tool
that followed this pattern, when I've asked other teams for similar, estimates
in weeks :/

It also has a side effect of improved testability and maintainability.

------
rgovostes
Both the name of the company (iqlusion) and the name of the framework
(Abscissa) are references to the encrypted Kryptos sculpture on the grounds of
the Central Intelligence Agency. Its first plain text message says,

> BETWEEN SUBTLE SHADING AND THE ABSENCE OF LIGHT LIES THE NUANCE OF IQLUSION

The second message is encrypted with the key "ABSCISSA".

------
kaiby
I chuckled at their README:

> Q2: "Abscissa" is a hard name to remember! Got any tips?

> A2: Imagine you're A-B testing a couple of scissors... with attitude.

------
gyk
> An abscissa represents the elevation of a point above the y-axis

So your y-axis is the horizontal one?

