1. 35

  2. 8

    For me, as a browser security engineer, it’s striking that security is only mentioned once, and it’s about the server-side not the client. Rust shows its benefits just in the amount of time not wasted debugging C++’s various forms of unsafety.

    I wonder if this is quantifiable, conventional wisdom is that Rust can be relatively difficult to learn, compared to other languages, but if you can demonstrate that you save the time on debugging and not dealing with security issues, that’d be a powerful argument.

    1. 9

      It’s a whitepaper, so it isn’t intended to highlight the whole gamut. I’m giving a talk on security aspects of Rust next week though, which will be taped, I may ping you if the recording is up and I remember.

      conventional wisdom is that Rust can be relatively difficult to learn

      Depends on what your baseline and your goal is. It’s a language built for a medium pace, resulting in stable software.

      I teach Rust professional and at a learners group. The general takeway from it is that strict enforcement of single ownership is something people really have to get used, although it’s often a line of thinking in general programming, too. I don’t find Rust hard, but it took some time for the community go get used to. It isn’t Go, which is completely built around being easy to pick up. For example, a lot of early Rust 1.0 code had a lot of emphasis on borrowing, now, three years in, people move away towards ownership everywhere and things get a lot easier. There’s now a lot of code to look at which can be considered idiomatic. We have a lot of people around who are competent with the language and can steer people the right way. People became so hyper-focused on having to understand lifetimes, now, I give a 30 minutes lecture in my courses how you are often semantically and computationally better of with avoiding them. That makes the whole language much easier.

      Sooo, the whole thing became kind of a meme and its foundation are questionable. People learn hard languages all the time, especially in a space where C++ is dominant.

      1. 2

        Do you have a link handy for your lecture about how it’s better to avoid lifetimes? I’m interested to know since the borrow checker is one of Rust’s most famous capabilities.

        1. 2

          Id be interested in that, too, given I looked at it when people were talking about borrowing and lifetimes a lot.

      2. 3

        They’re doing game development, which means most of the time security is their last priority.

        1. 2

          Well, crashes often were how consoles got rooted in the end. The game developers might not care, though perhaps the companies making the consoles do.

          1. 14

            In that case, we should encourage them all to use C/C++ to ensure eventual freedom of our devices. Good news is they all switched to the very CPU’s that have the most attacks and experienced attackers. Probably not going to be necessary. ;)

            1. 3

              Yeah, I for one hope that we continue to write games in unsafe languages so that consoles can be rooted with Long Horse Names

        2. 2

          “ but if you can demonstrate that you save the time on debugging and not dealing with security issues, that’d be a powerful argument.”

          That’s the exact argument used by the quality- or correctness-improving methodologies I often mention like Cleanroom. The older ones like Fagan Inspection Process said same thing. The reason is that problems are easier and cheaper to prevent or fix earlier in the lifecycle in most cases. They can actually be several times cheaper to prevent than fix. There’s usually an upfront cost that comes with it but the savings in debugging or maintenance often wiped it out in industry usage. Not always, though, where the quality did cost something extra by end of project. That came with other benefits, though, making it an investment with ROI rather than just a pure cost.

          So, there’s a lot of evidence to support your argument.

        3. 8

          As far as I know this is the second in Rust Case Study series. The first was How Rust is Tilde’s Competitive Advantage.

          Looking at two case studies, it is apparent they are carefully designed to push the same message. For example, both conclude with “Rust is a solid choice”. Not all marketing is dark and I appreciate Rust’s attention to brand management.

          1. 2

            At the same time they probably have to reroll a bunch of libraries useful for gaming, since the Rust ecosystem is still quite poor in that regard. Beating your own path comes with its own costs.

            I’m most interested in what libraries on crates.io they used.

            1. 7

              I think they don’t heavily use lots of libraries in C++ either. They’re making 2D games and they’re famous for quality of art and atmosphere and not for tech (so Rust can make tech for them less painful and labor-intensive, as languages like C# do for other indie game dev companies). Outside of large monolithic frameworks designed primarily for 3D shooters like Unreal engine, I don’t think C++ ecosystem offers much for game dev.

              Yes, it’s interesting what libraries they use, considering that they were experimenting with FRP on Haskell before.

              According to their github account, they are making lua bindings and contributing to rust itself and SDL bindings.

              1. 13

                rlua (Chucklefish’s Lua binding for Rust) is an amazing work. The author wrote a long comment about its design on Reddit.

                In fact, rlua is actually the only general high level bindings system to the Lua C API I’ve actually ever seen in any language that even might be safe.