I really want to like Rust, I truly do. But I feel I might not be the target audience. Most of the time I don’t need to write safe code. I think most people don’t need to write safe code all the time. Rust is by default safe, making it hard to program most of the time so that certain bugs can be minimized. The question of course then is, does the effort spent writing safe code all the time outweigh the hypothetical reduction in bugs?
You might not care about writing safe code, but the users of your code certainly do.
This C/C++ mindset really needs to die, and it needs to die fast.
You might not care about writing safe code, but the users of your code certainly do.
If they did, they wouldn’t buy or use unsafe, buggy apps. They do, though. Almost all money goes towards those kind of apps. So, that’s what most users want if it gets them whatever they’re getting out of the apps. They’d be fine with QA improvements. They usually won’t quit using the apps if those improvements don’t show up, though.
That’s why I focus on things like Design-by-Contract, quick code reviews, test generation, and program analysis that take little time with a big improvement in quality and maintainability. Then, I can try to sell the managers on improved development velocity with more predictability in the delivery schedule. These practices can contribute to those goals the company and their customers actually care about.
For real quality/security, that’s gonna take regulation or courtroom liability to move those requirements from externalities to things management actually cares about.
To be fair, there usually aren’t any safe, unbuggy apps, so they don’t really have a choice. :)
As a counterexample, in the world of music production, peoples’ professional reputations depend on doing a vast amount of live real-time computation with a collection of software by multiple vendors, live on stage. The stability of that software is very much a consideration for the buyer.
That’s true. Yet, most attempts to introduce high-reliability products to the market resulted in market share going to the alternatives. Probably why it’s true. Same with secure and private. It can even be something free like Signal or cheap/fast like FastMail. They’ll go for something else in mass to the tune of billions of dollars. The usage and revenue numbers back this up in about every market segment. Even safety-critical is optimizing on size, weight, power, and cost in risky ways.
If you’re smart and trying to maximize users/revenue, you’ll be focusing on what they care about the most. It’s not quality or security. Even in security market, it’s mostly buzzwords and features instead of actual security. There is a market for high quality and security. It’s just tiny with a harder sell and slower growth. I think there’s potential for increasing it by cross-selling the same stuff to the luxury markets with beautiful exteriors and brand names with them fueling the development of what’s on the inside. Got the idea from Volkswagon which built one or more models of Porsches and Beetles reusing parts inside.
For me balance is key. Your statement is wrong because all it takes is one user to refute it and I’m more than willing to be that user. I turn off spectre mitigations on computers that aren’t connected to the net. We all have different threat models. I’ll take performance over security sometimes, and security over performance in other times. In areas where this decision affects the lives of people significantly I welcome government regulations.
I recently also implemented a neural net in Rust targeting the MNIST dataset (https://github.com/harpocrates/rust-mnist) while working through http://neuralnetworksanddeeplearning.com. The main surprise I had was about how nice the dependency management story was.
ndarray(instead ofVec), it was 5LOC to add a compile time feature flag to enable using the GPU (which then resulted in ~35% speedup)simple-servercrateI found both these libraries by searching through https://crates.io/ and figured out how to use them by looking at the automatically generated docs.
You might not care about writing safe code, but the users of your code certainly do.
This C/C++ mindset really needs to die, and it needs to die fast.
If they did, they wouldn’t buy or use unsafe, buggy apps. They do, though. Almost all money goes towards those kind of apps. So, that’s what most users want if it gets them whatever they’re getting out of the apps. They’d be fine with QA improvements. They usually won’t quit using the apps if those improvements don’t show up, though.
That’s why I focus on things like Design-by-Contract, quick code reviews, test generation, and program analysis that take little time with a big improvement in quality and maintainability. Then, I can try to sell the managers on improved development velocity with more predictability in the delivery schedule. These practices can contribute to those goals the company and their customers actually care about.
For real quality/security, that’s gonna take regulation or courtroom liability to move those requirements from externalities to things management actually cares about.
To be fair, there usually aren’t any safe, unbuggy apps, so they don’t really have a choice. :)
As a counterexample, in the world of music production, peoples’ professional reputations depend on doing a vast amount of live real-time computation with a collection of software by multiple vendors, live on stage. The stability of that software is very much a consideration for the buyer.
That’s true. Yet, most attempts to introduce high-reliability products to the market resulted in market share going to the alternatives. Probably why it’s true. Same with secure and private. It can even be something free like Signal or cheap/fast like FastMail. They’ll go for something else in mass to the tune of billions of dollars. The usage and revenue numbers back this up in about every market segment. Even safety-critical is optimizing on size, weight, power, and cost in risky ways.
If you’re smart and trying to maximize users/revenue, you’ll be focusing on what they care about the most. It’s not quality or security. Even in security market, it’s mostly buzzwords and features instead of actual security. There is a market for high quality and security. It’s just tiny with a harder sell and slower growth. I think there’s potential for increasing it by cross-selling the same stuff to the luxury markets with beautiful exteriors and brand names with them fueling the development of what’s on the inside. Got the idea from Volkswagon which built one or more models of Porsches and Beetles reusing parts inside.
For me balance is key. Your statement is wrong because all it takes is one user to refute it and I’m more than willing to be that user. I turn off spectre mitigations on computers that aren’t connected to the net. We all have different threat models. I’ll take performance over security sometimes, and security over performance in other times. In areas where this decision affects the lives of people significantly I welcome government regulations.