1. 1

    I’ve been working on my own ui toolkit in rust and metal/wgpu/vulkan (ill go full wgpu when it’s ready). Gui toolkits are overrated, rust makes it easy to roll your own.

    1. 10

      Gui toolkits are overrated, rust makes it easy to roll your own

      It’s easy to show a couple buttons. It’s not easy to support all input methods (keyboard, mouse, touch, tablet!), all windowing systems (okay there’s winit/sdl2/etc but they come with their own quirks), internationalization, accessibility, and complex widgets. And do it all well.

      1. 4

        Boy do I agree here. Working on https://github.com/Kethku/neovide has proven to me that in the current state its nearly impossible to do in rust. Font fallback alone is just not there yet. Let alone handling all the various keyboard layouts properly.

        1. 3

          ooh, I saw that one! I wish someone ported the cool cursor effects to Alacritty :D

          in the current state its nearly impossible to do in rust

          The language doesn’t really matter though, Rust can call anything (pango, harfbuzz, anything you want).

          And a terminal emulator style app is probably the canonical example where you can get away without a full GUI toolkit! This thread is more about “widgety” desktop UI stuff.

          handling all the various keyboard layouts properly

          hm, Alacritty (winit-based) doesn’t have any problems with my layouts (en(colemak), ru)

      2. 4

        I’m not trying to be snarky but if it were easy to do there would already be an easy, cross language, cross platform gui system. Even nice libs like QT or gtk don’t get you there

      1. 23

        It only works in Google Chrome and Microsoft Chrome, unfortunately:

        For the best experience with Codespaces, we recommend using a Chromium-based browser, like Google Chrome or Microsoft Edge. Firefox is currently unsupported, and there are known issues using Safari.

        1. 12

          Codespaces allows you to develop in the cloud instead of locally. Developers can contribute from anywhere, on any machine, including tablets or Chromebooks

          …and on iOS all browsers including Chrome use the Safari rendering engine so this doesn’t really open up development on the most popular tablet platform at all.

          1. 1

            I imagine they will add that.

          2. 4

            Before that note is this paragraph, though:

            During the beta, functionality is limited.

            So hopefully once it’s actually released it will be usable in every browser.

            1. 1

              It only works in Google Chrome and Microsoft Chrome, unfortunately:

              To be honest, it’s quite scary to run all of that inside a browser. Can you imagine the performance on that?

              1. 1

                It probably performs fine on most development machines, to be fair.

            1. 2

              Idk why people write posts like this. Ok keep using it, but make is fucking as fuck.

              1. 2

                Steve Reich would like to have a word.

                1. 3

                  Don’t use it. Memcpy is prolly faster.

                  1. 3

                    memcpy doesn’t work that well with memory mapped hardware.

                    1. 1

                      By which you probably mean: don’t use this when you can ensure aligned memory and use vector operations.

                    1. 0

                      This is interesting, but also unsurprising, as writing correct C or C++ may as well be impossible for anything but trivial programs.

                      I don’t see why this post is tagged with rust, considering Ada is a much better language and, unlike rust, has actually been used in critical software with real repercussions, along with having real standards that don’t constantly change. Ada has an ’‘always safe unless you explicitly use a subprogram that can violate the rules’’ attitude, whereas rust has an attitude of ’‘you can do whatever you want in the strait jacket and if that’s too restrictive you’re on your own’’.

                      It’s possible to write a large and featureful Ada program without using anything unsafe, whereas it’s my understanding this isn’t practical at all with rust.

                      Ada is used in rockets and automobiles and other situations where people die unintentionally if things go wrong. Rust is used in Firefox. That says it all, really.

                      1. 12

                        Are there stats on how widely Ada’s used? My understanding was the people who use it really like it, but most automobile code is still in C.

                        Rust is used in Firefox. That says it all, really.

                        Rust is much younger than Ada, so we can’t infer much from this.

                        A more interesting question: how much Ada code in the wild is Ada12 vs an older version?

                        1. 8

                          I agree it is irrelevant to tag it rust, I’ve removed the tag.

                          Some notes:

                          whereas it’s my understanding this isn’t practical at all with rust

                          that isn’t true, you can write large and featureful programs without it.

                          Ada is used in rockets and automobiles and other situations where people die unintentionally if things go wrong. Rust is used in Firefox. That says it all, really.

                          that feels fairly dishonest to me. Also, the browser is a security-critical component deployed on essentially every user-facing computer manufactured. I can’t think of a more important place to have very safe tools. Reminds me of that (possibly apocryphal) story about memory leaks and cruise missiles.

                          1. 7

                            It’s definitely possible to write large Rust programs with very few or no uses of the unsafe keyword. It is the case though that the Rust standard library sometimes uses unsafe-marked code with safe abstractions wrapped around it. Ideally these safe abstractions should actually be safe, but it’s possible in principle that there’s a bug in one of those abstractions that lets the memory-unsafe behavior leak in certain circumstances.

                            I’m curious if this is the case for Ada as well - does Ada also wrap unsafe abstractions in ostensibly-safe ones that might prove unsafe because of a bug, or does it have some way of guaranteeing the safety of those safe abstractions themselves?

                            1. 4

                              I think it’s mostly that Ada puts safety at the top, and will add checks to code, whereas the Rust devs have convinced themselves that they can get C++ programmers to switch if and only if there’s never any runtime penalty for safety.

                              1. 11

                                Yes, Rust aims slightly different as Ada. If Ada checks all your boxes and the runtime properties are fine with you, by all means, use it.

                                I also heard from some Adacore people that they enjoy having Rust as a competitor, as it brings their topics on the table again and raises awareness.

                                1. 1

                                  I was thinking AdaCore should become a supplier of Rust IDE’s, a second compiler, a provable subset like SPARK, and corporate libraries. They might even help improve Rust language with their experience.

                                  They can continue supporting Ada for legacy customers while simultaneously having a lucrative transition path to Rust. Maybe even automated tooling they make some consulting revenue on, too.

                                  1. 1

                                    I’m not trying to badmouth Rust, I’m a big fan. I’d be using it right now if there was any sort of stable UI solution that was made within Rust (not bindings to things like QT and friends). For now it seems there’s a lot of churn in that space, with too many projects too young.

                                    1. 2

                                      All good, I didn’t understand it as such. I just wanted to make the point that we see Ada as a competition we can grow with.

                                  2. 1

                                    Do existing Ada implementations have moderately-quick compile times?

                                  3. 1

                                    it’s possible in principle that there’s a bug in one of those abstractions that lets the memory-unsafe behavior leak in certain circumstance

                                    No, it actually happened, not long ago, in the standard library.

                                    1. 14

                                      Yes, and we’re quite upfront about that. I hate it when some people paint it in another way. There is a point where you need to take a fundamentally unsafe thing (memory and processors) and start building a base of a safe system.

                                      There are advantages in Rust, e.g. being able to fix that abstraction in one go and and update, by people sharing it, but the danger is there.

                                      That’s also the reason why there is a large ongoing project that formalizes lifetime, borrowing and multiple types that we consider as important as primitives (e.g. Mutex). They regularly find subtle bugs. Not day-by-day, but like, every quarter.

                              2. 1

                                This is an unfair comparison as Ada is what 40 years old whereas Rust is 10 years old.

                                1. 13

                                  Rust, in a fashion that can be adopted, is ~4 years old. Before that, it can be considered a research language.

                                  Also, for that reason, I have no problem with it currently not being used in high-safety-critical places, this is a thing that has to build over time. And I want people to take that time.

                                  1. 3

                                    I applaud your honesty in saying that.

                                  2. 6

                                    I see that only as a point in Adas favor in this context, where”tried and true” Actually means something.

                                    I’m not neophobic; I love exciting new technology as much as the next guy. I even like seeing new developments in the “safer alternatives to C” category, which is something that sorely needs constant research and new inventions. I just think that all else being equal, the older tech has a leg up simply for being older, in this area.

                                    Rust is a fantastic breeding ground for ideas, and I’m convinced that at some point, Rust (or something like it) will be so obviously superior to the Ada dinosaur that it will be better dispute its age difference. We’re just not there yet.

                                    1. 1

                                      Isn’t that “leg up” the reason why Adam said it wasn’t a fair comparison?

                                  3. 0

                                    I don’t agree with either language in this context. I like Rust well enough, and Ada might be cool though I don’t know much about it, but there’s zero chance of Microsoft moving any of their critical codebases to either. Getting them to stop active development and get serious about static analysis, fuzzing, etc might be possible. Gradually converting some things over to a safe subset of C++ might be possible. A total rewrite of their major products in an unproven language is a non-starter.

                                  1. 4

                                    That being said he’s talking about cpp, where package management is nonexistent and generics are hard.

                                    1. 3

                                      Yeah… In many languages or platforms at least for applications it is common to have separate ‘app’ and ‘lib’ modules. So the core application logic is a dependency or module used principally by the application instance(s).

                                      Languages where this is done often are Haskell, Rust, Go, all JVM languages, Python, etc. Moreover doing the aforementioned split is really easy to do with their build tools and/or package managers.

                                      Package management is a nightmare in C/C++ compared to those languages so it is no wonder advising against the practice makes sense.

                                      1. 3

                                        I’ll try to reply to the parent comment as well because both are interrelated.

                                        It doesn’t really seem to me that the grass is much greener on any other pasture. C++ may be a terrible example, but I can’t spot remarkable differences on other plataforms besides the cultural ones. Speaking of JVM languages, my experience with Java is that it’s pretty easy to lose yourself in the midst of the thousands of interfaces and classes your peers created to better represent your logical model (allegedly).

                                        Go is a shaped by the good old Bell Labs culture, with a great degree of success. Python was born as a scripting language, where the focus is getting things done. I don’t really like the Haskell approach because, IMO, it may foster librarization if not done right. I can’t say very much about Rust.

                                        1. 1

                                          Let me amend my reply to make clear that the problem is not C++ (with an extra nuance that would probably go unnoticed if just edited the parent).

                                          I surmise that if C++ had better package management or generics, or if Boost.Asio was implemented in any other language, but with the very same approach, its documentation would still have that order of magnitude. It would still be too complex.

                                    1. 3

                                      Brutalism as an architectonic style is disgusting and oppressive as shit (intentionally). I spent quite a bit of time in a brutalist building, I felt like shit. Like how did intentional hostility ever become a trend?

                                      1. 10

                                        While the term certainly originates from concrete, the author is not trying to advocate making websites out of concrete (figuratively). I think the main point can be seen in the paragraph mentioning Truth to Materials. That is, don’t try to hide what the structure is made out of - and in the case of a website it is a hypertext document.

                                        This website could be seen in that light. It is very minimally styled and operates exactly how the elements of the interface should (be expected to). The points of interaction are very clear.

                                        The styling doesn’t even have to be minimal, but there is certainly a minimalism implied.

                                        1. 9

                                          I respect your opinion, but I personally really enjoy brutalist architecture. I like the minimalism and utilitarian simplicity of the concrete exteriors, and I like how the style emphasizes the structure of the buildings.

                                          1. 2

                                            I think if you added a splash of color it would make the environment much more enjoyable while still embracing the pragmatism and the seriousness.

                                          2. 5

                                            It isn’t intentionally being oppressive or hostile. It represents pragmatism, modernity, and moral seriousness. However it doesn’t take a large logical jump to realize that pragmatism, modernity, and moral seriousness could feel oppressive. In the same way to the architects who designed brutalism, the indulgent designs of 1930’s-1940’s might feel like a spit in the face if you’re struggling to make ends meet. Neither were trying to hurt anyone, yet here we are.

                                            1. 3

                                              I consider the 1930s designs (as can be seen in shows such as Poirot) to be rather elegant styling. But I also see the pragmatism that was prompted with the war shortages.

                                              I am not a great fan of giant concrete structures that have no accommodation for natural lighting, but I also dislike the “glass monstrosities” that have been built after brutalist designs.

                                              I find myself respecting the exterior of some of the brick buildings of the 19th Century and possibly early 20th. Western University in London Canada has many buildings with that style.

                                              Some of the updates done to the Renaissance Center in Detroit have mitigated some of the problems with Brutalist - ironically with a lot of glass.

                                              1. 2

                                                This might be true of Brutalism specifically, but (at least some) modern (“Modern”, “Post-modern”, etc.) architecture is deliberately hostile.

                                              2. 3

                                                I found this article on that very topic pretty interesting.

                                                1. 2

                                                  In my home town, the public library and civic center (pool, gymnasium) are brutalist. It was really quite lovely. Especially the library was extremely cozy on the inside, with big open spaces with tables and little nooks with comfortable chairs.

                                                  1. 1

                                                    My pet theory is that brutalism is a style that looks good in black-and-white photographs at the extent of looking good in real life. So it was successful in a time period when architects were judged mainly on black-and-white photographs of their buildings.

                                                  1. 8

                                                    Check out Oberon http://www.projectoberon.com/.

                                                    In 300 pages, and starting with an FPGA (you can get one for relatively cheap), you build a CPU on for the FPGA, a compiler targeting said CPU, an OS using said language, a simple UI and simple network stack for said OS.

                                                    1. 3

                                                      You confuse readibility with style. Style should be consistent but readibility means good abstractions.

                                                      1. 1

                                                        I recently had an encounter with a code base filled with duplicative code, excessive logging, poor abstractions and long methods. Oh, and 50-100 (pretty printed) lines of SQL compressed down to 4 lines of concatenated strings.

                                                        It was typically 2-6 lines of logging, 2 lines for try/catch, 4-6 lines for some braces and then maybe 1-2 lines of logic filled with chained method calls to things that should have been readily accessible. Repeat that for a few hundred lines and you’ve got yourself a “run” method ! Time to move on to the next class.

                                                        There were no primitives to work with. Just masses of code globbed together. It was impossible to read. @_@

                                                      1. 3

                                                        I’m working on some tonality models for this music composition app that’s like an IDE for music. You should sign up here https://docs.google.com/forms/d/1-aQzVbkbGwv2BMQsvuoneOUPgyrc6HRl-DjVwHZxKvo if you wanna be notified when I launch it.

                                                        1. 7

                                                          While there are language-specific tools that help immensely (such as cscope), for me nothing has ever really beaten just knowing find/grep/silversearcher type tooling thoroughly, alongside a couple of shell macros.

                                                          Even monster-sized codebases fit easily in RAM and with a multithreaded grep like silversearcher (ag), navigating to strange and unknown parts takes only a few moments. Combine your newly discovered directories with a few hacky shell macros like in https://gist.github.com/dw/81f9b8cc0d957c41a7b2f6dc85b53358 and you’re all set.

                                                          1. 3

                                                            The rgrep command in Emacs is really nice for that kind of searching.

                                                            1. 1

                                                              check out ripgrep https://github.com/BurntSushi/ripgrep its memetastic

                                                            1. 5

                                                              What a weird argument. Part of writing solid C code is testing it. As far as I know, nobody writes bug free code in any language.

                                                              1. 13

                                                                I gave the author the benefit of the doubt and assumed they were talking about working with tests. I think the point still stands.

                                                                1. 6

                                                                  It’s not. Different languages have different classes of bugs. Those in C/C++ tend to have disastrous consequences.

                                                                  1. 9

                                                                    Such statements would be less hyperbolic if people recognized that only a small subset of C bugs belong in that class of potentially-disasterous and exclusive to C, and that only a small subset of such bugs make it through code review and testing, and that a small subset of these bugs are actually exploitable in the real world.

                                                                    Bugs in C programs get publicized really often because there’s a crapton of such code out there in active use. But that kind of publicity doesn’t give people any sense of scale, and the issue is blown completely out of proportion. If that weren’t enough, the discussion will derail into UB and people assume a deliberately adversial compiler that literally tries to turn every instance of UB into an exploitable bug. It almost sounds as if the standard somewhere said that compilers are not permitted to let the code behave in any reasonable manner in the face of UB…

                                                                    1. 17

                                                                      if people recognized that only a small subset of C bugs

                                                                      That mostly don’t exist when using a type-safe, memory-safe language in most of your code. It’s impossible to write idiomatic code in them with the same errors resulting in something more than an exception. Most hackers aiming for code injection in such languages try to hit the runtimes or libraries that are written in C or C++. Says a lot.

                                                                      Meanwhile, there were operating systems written in SPARK Ada, Modula-3, Java, and Rust whose unsafe portions were kept to a much lower percentage with rest immune to entire classes of vulnerabilities. Microsoft’s VerveOS made those parts safe with proven assembly the rest of the OS (in C#) interfaced to. I bring these up to preempt the common counter of the lower parts having to be written in C/C++ because they’re the only thing that can handle low-level stuff. I get that false claim a lot in these discussions.

                                                                      1. 4

                                                                        Just as a simple example, the very common failures to properly parse input strings and firewall them from e.g. SQL databases are language independent.

                                                                        1. 7

                                                                          We’re talking about whether using a different language improves security by removing an entire class of bugs. The status quo Im countering are C and C++ bugs leading to code injection that controls the machine. You side-step that evidencw to counter that people building web or database apps can have an extra problem.

                                                                          So what. That average programmers are producing things immune to many forms of code injection by default is already better than C/C++ situation where even veterans get hit by those bugs periodically. And if you’re concerned about SQL injection, there’s similarly methods to immunize against it in apps. Ur/Web, Opa, and Spectre are examples of languages or platforms foing stuff like that.

                                                                          So, the empirical evidence shows these other languages and preventative methods knock out lots of peoblems. That’s a net gain as secure coding is rare skill. From there, there’s still stuff to watch for.

                                                                      2. 1

                                                                        a small subset of C bugs belong in that class of potentially-disasterous and exclusive to C

                                                                        Could you elaborate on this class? What are the typical disastrous gotchas exclusive to C? Is there a list on a paper or somewhere?

                                                                        1. 4

                                                                          Buffer overflow (including those induced by C’s strange string semantics) and use-after-free are the big common ones; also integer overflow can immediately be a security bug in C. Switch fall-through is not quite unique to C but close. I’m sure there are more that we’d notice if we fixed those.

                                                                      3. 1

                                                                        That argument would require some specifics and data - not the “I can’t write C/C++ without testing” presented in the article.

                                                                    1. 4

                                                                      btw i think that there should be a machine learning tag because I think that ML definitely belongs here but there’s no tag.