Hacker News new | past | comments | ask | show | jobs | submit login

> But I'm always skeptical when underlying language choice is featured prominently as a selling point for any new project.

> It tells me, this is a technology-first, users-second enthusiast project.

> And thus, I'll be surprised if it tackles the deepest issues users need solved.

Some of the deepest issues that users need solved are ones that Rust was designed to solve at the language and compiler level.

1. System stability and memory efficiency, zero or fewer crashes due to memory-safety or thread-safety problems.

2. Security and assurance via the elimination of entire classes of attack vectors like buffer overflows.

3. Highly performant, responsive applications that are a joy to use.

Solving problems at the compiler level eliminates the reliance on fallible programmers to do so. People also tend to discount maintaining those solutions over years of dev team turnover, startup failures, etc. Building those solutions, capabilities, and constraints into the language itself makes maintenance over the entire product lifecycle more consistent.

It's like buying a Toyota, you know from the brand alone that you're getting a certain baseline level of reliability, maintainability, durability, and longevity. Rust is like the Toyota of programming languages - it can produce many different types of cars/programs, but they're all guaranteed to come with a baseline level of assurance, and to eliminate common classes of problems that degrade the end-user experience.

It may not make sense for other languages to be prominently featured as a selling point, but Rust is an exception.




> It's like buying a Toyota, you know from the brand alone that you're getting a certain baseline level of reliability, maintainability, durability, and longevity. Rust is like the Toyota of programming languages - it can produce many different types of cars/programs, but they're all guaranteed to come with a baseline level of assurance, and to eliminate common classes of problems that degrade the end-user experience.

It's possible to make buggy, slow, crappy software in any language. Rust is no exception. Nobody should derive any confidence from the language a product is written in.


> It's possible to make buggy, slow, crappy software in any language.

True.

> Rust is no exception.

Also true.

> Nobody should derive any confidence from the language a product is written in.

This, on the other hand, is a non-sequitur, or at least it's too strong, because Rust can do things that C can't do: safe deterministic memory management and safe concurrency without data races. These things are not just available, they are the defaults in Rust. You have to go out of your way to get these things wrong. So, I wouldn't derive absolute confidence from an application being written in Rust. But I'd be willing to bet a whole lot that it has fewer memory bugs than an equivalent application written in C.


> they are the defaults in Rust.

Exactly, this is what I should have explicitly said. Language defaults have a powerful effect on a project's norms and culture.

> You have to go out of your way to get these things wrong.

Yes, you actually have to try to write shitty Rust code, at least where there are defaults that prevent it. Thus the average Rust program will have that baseline level of quality. Like TQM/TPM/Six-Sigma for manufacturing software.


Like ActixWeb?


IMO the fact that the actix-web debacle was so well publicised speaks volumes in itself. The issues were actually discovered ahead of time by people reading the source code rather than people encountering bugs or vulnerabilities in the wild. That's a huge improvement over C software. Of course there are still bugs in Rust programs and libraries, but much fewer. And I think fewer to the point that eliminating them entirely might actually be feasible with enough effort.


For every vocal example there are tons that fly under the radar until they are on the news for the wrong reasons.

It is no accident that Ada and Java also have security guidelines similar to MISRA, because even with memory corruption bugs out of the picture, as log4j newly remided us, security only happens when it is part of the daily process, regardless of the language.


Isn't the whole reason you're mentioning actix-web because the community mostly balked at the amount of unsafe code in it? Surely that should be some evidence that the norms in Rustland are qualitatively different in many ways to what you'd find elsewhere?


Yes, pretty much like that. The author put "unsafe" blocks everywhere and the rest is history. Unsafe as a keyword is a kind of pledge: as a dev, you swear to the compiler that you've checked this part for correctness/safety. If you don't, you may get bitten, but the simple fact that "grep -R unsafe" will yield most (if not all) instances of potential memory fuckups is a huge win for auditability.


Rust's unsafe wouldn't have done anything to protect against an hypotetical log4r.

As for the memory fuckups you are right, pity that they are using a C GUI library.

Even if the binding has been deemed safe upon validation, if only remains a valid certification until the next Gtk version update, even minor ones might break the assumptions validated on the unsafe code block.


> Rust's unsafe wouldn't have done anything to protect against an hypotetical log4r.

You are correct. No programming language will protect you from writing flawed application logic.

> pity that they are using a C GUI library. (...) Gtk version update, even minor ones might break the assumptions

I don't know about that. GTK is more "battletested" than most frameworks, and has a lot of contributors to fix bugs. Also, and that's a very important point, GTK cares for accessibility! Using any other framework would have meant excluding a lot of people from the GUI.

As for assumptions, i certainly hope GTK devs don't push breaking changes to the ABI on minor updates. But i guess that's yet another assumption that can be broken.


Do you think Actix Web would be safer if it were written in C++?


Probably not, the point was that being in Rust wasn't either.


But the point is the exact opposite because any use of unsafe is clearly marked as such, and therefore a code audit will instantly find its use and question it. Hence the fallout surrounding it.


How do you find unsafe on a binary library?

Also that is besides the point, unsafe only deals with a very specific cause of errors that plague C code bases (and those of languages copy-paste compatible with it).

Rust's unsafe wouldn't have done anything to protect against an hypotetical log4r.


My point is that Actix Web was still safer than it would have been if it were written in C++ (which is Rust’s whole goal as far as safety), and moreover the norms of the Rust community are so strong that most of the unsafe usage has since been removed, since it was unnecessary. Unsafe deals with memory errors, which are consistently the largest class of security vulnerabilities in native codebases. This is uncontroversial at this point. Rust won’t protect you from log4j, but it never claimed to. Java still protects you from mishandling memory, despite all the stupid automatic classloading features we keep discovering in it.


Non-sequitur definition: noun

a conclusion or statement that does not logically follow from the previous argument or statement. "his weird mixed metaphors and non sequiturs"


This is true and also mostly unhelpful. It's possible to build a car without a muffler. Does that mean it happens often enough that we need to dedicate a whole pooh-pooh session to the possibility? Is a manufacturing process not more likely to be useful if it prevents this error from ever occurring?


There has to be a middle ground between "Nobody should derive any confidence from the language a product is written in" and "I only use products written in language X".

You shouldn't dervive all confidence in a product from it's implementation language, but when you are looking at all available products and need to filter down to ones you might be interested in. Implementation language can be a useful litmus test for understanding how it might behave without doing a complete in depth evaluation.

For example if I learn that a desktop application is written in javascript, it is likely to be using electron or an OS webview. Or if an application is written in C++ it is unlikely to have GC pauses cause stuttery UI. Both of those assumptions may not be true (Sciter for JS and Boehm GC for C++ respectively). However those assumptions are a useful starting point unless proven otherwise.


> It's possible to make buggy, slow, crappy software in any language.

Technically it's possible, but you have to try a lot harder to do it in Rust than most other systems languages.


Because this is written in Rust and given how hard it is to hire Rust engineers, this will be abandonware in no time.

Remember vala anyone?

Although I want this to succeed if it is infact more performant and smoother than GNOME.


> given how hard it is to hire Rust engineers,

That's not given.

> Remember vala anyone?

Vala is nothing like Rust, doesn't solve the same problems, and is much more narrow in scope (Gnome development).

https://webcache.googleusercontent.com/search?q=cache:AcldYn...


For the reasons I mentioned above, adoption of vala by projects in 2010 is exactly like adoption of Rust.

That Rust is much more capable doesn't matter.


You didn’t give any reasons about adoption of Vala. You said it’s hard to hire Rust programmers, and then just “Remember Vala anyone?” without actually saying anything more about Vala.


Well, what about Vala? Obviously C, Python, and especially JavaScript are infinitely more popular programming languages. Yet the number of developers building GTK apps with any of them seems to be in the same ballpark.


I would add from experience, that using Rust would increase the speed of development like with any higher-level language than C and without the need to track memory problems. It shifts focus more on the actual development. Cargo helps to this cause as well, not always though.


Maybe you're right in some fundamental way, but as an example iOS, macOS, Android or Windows are all considered stable and efficient, secure and highly performant by most end-users. As a specialist one can quibble and point to counter-examples, but all of these are fine choices. The only big differences are in privacy and level of control offered.

It's more likely that by the time Rust makes an impact in Linux stability and performance - because you're using an OS, not just desktop environment - nobody will even remember what System76 was.


  > Some of the deepest issues that users need solved are ones that Rust was designed to solve at the language and compiler level.
true, but if they are just calling into gtk in the end, will it actually be any faster/more-stable?


Ironically, perhaps Rust in this sense should be compared to Basalt -- as in the projected longevity difference between Basalt-rebar and iron-rebar.


Ok, but GTK uses Javascript, which is where most of that toolkit's defects (both security flaws and slowdowns) come from, not C. Calling javascript from Rust isn't going to be a materially different experience than calling javascript from C.


GTK is written in C, not JS.


GTK uses CSS but no JS. GNOME uses JavaScript intensively though, which is part of the reasons for the many slowness and bugs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: