this post was submitted on 10 Nov 2024
205 points (92.2% liked)

Programming

17524 readers
605 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 138 points 2 weeks ago (8 children)

Why the swipe at Linus? He's been supportive of rust in the Linux kernel.

[–] [email protected] 11 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

they don't swipe him at all. I don't know why his picture is there

[–] [email protected] 8 points 2 weeks ago

because that makes people click

load more comments (7 replies)
[–] [email protected] 89 points 2 weeks ago

If only it were that easy to snap your fingers and magically transform your code base from C to Rust. Spoiler alert: It's not.

How utterly disingenuous. That's not what the CISA recommendation says, at all.

[–] [email protected] 87 points 2 weeks ago

I don't get why we're taking a swing at Linus here. The article only mentions him in relation to the rust for Linux project being slow going. But, it IS going and the US government has only stated that "you need a plan to move to a memory safe language by 2025 or you might be liable if something bad happens as a result of the classics (use after free/double free/buffer overflow/etc.)" but I don't think Linux would count it's free software and it does have a plan.

[–] [email protected] 78 points 2 weeks ago (4 children)

But there is context to it:

The report on Product Security Bad Practices warns software manufacturers about developing "new product lines for use in **service of critical infrastructure or [national critical functions] **NCFs in a memory-unsafe language (eg, C or C++) where there are readily available alternative memory-safe languages that could be used is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety."

It's for new products that are very important to critical infrastructure and need to be safe as possible. The article writer seem not to be aware of this context:

Take Rust in Linux, for example. Even with support from Linux's creator, Linus Torvalds, Rust is moving into Linux at a snail's pace.

Because Linux is the biggest software in the entire world and they do lot of stuff their own way. Rust is integrated slowly for future new projects. It makes sense to move in snail pace. The government doesn't suggest the Linux project to stop using C entirely. The government "recommends" to start new projects in memory safe languages, if it is a critical software. That makes sense to me.

You see, people who've spent years and sometimes decades mastering C don't want to master the very different Rust. They don't see the point.

No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

After all, they can write memory-safe code in C, so why can't you?

Nonsense argument, and false too. If that was the case, why do we have memory safe languages? Clearly people make mistake, old and new. Besides Linux is not the only software in the world.

Converting existing large codebases to memory-safe languages can be an enormous undertaking.

Nobody says old code should be rewritten in Rust. Neither the government, nor the Rust programmers in Linux suggest that. It's not about rewriting code in memory-safe languages, its about new projects.

Either this article is a misrepresentation or misunderstanding. Or I misunderstand the article or government. I don't know anymore...

[–] [email protected] 34 points 2 weeks ago (8 children)

They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

I don't even think the rust devs where asking for that. They are refusing changes by rust devs that help with rust while making the c code clearer and even refuse to answer questions about the semantics behind the c code. At least as far as I can see from the outside.

load more comments (8 replies)
[–] [email protected] 7 points 2 weeks ago

No, totally wrong. C programmers in Linux do not NEED to learn or master Rust. They just need to cooperate. The problem is, that some C programmers refuse to cooperate with Rust. They just want Rust to disappear. That has nothing to do with mastering the language. They refuse to make changes to their C code, so it can cooperate with Rust code via bindings.

I would argue that's not the biggest problem, the biggest problem is that for you to refactor a function to work with rust, you need to refactor all the subsystems that rely on that function, and that take time, and you need to explain for the C dev why it need to be done, try to explain that for the amount of C devs in the kernel

load more comments (2 replies)
[–] [email protected] 41 points 2 weeks ago (2 children)

The US government has more pressing issues I think.

Maybe it can shut the fuck up an let me do my job in contrast to its judicial branch.

load more comments (2 replies)
[–] [email protected] 32 points 2 weeks ago (6 children)

My friend from university sends me his Rust code snippets sometimes. Ngl it looks like a pretty cool language.

There was also that tldr reimplemention in Rust that is a gatrillion times faster than the original.

I really want to give it a try but I have executive dysfunction and don't have any ideas of what I could use it for.

[–] [email protected] 23 points 2 weeks ago (3 children)

The main issue I have with rust is the lack of a rust abi for shared libraries, which makes big dependencies shitty to work with. Another is a lot of the big, nearly ubiquitous libraries don't have great documentation, what's getting put up on crates.io is insufficient to quickly get an understanding of the library. It'd also be nice if the error messages coming out of rust analyzer were as verbose as what the compiler will give you. Other than that it's a really interesting language with a lot of great ideas. The iterator paradigm is really convenient, and the way enums work leads to really expressive code.

[–] [email protected] 15 points 2 weeks ago (1 children)

Documentation is generally considered one of the stronger points of rust libraries. Crates.io is not a documentation site you want https://docs.rs/ for that though it is generally linked to on crates.io. A lot of bigger crates also have their own online books for more in depth stuff. It is not that common to find a larger crate with bad documentation.

load more comments (1 replies)
[–] [email protected] 14 points 2 weeks ago (3 children)

As someone that have worked in software for 30 years, and deplying complicated software, shared libraries is a misstake. You think you get the benefit of size and easy security upgrades, but due to deployment hell you end up using docker and now your deployment actually added a whole OS in size and you need to do security upgrades for this OS instead of just your application. I use rust for some software now, and I build it with musl, and is struck by how small things get in relation to the regular deployment, and it feels like magic that I no longer get glibc incompatibility issues.

[–] [email protected] 4 points 2 weeks ago (1 children)

due to deployment hell you end up using docker

Maybe tackle that deployment hell instead of band-aiding it with docker?

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

Why not just use the C ABI?

And what libraries are you referring to? Almost all the ones I've used have fantastic docs.

load more comments (3 replies)
[–] [email protected] 17 points 2 weeks ago (3 children)

Rust is definitely a really cool language (as someone who has played with it just a little) but it's quite headache inducing, at least for me at the moment.

[–] [email protected] 15 points 2 weeks ago

It has a steep learning curve, but it's super nice to use once you're over the initial bump

load more comments (2 replies)
[–] [email protected] 10 points 2 weeks ago

fn executive() {}

load more comments (3 replies)
[–] [email protected] 23 points 2 weeks ago (1 children)

To address this concern, CISA recommends that developers transition to memory-safe programming languages such as Rust, Java, C#, Go, Python, and Swift.

If only it were that easy to snap your fingers and magically transform your code base from C to Rust.

guy_butterfly_meme.jpg is this unbiased journalism?

[–] [email protected] 14 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

As the article is denoted as a comment, it is not its aim to be unbiased journalism.

In contrast to usual articles, comments usually elaborate on the opinion of the jounalist.

[–] [email protected] 7 points 2 weeks ago (1 children)

I don't know why you're being downvoted. It literally starts with the word OPINION in bold red caps.

load more comments (1 replies)
[–] [email protected] 16 points 2 weeks ago (1 children)

"Oh, I thought I was coding in Python. Oops!"

Continues coding in C++

load more comments (1 replies)
[–] [email protected] 16 points 2 weeks ago

well, i'm glad the US government is at least aware what C and C++ are!

[–] [email protected] 15 points 2 weeks ago (1 children)

I thought the US Government bought a lot of software in Ada, so I hope they continue with that.

load more comments (1 replies)
[–] [email protected] 12 points 2 weeks ago
[–] [email protected] 11 points 2 weeks ago (3 children)

The comment thread in that article is interesting. Grep for Ada.

[–] [email protected] 8 points 2 weeks ago

The US government hates anything that can perform math too fast.

[–] [email protected] 5 points 2 weeks ago

As someone who learned Ada for a defense job years ago, I've been wondering how long it was going to take until I saw others comparing Rust to it, both in the sense of the language "safety" goals and the USG pushing for it.

While the rust compiler is leagues better than any Ada compiler I ever had the misfortune of dealing with, the day to day pain that Rust incurs will probably always be a thorn in it's side

load more comments (1 replies)
[–] [email protected] 10 points 2 weeks ago

Well now I'm going to have to use it even more.

[–] [email protected] 7 points 2 weeks ago (1 children)

Imagine if there was a hack so bad that it caused everyone to become unable to develop in C and C++.

Classic "let's just make the cure worse than the disease" mindset among security enthusiasts.

load more comments (1 replies)
[–] [email protected] 7 points 2 weeks ago
[–] [email protected] 7 points 2 weeks ago* (last edited 2 weeks ago)
load more comments
view more: next ›