One of my biggest concerns about the Rust project is that their governance is getting more and more complicated. Every language so far that I like was orchestrated by a BDFL, and the ones that aren't so well-designed (C++, Java) also happen to be elaborately governed. How can the Rust project be sure that it isn't going to smother itself with working groups to decide the color of the bikeshed that committee members park their bikes in on the way to meet about the code of conduct?
The language itself is still designed primarily by the language team, which is not many people. If anything, the team is large because we see Rust as more than just the language. The language you like that’s designed by the BDFL doesn’t generally have the BDFL make all decisions about the package manager, or the website, or the documentation, or the conferences. It’s just not humanly possible.
We have the core team to provide overall oversight over all of these teams to ensure things are coherent.
JavaScript went from being a bad language designed by a BDFL to a good language designed by a very large committee.
It’s not the best language ever, but it is better at this point than similar languages such as Python or Ruby (good async, good type system, good module system, no decades-long versioning crisis).
The last part of your comment hints that your objections to Rust’s governance may be more political than language design related.
>The last part of your comment hints that your objections to Rust’s governance may be more political than language design related.
I checked the code of conduct and it didn't seem too political to me, internet forums have had those kinds of rules for decades. What it is, though, is an example of an administrative artifact, too many of which will suck energy away as top level people spend more and more of their time not thinking about the end product.
I looked through their code of conduct to see what would give you that idea, and the closest thing I could find is this:
> We will exclude you from interaction if you insult, demean or harass anyone. [...] In particular, we don't tolerate behavior that excludes people in socially marginalized groups.
Are you worried that non-marginalized groups will be harassed when contributing to Rust? Could you give some examples of harassment you worry will be tolerated when non-marginalized people do it but not when marginalized people do it?
I am worried that when non-marginalized groups are harassed, the punishment won't be as severe as harassing someone who is from a marginalized group.
I'm not the one who needs to give examples. They stated that they particularly "don't tolerate excluding people in socially marginalized groups". So, I imply that they are going to be more strict against this behavior in that specific case, otherwise there would be no use in making that point.
For example:
"We will exclude you from interaction if you insult, demean or harass anyone."
Is a perfectly understandable clause, and no further information would be needed in case they were not planning on discriminating based on the "group" that people belong to.
It's analogous to saying: "Killing is bad, it's particularly bad if the person you kill is a politician."
It implies that killing a politician is morally worse than killing someone else. If you didn't want to imply that, you would simply say "Killing is bad", which everyone can understand.
I happily read that rustc is split into a incremental parsing frontend and a supporting backend. This capability is key in modern compilers and editors. I read about this like 8 years ago in the C# Roslyn compiler project. Roslyn also aimed in supporting IDEs (here the language server) using the compiler frontend.
My question is: are there any compiler which predate Roslyn in this aspect? Anders Heijlsberg said in a video once, that this is modern compiler architecture (compared to the outdated Dragon and Tiger) but did not mention that the Roslyn team invented it.
I'm not super-expert, but know of some background. I think Rosyln grew very much out of Delphi, and Anders Hejlsberg is the common thread to both. Before that, he did Turbo Pascal, which might have been incremental in some ways (it certainly was very fast).
Another earlier example of successful incremental technology was the Java compiler in Eclipse.
I'm sure there are academic efforts as well, but don't know as much about these.
I thought the main technology behind Roslyn is some researched or customly engineered parser/semantic analyzer that came out of MSR. The original C# parser was quite typical.
It looks to me like the 2018 roadmap was followed pretty well.
A few exceptions are that async/await was not finished, but that is not for lack of trying (from what I gather), so this is excusable. The 2018 roadmap did correctly indicate what would be worked on throughout most of 2018, even if some things took longer than expected.
I think a roadmap is only a failure if it gets ignored and none of the stuff mentioned in the roadmap gets worked on at all. I've been at some dysfunctional startups like this, for a time the company tries to rally the developers, a roadmap is made, people feel good, the next week the CEO decides to go in a completely different direction and then things are back to being dysfunctional, and nobody ever thinks about the roadmap again.
It does seem like "macros 2.0" might have fallen through the cracks? As far as I know they were never finished and I haven't heard much about their progress.
> It does seem like "macros 2.0" might have fallen through the cracks? As far as I know they were never finished and I haven't heard much about their progress.
As I said below, we didn't ship hygiene for them, so there's more work to be done. There's also future work around "macros by example 2.0", but this item on the roadmap was mostly talking about proc macros.
Async, Macros 2.0, const generics, most of the languages changes are already well baked and could be ready to land in 2019. All the other improvements are tooling and compilers.
So what other languages features are coming? Or could Rust enjoy a stable period of little to no changes for a few years. After all Rust is modern enough in almost all cases. Unlike other languages still trying to get features in within their own constrain.
The big ones being looked at are const generics, async/await, specialization, and GATs. As you said, they're sort of all pre-baked, though to very different degrees. And, while it's not "no changes", it's much fewer than in past years.
> It does seem like "macros 2.0" might have fallen through the cracks? As far as I know they were never finished and I haven't heard much about their progress.
People are working on it, it's just that its pure development work, nothing worthy of being announced yet.
Out of the stuff called out there, everything other than async/await shipped, most in total, some in part. Custom allocators didn't fully ship, only the global custom allocators did so far. Hygene didn't ship for macros 2.0, but the non-hygenic ones did.
In other Rusty news, two phase borrows just got enabled on nightly but stable Rust in the 2015 edition: https://github.com/rust-lang/rust/pull/59114. If not backed out, it will most likely be part of the 1.36 release. This is a milestone of maturity for the new borrow checker: they had a ticket with multiple blocker bugs before they chose to enable it on the 2015 "stability" edition as well: https://github.com/rust-lang/rust/issues/57804
Unless I'm wrong, this is NLL, not two phase borrows (which may contain two phase borrows). But considering two phase borrows are still a problem for the memory model, they might actually somewhat unstabilize them to a certain degree again (I haven't checked on what they decided regarding that).
For those wondering, the "new new borrow checker" is similar to its predecessor in that it operates on the compiler's MIR, but is a different and slightly more complete algorithm (it accepts a strict superset of code, thus backwards compatible). This two-step rollout was decided last year due to (at the time) some unacceptable compile-time regressions in the new-new algorithm's implementation. Read about it here: http://smallcultfollowing.com/babysteps/blog/2018/06/15/mir-...
As an experienced Rust developer I can usually deal with the borrow checker, but sometimes I'm still annoyed by its limitations or hit them without expecting to hit them. Most of the times this happens it's either because I want to partially access a struct in a closure, or do something that's now allowed by NLL. So this is a big deal.
Off-topic, but I'll just ask, is the book Programming Rust: Fast, Safe Systems Development 1st Edition [1] still relevant / worth reading (given the book is based on an older, although stable? version of Rust)?
If it isn't, does anyone know maybe if a 2nd, updated edition can be expected?
It covers Rust 1.17. It is almost entirely still accurate; you’d need to set the edition back to 2015 in your Cargo.toml for some examples to work, but the foundations are still very solid. You’d have to adjust some import paths to get them to work in Rust 2018 thanks to the module system improvements. It won’t tell you about new features, but the big picture is still fully accurate, you might just need to tweak some details, and read some newer release notes to learn about some new things. It’s still a great book.
That whole module system change really took me for a ride a few months back. After a "routine" rustup, none of my code worked. I have to be honest here that I still don't think I have a good grasp on how files/packages are imported in Rust....
Porting unique and omnipresent applications to Rust can help the adoption. For example applications like ElasticSearch. There is an ongoing Toshi[1] project to create an alternative. Creating analogs for IPython and LanguageTool can add much more Rust users and developers without significant promotional efforts.
Nope, well... Maybe next year! I've been eyeing Rust for embedded but until there are major players shipping IDEs that natively support it, it's just a hobby thing.
Embedded and IoT is about to get a lot bigger - if I was them I'd be focusing hard on it to make sure my language had a strong foothold for when there was a new hottness that all the kids start raving about.
Several of these items are very relevant for the embedded world (custom registries, custom allocators, unsafe code guidelines, etc.). They just didn’t use the word “embed” in this short post.
Do you know how difficult it is to write a position-independent blob that runs all by itself? Consider something like a boot loader or kernel, starting from a random location in memory. Can it run without needing assembly language?
For example, C can often do this. You ask the linker to put a particular function first and to make everything position-independent. There can be some problems with the GNU toolchain stubbornly insisting on making a GOT, but the language is otherwise fully capable.
It's very easy, in fact. Because you don't use the stdlib, it requires handling some language items (the equivalent of having to write your own _start routine, for example). You set up vector tables just like normal, and you decorate things to tell the linker where to put them.
I'm curious what makes you think that? Culturally, I feel like there's been some general backlash to the gratuitous IoT-ification of every aspect of our lives, from a privacy perspective, a fragility perspective, and a "using apps to control everything isn't actually convenient" perspective:
https://twitter.com/internetofshit
Microsoft just purchased TheeadX. Amazon purchased FreeRTOS. Intel, Nordic and others are dumping time into Zepher.
Those are three RTOSes specifically being designed to run IoT endpoints. I’m working with FreeRTOS and AWS IoT right now, and can tell you Amazon is taking it pretty seriously.
I think 90% of IoT are devices that don’t need to be connected - no doubt. But mine does and sometimes it’s there are pretty awesome use cases for it.
If Rust wants to make it to C-replacement, they should be bringing over backwards to get away from DoItAllYourself IDEs and into commercial products like Keil, IAR, Segger, Attolic, etc. I promise when E+++ or Swifterz or C% or whatever crazy new hotness shows up, Rust will be the hardest hit language to lose its enthusiasts.
I don't know a bunch about it, but Azure IoT Edge (by Microsoft, as you'd expect) has a significant amount of Rust. I'm not sure if it's something that's directly comparable, but is at least somewhat similar.
The cynic in me thinks all these companies are just continuing to push on something people don't want because it's a gold-mine of data collection opportunities. The optimist wonders if IoT will settle down and mature into spaces where it's actually useful, and "90%...are devices that don’t need to be connected". We'll see, I suppose.
>The cynic in me thinks all these companies are just continuing to push on something people don't want because it's a gold-mine of data collection opportunities.
No doubt! And the dumbest of IoT products like “connected mattresses” should prove that.
In my own defense, I’m doing a LOT of work to never ask the user for an account or password, never logging personal data, just shipping a nice device that does a helpful thing. But.... there is an obvious temptation to RECORD IT ALL (figure out what to do with it later!), but I’d be a massive hypocrite.
For me it’ll be a selling point that we don’t care who you are just that you have a device and want to do a thing.
The problem isn't (primarily) security. And in the cases where security is the concern, like electronic door locks, the problems usually come from sheer laziness; like giving every device the same unchangeable PIN, or sending things over the air in plaintext. Things that have nothing to do with the language.
Having done a lot of embedded work in both C and assembler, I'm really excited by the prospect of a type-safe, memory safe language with zero-cost abstractions that can compile down to [more or less] the same machine code that C would produce.
For those interested, check out Jorge Aparicio's (japaric) RTFM2 series:
Me too. But until I see Segger/Rowley or any of the second tier IDEs below Keil and IAR pushing first party support, I can’t even consider it.
It’s a big leap from hobbiest to commercial with embedded.
If I was part of the Rust group I’d be directly real resources into real embedded projects. You check Cargo for embedded now and might find a couple unsupported header files for different micros.
> Nope, well... Maybe next year! I've been eyeing Rust for embedded but until there are major players shipping IDEs that natively support it
It is not obvious to me what more can the Rust team do here; it would seem like the ball is in the vendors court (or whoever counts as "major player"). Plenty of the groundwork has been already accomplished, and the embed-wg continues on their good work but they can't just conjure vendor support out of thin air
I’m not saying hookers and blow... but I am saying the Rust group needs to be actively courting professional/commercial IDEs, and more so developing in such a way that an IDE could bring in the Rust compiler.
Maybe it’s too early for that. Maybe it’s just the right time.
> developing in such a way that an IDE could bring in the Rust compiler
They are doing exactly that if you look at the "Compiler" section of the roadmap[1].
> One project worth calling out in more detail is the RLS 2.0 effort. The existing RLS, while functional, was never deeply integrated into rustc itself. Over the past two years, we have rewritten the back end of rustc to use an incremental and demand-driven infrastructure. To get the IDE experience we truly want, we need to see that work through for the front end of the compiler as well. However, this part of rustc is one of its oldest, and there are significant design questions involved in how best to do that.
> This is where the RLS 2.0 effort comes in. The plan is to build a prototype of the new front-end, thus enabling a truly first-class IDE experience. Wherever possible, we aim to share code between this front-end and rustc by extracting libraries, such as Chalk (for traits), Polonius (for the borrow checker), and a new library focusing on name resolution. Eventually, we will merge this new front-end with the remaining bits of back-end from rustc.
Getting something like Arduino IDE is for C(++) for microcontrollers out there would be a great step forwards growing the community of Rust programmers.
Also phones and other consumer electronics not strictly IoT, they too could benefit from more secure bootloaders, drivers and OS in general for example.
Never really got a chance to do serious c++ development but I am more and more interested in Rust these days. It appears Rust might be a good alternatives. My field is embedded products.
yes but I am not using either heavily at this point in any real product, just experimenting, so far golang is easier to pick up, binary size is a concern still even with upx, security is the major selling point for both. golang is not good for realtime due to its GC.
It's more about how it fits into a general theme; it's not a comment on the amount of work, just that it's a resource that already exists that needs improvement. There's a ton of things that need to improve with it.
I am planning on staying significantly involved in Rust overall. We're currently discussing some stuff within the docs team, as the roadmap says. We'll see :)
One long-standing problem is the incompatibility of Rust enum with C enum. In C, enum's are just labels for integers, similar to const int values in Rust, so C enum { A=0, B=1, C=2 } is more like Rust's enum E { A=0, B=1, C=2, Unlabeled(3..MAX_INT32), } . This slight incompatibility forces writing of converters between C enums and Rust enums.
> Can anybody explain the downvotes? It looks suspicious.
I can. This is a long tradition here. If someone criticizes something loved by people with little knowledge (aka fangirls and fanboys) then they downvote it.
The truth doesn't matter, the hurt feelings do. And it's downvoted without any explanation.
I had this many times, I'm thinking about not posting at all. It's not worth it. There is no discussion, just downvotes.
Maybe "sabotage" was a bit strong, but the work seems to have been killed. Or is there some publically viewable discussion anymore?
It went from "rebase and I'll merge" to not a single word anymore about how it might be merged.
The Windows support thing is this: rustup/curl doesn't use Windows' own certificate store. Where employers put the TLS certificate for their intercepting proxies.
curl itself has the -k option, so the user can override the check (much, much easier than preparing a certificate bundle for curl – and since the employer intercepts and decrypts the traffic anyway, there is no security issue).
rustup calls curl without that flag. The pull request was to teach rustup to call curl with -k.
(I know that it doesn't solve the whole problem, because cargo itself needs to support it, as well)
Another fix could be to use Hyper with tokio-tls. Under the hood, that package uses Windows schannel, macOS SecureTransport, and a dynamically-linked openssl on everything else.
We've made other moves toward this kind of thing; for example, you can run your own crates.io instance. This is something we care about, but it's also something we want to make sure we do right. We'll get there. (Note also that that PR is not yet closed.)
So, to be clear, the linked thread is about rustup. If you don't install rust via rustup, then the above issue will never happen to you. By default, it's checking that you have an SSL connection, yes.
You can fully build and develop Rust projects offline; this is a hard requirement of things like Debian and Firefox, for example.
If rustup is the normal way to install rust, then that is exactly what I'd want to use. My employer would mirror the needed web sites. For example, my employer mirrors much of github and ubuntu and various Microsoft things. I just follow the normal instructions to fetch things on the internet, and it all works from the mirrored web sites.
Yes, part of the issue here is that there hasn't been a ton of ownership on rustup, and even the Cargo team has not had as much time and effort as we'd like. We're currently working on growing both teams, which means better ownership, which means someone to make these calls.
> "I don't know much about it, so let's kill it" is a really bad precedent.
I would agree, but a "completely ignore security" flag is something to be cautious about.
> and "I don't know much about it, so let's kill it" is a really bad precedent.
I feel the opposite. Where user safety is concerned, if a problem is not understood the solution should not be implemented.
In an example where it's "disable security feature X", and the developers don't know the implication, would you really want them to just say "well whatever, I don't understand the implications, but let's push forward" ?
It's fine to say "let's clear this question up" and proceed to clear it up.
It's not fine to use security as the big hammer that cannot be argued with, and then – nothing happens. At least not publically. Note that there wasn't even a word where it might be discussed.
I actually went looking for Rust development mailing lists, but found no discussion.
It's not the big hammer that can't be argued with. There's a path forward there: bring in security experts to weigh in on this. This hasn't happened. It could, and when it does there may be progress.
Rust doesn't quite have a team for this yet (there's a security WG slowly spinning up though) which probably explains why it's kinda stalled.
Ultimately there's no obligation here for the team to do the legwork for this PR anyway. It's blocked on something, and while that's resolvable you can't blame the team for not pushing on it.
(I did just ping someone knowledgeable in security matters about this, let's see what they say)
> I actually went looking for Rust development mailing lists, but found no discussion.
Here's a time [1] when someone mentioned rustup in context with TLS (it's release notes for 0.1.9). It's not that there's no forum to discuss these things.
If the discussion is missing, it's likely because it hasn't mattered enough for anyone to bring up yet. Rust is much more bazaar than cathedral. A GH issue like "my company's MITM proxy breaks rustup" doesn't mean that the Rust dev team drops what they're doing and rallys to solve this problem. Even if it comes with a PR, it doesn't mean that Rust should be forced to either accept the PR or shift resources to make the PR satisfactory.
> It's not fine to use security as the big hammer that cannot be argued with
People place an enormous amount of trust in their compiler and the tools ecosystem that surrounds it. It's extremely wise to be hesitant to permit an opt-out for a security feature.
Here's the real crux of the matter: if one wants a feature in your favorite open source project, they kinda have to be willing to hustle a bit. Nag some design owners about what is unsatisfactory about your proposed approach and what other design options might work instead. For all of the examples that you might find in other languages' ecosystems that already support this kind of a feature, you should be thankful that someone before you came across the problem and doggedly pursued a solution. But it's not a systemic problem that Rust doesn't have a solution yet: just another feature-in-development in the queue.
> and then – nothing happens
This is remarkably common among open source projects. Code contributions wither on the vine because it can sometimes be a lot more work than someone's interested in to push it upstream. IMO Rust is actually better than the average open source project in this regard (meaning fewer orphaned patches).
> It's fine to say "let's clear this question up" and proceed to clear it up.
I think the issue is that no one had the expertise to clear it up. So how do you move forward?
Someone has to get called in and there's no process for that. Or the person pushing the feature needs to explain the security implications of the feature.
Maybe some sort of 'requires security triage' tag could get applied to issues like this, and the rust security wg or whoever is qualified ot make these calls could review.
Ultimately, my opinion is that if you're making a PR with security implications, and there are people saying "I'm uncomfortable and don't understand the security implications", it's on you to explain them.
> The MITM proxy issue makes Rust a non-starter in many corporate environments.
IMO those corporate environments are reaping what they sow. We shouldn't be so quick to disable TLS. Who would be to blame if those corporate environments found rustup as an attack channel for getting trojans? My guess is that rust would be a convenient scapegoat in that case.
Also, I believe that some of them may create intercept exceptions for 'legitimate' software distribution channels (like pip/npm/etc). Maybe they just need one for crates.io.
Have you tried telling Chrome, Firefox and every other browser the same? They all do "the insecure thing", showing you a green lock for intercepted content.
Because it's signed by a company certificate in the certificate store.
Yes, if you update the certificate store then rustup won't complain. So the feature request is for a way to update the certificate store (or more easily do so)? That's way different from the GH issue "turn checking off when this env var is set".
rust 100% treats windows as first class, if anything, I vaguely recall being dosappointed about something available in Windows and not on my Linux machine.
also, there are now alternative crate registering.
