> Programming Rust does not mean I have to: buy into their marketing hype
> give the same smug lectures about "safety"
I'm often confused reading articles like this, which take for granted the existence of some "rust evangelism strike force" which goes after people on the internet for not liking rust enough.
The way people talk, it sounds like there's some insanely effective marketing campaign going on to promote rust everywhere. But I haven't seen it. Certainly not any more than any other technology people get excited about for awhile, like Go. Or docker when that launched.
Where are these comments? Can anyone give some actual links to these sort of comments people say online, which don't get immediately downvoted? The way people talk, these comments must be made in such large volumes that it seems very odd I don't notice them?
Rust is cool but there is way too much dogma around its memory safety and static typing in general being a panacea. Most errors are not type errors. Two days after Cloudfare's little Rust hiccup that took the internet down for a day I saw people posting about Rust "if it compiles it runs".
If it helps finally acknowledging basic stuff like bounds checking matters, great, this from a guy that rather use system languages with automatic resource management.
"A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980 language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law."
-- C.A.R Hoare's "The 1980 ACM Turing Award Lecture"
From 1980!
C++26 will finally have hardening on the standard library, something that I could already enjoy in 1990's with Turbo Vision, OWL, MFC, VCL, but was too much to ask for on the standard library apparently, even if compilers kept having each own their approach.
It took governments and companies to start mapping CVEs to money spent fixing them, to finally acknowledge something had to change.
Meanwhile on C land, business as usual regarding Hoare's quote.
I actually don't think this is true. I do think that most programming errors are type errors, in the broader sense of one part of a system making one set of assumptions about the properties of some data, that aren't shared by another part of the system; and that would've been caught automatically by sufficiently sophisticated static correctness checking. I do not think that Rust has a maximally sophisticated type system (nor is it trying to), and while this is reasonable for Rust as a project to decide, I do expect that there will be languages in the future that do more complex things with type systems that might supplant Rust in some domains.
The Cloudflare incident was caused by a confluence of factors, of which code written in Rust was only one. I actually think that Rust code worked reasonably well given the other parts of the system that failed - a developer used unwrap() to immediately crash instead of handling an error condition they thought would never happen; when that error condition did happen the Rust program crashed immediately exactly as expected; and if Cloudflare decided that they wanted to ban not handling an error like this in their codebase, it's a pretty easy thing to lint for with automatic tooling.
If you follow good strong typing principles, you can ensure that most errors are type errors. Yaron Minsky’s phrase, “Make illegal states unrepresentable”, captures this. But it doesn’t happen by accident just because you’re using a strongly typed language.
Also, if Cloudflare had run the standard Clippy linter on their Rust code, and taken the results seriously, it would have prevented the issue you referenced. Static checks don’t help if you ignore them.
All technology is just a tool, unfortunately it turns into religion like behaviours, because it defines with whom we work, what projects we can work on, what CVs get through HR and which ones don't,....
The horror of picking tech working in it 10 or 15 years and then it suddenly becoming obsolete or irrelevant. Is something a lot of people can relate to.
It’s useful to align groups on underlying philosophies about problem solving and what tooling we will use.
The alternative is way slower and less effective. “Just use whatever language and frameworks you want and solve the problem in a vacuum” would be a nightmare for any team trying to ship.
Rust has nothing new (even the lifetime stuff is copied) really. It just marketed itself really well. It got a huge number of migrants from JS/TS ecosystem, and python, and some from the C(+*) ecosystems.
Its a good language dont get me wrong, but also a huge pita to work with.
> Rust has nothing new (even the lifetime stuff is copied) really.
Rust has nothing new by academic standards, and this is an explicit goal of the project. (And that's why it has yet to support e.g. Haskell-like higher-kinded types; or dependent types for compile-time programming: the interaction with its low-level featureset is very much an open question.) It's incredibly novel as a production language, of course.
It's just a tool. But to some people, Rust is more like a religion than a tool and they let it define them to the point even the language maintainers disavow them.
At any point, if you provide any conterpoints or fair criticism towards the language objectively, just expect lots of fans to remind you that it is the best programming language ever created and yours is "unsafe" by default.
Sometimes when you have a really good tool, you want to share it.
This was the case with Linux for many people over many years.
FWIW I agree that the community has some frustrating elements, and that its a lot of dogma in comments, though I actually think that’s a fringe element.
> like every popular crate buy into their marketing hype > follow community "best practices"
Yea, I get smug judgement from Rust zealots for not picking the in vogue crates.
I get a lot of help too though.
People are passionate about it. That has good and bad outcomes.
> Programming Rust does not mean I have to: buy into their marketing hype
> give the same smug lectures about "safety"
I'm often confused reading articles like this, which take for granted the existence of some "rust evangelism strike force" which goes after people on the internet for not liking rust enough.
The way people talk, it sounds like there's some insanely effective marketing campaign going on to promote rust everywhere. But I haven't seen it. Certainly not any more than any other technology people get excited about for awhile, like Go. Or docker when that launched.
Where are these comments? Can anyone give some actual links to these sort of comments people say online, which don't get immediately downvoted? The way people talk, these comments must be made in such large volumes that it seems very odd I don't notice them?
Rust is cool but there is way too much dogma around its memory safety and static typing in general being a panacea. Most errors are not type errors. Two days after Cloudfare's little Rust hiccup that took the internet down for a day I saw people posting about Rust "if it compiles it runs".
If it helps finally acknowledging basic stuff like bounds checking matters, great, this from a guy that rather use system languages with automatic resource management.
"A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980 language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law."
-- C.A.R Hoare's "The 1980 ACM Turing Award Lecture"
From 1980!
C++26 will finally have hardening on the standard library, something that I could already enjoy in 1990's with Turbo Vision, OWL, MFC, VCL, but was too much to ask for on the standard library apparently, even if compilers kept having each own their approach.
It took governments and companies to start mapping CVEs to money spent fixing them, to finally acknowledge something had to change.
Meanwhile on C land, business as usual regarding Hoare's quote.
I actually don't think this is true. I do think that most programming errors are type errors, in the broader sense of one part of a system making one set of assumptions about the properties of some data, that aren't shared by another part of the system; and that would've been caught automatically by sufficiently sophisticated static correctness checking. I do not think that Rust has a maximally sophisticated type system (nor is it trying to), and while this is reasonable for Rust as a project to decide, I do expect that there will be languages in the future that do more complex things with type systems that might supplant Rust in some domains.
The Cloudflare incident was caused by a confluence of factors, of which code written in Rust was only one. I actually think that Rust code worked reasonably well given the other parts of the system that failed - a developer used unwrap() to immediately crash instead of handling an error condition they thought would never happen; when that error condition did happen the Rust program crashed immediately exactly as expected; and if Cloudflare decided that they wanted to ban not handling an error like this in their codebase, it's a pretty easy thing to lint for with automatic tooling.
> Most errors are not type errors.
If you follow good strong typing principles, you can ensure that most errors are type errors. Yaron Minsky’s phrase, “Make illegal states unrepresentable”, captures this. But it doesn’t happen by accident just because you’re using a strongly typed language.
Also, if Cloudflare had run the standard Clippy linter on their Rust code, and taken the results seriously, it would have prevented the issue you referenced. Static checks don’t help if you ignore them.
I’m glad that Rust users are willing to accept that other approaches to safety like Ada are also interesting or effective.
In the past I had the impression that some thought that Rust was the first programming language to ever have the concept.
Now we just need the Zig ones acknowledging Object Pascal, Modula-2, Ada,.... as well :)
All technology is just a tool, unfortunately it turns into religion like behaviours, because it defines with whom we work, what projects we can work on, what CVs get through HR and which ones don't,....
The horror of picking tech working in it 10 or 15 years and then it suddenly becoming obsolete or irrelevant. Is something a lot of people can relate to.
It’s useful to align groups on underlying philosophies about problem solving and what tooling we will use.
The alternative is way slower and less effective. “Just use whatever language and frameworks you want and solve the problem in a vacuum” would be a nightmare for any team trying to ship.
Rust has nothing new (even the lifetime stuff is copied) really. It just marketed itself really well. It got a huge number of migrants from JS/TS ecosystem, and python, and some from the C(+*) ecosystems.
Its a good language dont get me wrong, but also a huge pita to work with.
> Rust has nothing new (even the lifetime stuff is copied) really.
Rust has nothing new by academic standards, and this is an explicit goal of the project. (And that's why it has yet to support e.g. Haskell-like higher-kinded types; or dependent types for compile-time programming: the interaction with its low-level featureset is very much an open question.) It's incredibly novel as a production language, of course.
It's just a tool. But to some people, Rust is more like a religion than a tool and they let it define them to the point even the language maintainers disavow them.
At any point, if you provide any conterpoints or fair criticism towards the language objectively, just expect lots of fans to remind you that it is the best programming language ever created and yours is "unsafe" by default.
I like Rust, though I’m not zealous about it.
Sometimes when you have a really good tool, you want to share it.
This was the case with Linux for many people over many years.
FWIW I agree that the community has some frustrating elements, and that its a lot of dogma in comments, though I actually think that’s a fringe element.