What are the other advantages exactly besides tool chain? A lot of people using Rust where the could have just used Go or another language that is memory safe and actually productive. Maybe I am just being a hater because I grew up on C/C++ but I know for a fact "Rustaceans" are getting out of control. Approaching zealot territory for sure. The time people spend fighting the Rust compiler for a project, they could have just written secure C.. That is just my personal opinion. I am not saying Rust shouldn't exist. I am just saying it isn't some big universal answer to all security and systems programming issues..
> What are the other advantages exactly besides tool chain?
It's a very productive language once you're experienced.
I'm one of those people who (initially) didn't care about memory safety at all and just wanted a more productive C++, and for me it delivers on that perfectly. Nowadays I even use Rust for scripting, because with the right libraries it's just as productive for me as Ruby and Python can be while being orders of magnitude faster.
I always find it funny when I see the "fighting with the borrow checker" meme, or as you say - "people spend fighting the Rust compiler for a project", where people complain how extremely unproductive Rust is. This is very much true, if you're a beginner. It's a language with a very high skill ceiling (similar to C++).
So you basically never have to worry about lifetimes or memory management or the borrow checker? Because that would be a prerequisite for it to be as productive as Python.
I'd love to see a seasoned Python developer and a seasoned Rust developer comparing the time they spend to solve e.g. Advent of Code. I bet the Python dev would solve it at least ten times faster (developer time, not execution time).
> So you basically never have to worry about lifetimes or memory management or the borrow checker?
Yes. Once you're experienced enough you naturally start writing code which satisfies the borrow checker and you never really have to think about it. At least that's how it is for me.
> Because that would be a prerequisite for it to be as productive as Python.
It's not that hard to be more productive than Python for a lot of tasks, simply because Python isn't actually the most productive language in a lot of cases, it's just the most well known/most popular. (:
I do a lot of data processing in my scripts, and for many years my default was to use Ruby. The nice thing about Ruby is that things which take 3~4 lines of Python usually only take 1 line of Ruby and are significantly more convenient to do (e.g. it has proper map/filter/etc., nice multiline lambdas, regex matching is integrated into the language, shelling out to other processes is convenient and easy, etc.), which translates into significant productivity savings when you just want to whip up a script as fast as possible.
So some time ago I started writing my scripts in Rust instead of Ruby (because I often deal with multi-gigabyte files, so the slowness of Ruby started to be a problem; otherwise I would have kept using Ruby). And I've made myself a small custom library that essentially allows me to use Ruby-like APIs in Rust, and it's remarkable how well that actually worked. I can essentially write Ruby-flavored Rust, with Ruby-like productivity, but get Rust-like performance.
In C++ I have learned the patterns and so I rarely need to worry about lifetime - everything is either on the stack or a unique_ptr. Even when I need to take a pointer I know I don't own it but my project has clear lifetime rules and so I normally won't run into issues.
The above is not perfect. I do sometimes mess up, but it is rare, and that is C++ so I don't get tools/the language helping me.
I've long been intrigued by rust for their claims on those lines. But I can't justify a billion dollars and many years to rewrite our current c++. that means anything would need to understand c++ types so I can call existing functions that need a vector or implement a virtual function on an existing interface.
We are actually looking at a different option: break up our processes and use IPC. There are architecture reasons to do this, but that means the IPC is something we can define and so some of those processes would be all new code that could then be written in rust. Others of them would be small enough that it is feasable to rewrite in rust without blowing the schedule/budget. However that still leave the vast majority of our code as C++ for the foreseeable future.
> So you basically never have to worry about lifetimes or memory management or the borrow checker? Because that would be a prerequisite for it to be as productive as Python.
To be more productive than Python? I almost never have to worry about lifetimes or the borrow checker. And even when I do, I'm still more productive.
I wrote a comment a while back on this topic; someone asked for a comparison between a little Python script and Rust. You can see both versions linked here https://news.ycombinator.com/item?id=40089906
> The time people spend fighting the Rust compiler for a project, they could have just written secure C
I simply don't believe this anymore, based on the number of buffer overflow and memory corruption CVEs coming out of even mature C codebases every year
CVEs are being assigned recklessly these days. Most of them aren't even security bugs and or cannot be exploited. Be wary of CVEs and their practical utility.
That's been my experience. The troubles I've had with Rust were when I was trying to do things the way I would've in C, and either rustc or cargo clippy told me that my idea is bad and there's a better way. I feel like I've learned a lot about better coding in general from it.
The US government, Linux, Google, Mozilla and many more see value in memory safe languages, yet I see so many people, like you, saying "No, they're all wrong. Get good.". I just don't get it.
What insights do you have that makes you more qualified than all these organizations combined? What are they all missing?
I have been doing government work for a while and understand why they respond that way. Nation states can in fact develop very powerful kill chains. My entire start up was created and sold based on a vehicle kill chain but that took us a year and a half to do… Mean while some kid in his moms basement uses leaked credentials and sprays a network or phishes and boom. Major breach…
> Maybe I am just being a hater because I grew up on C/C++ but I know for a fact "Rustaceans" are getting out of control. Approaching zealot territory for sure.
This is a perfectly level-headed submission about trying out Rust in some corner of the Linux Kernel. Which you then take as an opportunity to go on this rant... I’ll let people read my conclusion between the lines.
> The time people spend fighting the Rust compiler for a project, they could have just written secure C.. That is just my personal opinion.
Empirical evidence from the largest software firms in the world who do research on objective metrics on software defects show that there's no such thing as secure C and that Rust is slightly more productive.
A team can learn and start using Golang in a week. That is in fact what is powering a lot of companies right now. Golang has even better memory safety guarantees than Rust and you don't really need to worry about memory management at all... Furthermore its compiled statically and more suitable for distribution and horizontal scaling. I am not sure how quickly a team can become productive in Rust but I am willing to bet that it would take way way longer to get off the ground. That being said, using an LLM might help with that but then you would still have code people don't understand and that becomes technical debt... Maybe I am just old and grumpy.. I am learning Rust myself and I just don't understand why it's being pushed so hard. I think Zig should be pushed for systems programming if anything..
> Golang has even better memory safety guarantees than Rust
I don't think that's true at all. For one, Go has data races, which lead to undefined behavior and memory corruption. For example, appending to the same slice from multiple threads will corrupt its metadata and can lead to out-of-bounds reads and writes.
> A team can learn and start using Golang in a week
True, but why should we be optimizing for the first week experience? Your career lasts 40 years.
> Golang has even better memory safety guarantees than Rust
That is not true. What specific example did you have in mind? As an example of something Rust can enforce that Go can’t is not mutating something that’s shared between threads without acquiring the proper lock.
> Furthermore its compiled statically and more suitable for distribution and horizontal scaling.
Rust can be statically linked just like Go can. Not sure what else you think makes it less suitable for distribution and horizontal scaling. There are certainly lots of companies distributing Rust programs and horizontally scaling them so this seems empirically false.
> I am learning Rust myself and I just don’t understand why it’s being pushed so hard.
Because it has a lot of nice features that make a lot of people like it - memory safety without GC, prevention of data races, algebraic data types, etc. No other mainstream compiled languages has this set of features. There’s no conspiracy to “push” Rust. The push is organic. People just like it.
> "I know for a fact "Rustaceans" are getting out of control"
That isn't a fact, that's an opinion. A pearl-clutching, panicky, fact-free opinion framed in terms of "control" which raises questions about who you think should be "controlling" those uppity people who are doing things you don't like.
Seriously - an explosion can be out of control, but other people aren't supposed to be in your control in the first place, right? That's basic freedoms and so on. How is your position any different to any other entrenched social / power structure attempting to control people who want things to change?
Again and again we see the detractors complaining about Rustaceans being out of control, zealots... meanwhile the only once being unreasonable and making side-topics language war subthreads are the complainers.
What I’ve seen outside these subthreads is just people discussing Rust in the Kernel. No zealotry side-topics about how Rust should be used in place of C or C++ or other such advocacy side-topics.
