Facebook: [We will own & control the code.]
Congressman: It looks like Libra was built on the nightly build of the Rust programming language. It's interesting because that's not how we did releases at the DoD. What features of Rust are only available in the nightly build that aren't in the official releases of Rust? Does Facebook see it as a concern that they are dependent on unofficially released features of the Rust language? Why the nightly releases? Do you see this as a function of the prototyping phase of this?
Facebook: [No answer]
The second answer was: "This is a very technical question. We'll get back to you." Which is to be expected; there's no reason for Mr. Marcus to risk a felony by bullshitting in front of Congress about technical decisions.
This comment buried below: https://news.ycombinator.com/item?id=20467750
@perfectmak is in Lagos.
He comes from a DoD background. Security is probably his concern here.
He probably also isn't aware of how large computer companies like Facebook operate. Again, a single failure doesn't effect them like a single in a fighter plane. In fact a chaos monkeys that randomly knock out bits of production infrastructure are a useful technique for them. I'm sure the senator it thinking in terms of a chaos monkey randomly knocking out engines, airfoils, and computers on a flying plane.
The quality of compiler is a concern - but it is one the software engineer will be well aware. Asking a software engineer if he is sure of the quality compiler he is using is like asking a racing driver is he concerned about the quality of fuel he is using.
> The intention of that particular script is to eventually help us move towards eliminating the use of nightly features and limit depending on new ones so that we can eventually be on stable. Some features (like async/await) we'll need to wait until they've graduated to stable while others we should be able to make sufficient changes to stop relying on them.
Compared to that environment, even Rust is very move-fast-break-things. I think I understand ESR's gripes about Rust much better now.
To elaborate my confusion:
* Similar with version/release of a programming language, how does knowing the answer to this question plays a part?
Nevertheless, the government has allowed people to use Java for decades for highly secure codebases and it has had all kinds of issues.
That's interesting. What sorts of issues? Do you have sources for further reading?
It was not a passing comment. Exporting sensitive systems to other countries takes special care. There are hoops to jump through and Java made that job more difficult throughout the years. Many times you don't know a system will be exported until you have already built the system.
Additionally, Java went through a period where vulnerabilities were found frequently but the patches took time to develop and deploy.
I think it exposes a key difference between a FAANG company and a lot of other development though. Because most of use simply use the programming languages as tools, but Facebook is actually going to change the Rust language to fit their needs.
> Facebook was initially coded in pure, vanilla PHP, but over the years, [they] needed more capabilities [...] so, FB developed their own proprietary programming language based on PHP, which they dubbed Hack."
Are politicians concerned about Libra? I think so. But I also think that they try to "attack" it from all possible angles and the programming language is one of these angles. Because if Libra gets out of hand, they do not want to be responsible for not having done their due diligence.
in general i think this is a positive sign.
Associate of Science (AS) in Avionics Systems from the Community College of the Air Force in 1996.
Graduate Certificate (GradCert) in Project Managment from Villanova University in 2007.
Air Force for eleven years, serving as an intelligence officer. He then worked as a contractor for the National Security Agency
He may just be familiar with programming.
Edit: for reference, this is the congressman who was accused of writing "Bigfoot erotica" during his campaign.
That was mostly a smear campaign by his political opponents.
More scrutiny goes into stable release builds than nightly builds, and more mature languages and tools have more experienced maintainers who are often (but of course, not always) better at scrutinizing releases. It’s not that MSVC++ can’t be compromised, but it’s pretty unlikely that it would be.
It seems the Congressman mistook an unofficial 3rd-party js repo whose author is Nigerian as an official Libra project...
That said, I'm very impressed by the congressman in the video, as it sounds like he knows what he's talking about. Wikipedia doesn't mention much about programming in his bio...
I do like the basics of his questions "who is committing code to Libra" and "why are using nightly build of Rust". I get the feeling he is not happy with it given his mention of "not how we usually did releases in the DOD" and pointing out the non-US coder. It will be interesting to see the technical response and his response to that.
I don't want to knock Rep. Riggleman too hard, since knowing what Github is (let alone how to use it) puts him in the top one or two percent of Congress; but DoD is by no means a paragon of software development practice. It cares far too much about compliance for the sake of compliance and far too little about whether that compliance enables business objectives such as security or reliability. (And waivers are easy to obtain when compliance makes things better, but difficult when compliance makes things worse.)
I had a similar response to yours when I read the top-level comment, but watching the video it's clear that his issue is very much _not_ with Rust having an international development team.
A blockchain network is usually not considered healthy until it has multiple implementations of nodes running non-negligible parts of the network. I would say that Libra having such alternate impls is almost inevitable.
Exploiting any flaw in a particular blockchain node impl, when there are multiple such impls, would then require either finding the same vulnerability in all other clients; or else, attacking that one client, forcing a hard fork, and then having that client’s version of events “win” such that other node software choose to adopt it by hardcoding a switchover. Neither is ever very likely.
If a language implementation is new, then it is (in the pragmatic sense) more susceptible to security issues.
1. You entirely ignored the thesis of the comment you responded to. Which is that other nodes can be implemented in more "mature" languages.
2. I don't buy for a second that new languages are more susceptible. You can attach pragmatic all you want to the sentiment but it's not an argument.
The action of creating Libra could be interpreted as an attempt to undermine US federal currency. Facebook is the first company with enough clout to actually succeed at widespread cryptocurrency adoption to attempt something like this. I think there are bigger issues to deal with than quibbling about languages and release cycles. I know that the congressman's unspoken question is really whether Facebook has considered the security ramifications of allowing foreign nation-states to meddle directly with our system of currency like they were able to meddle with our news media, etc. But we all know that great programs can be written in terrible languages and terrible programs can be written in great languages. If the congressman is thinking what I think he's thinking, I wish he'd come out and say it instead of beating around the bush.