Why not C++, for better portability? If I want to design my own CPU, I will have to add it to GCC. But Rust is LLVM so if I want to support Ruby-jit on my CPU, I will also will have to support LLVM.
The fact that a language is memory safe doesn't imply that the underlying virtual machine/interpreter is.
On the other hand, it's definitely true that the ASM generated is as unsafe as it gets, but the first point still stands. The memory unsafety of the VM is simply an additional attack vector.
A Ruby program can delete all of the files on a computer, insert arbitrary rows into a database, drop a table, send email with attachments, etc. Am I correct that you're concerned the Ruby JIT itself will have a security vulnerability in the act of JIT compiling Ruby code? This seems extremely myopic.
JS engines have had many serious vulnerabilities in their JIT optimizers, it’s not myopic at all and is a well known technique in the industry.
I agree that some folks aren’t executing untrusted ruby code so they wouldn’t have to worry about this - but how many PaaS/SaaS products out there are? Or how about third party dev tools that are blindly downloaded and executed on local workstations or CI pipelines?
> JS engines have had many serious vulnerabilities in their JIT optimizers, it’s not myopic at all and is a well known technique in the industry.
HotSpot and V8 are both written in C++ and get more use than any other JIT on Earth.
Can you provide a link to a CVE caused by JIT miscompilation and explain how Rust would have been able to prevent the bug in a way that C++ wouldn't?
> I agree that some folks aren’t executing untrusted ruby code so they wouldn’t have to worry about this - but how many PaaS/SaaS products out there are?
This is what Xen, KVM, and Hyper-V do.
> Or how about third party dev tools that are blindly downloaded and executed on local workstations or CI pipelines?
Are you suggesting a Ruby JIT shouldn't generate machine code that corresponds to the Ruby program, but somehow magically prevent stupid developers from doing stupid things?
It's a bad look if a malicious HTTP request to your Rails app can trigger RCE on your server. It's not about running code that's malicious, it's about bad data triggering a code path in the VM that is able to change the function of the application.
JITs write instructions to memory in a manner that's only slightly different than writing bytes to a file. The generation of those instructions can either be correct or incorrect and happens regardless of programming language.
A JIT written in Python is equally capable of generating bad code as a JIT written in C or Rust or Lisp. A perfect port of a buggy JIT written in language A will generate the same buggy code even after being ported to language B.
Rust's type system is enough to get rid of memory safety and UB, but it does that by enforcing more invariants, invariants which you also use to encode properties you care about. 70% percent of vulnerabilities are memory unsafety which is impossible in safe Rust etc etc, but a better type system, a language that doesn't disclaim commonly found code as unsupported, more productive errors, lower cognitive load… also tends to help with the rest of the bugs.
I'm not sure I understand why some people really hate Rust, but when the argument feels like "But can't we be miserable forever?" I just have to laugh.
FYI -- my technical thinking -- because Rust is a nicer language for the people who have to work with it. Full stop.
Rust offers substantial memory safety guarantees, but that isn't the only thing it offers. People who don't know this are those that haven't tried it. Others have focused on security in this thread, and I think that's wrong headed. That's obviously not the reason for choosing Rust here. It's that it makes things that are important now and in the future, like say concurrency, easier and more likely to be correct. Yes, ergonomics and a nice dev experience actually matter even for the people writing your compiler!
Moreover, Rust GCC support is far closer to being a thing that yjit is to being a thing. So -- let the kids play.
This is a non-issue. YJIT only targets x86-64. After all, this is a JIT. If you designed a new architecture X, you need to port YJIT itself to target X, in addition to GCC, LLVM, etc.
It’s not that it’s highly coupled, just that it’s still the early days and only x86_64 was on the roadmap. Arm64 is planned, and will hopefully make it into Ruby 3.2
It's not like new architectures appear very quickly, much less adopted very quickly. The benefits of maintenance overhead reduction and development speed increase, far outweight the theoretical downside of having to port LLVM to that new architecture.
If you want to design your own CPU, supporting LLVM is going to give you much greater benefits than supporting Ruby. Nevermind the fact that you don't even need this to support Ruby.
To add to your point, following Woodruff's "Weird architectures weren't supported to begin with", Robert O'Callahan pointed out[1] that for one definition of the open-source platform (looking at the requirements of Linux distributions), a new architecture would need to support at least: LLVM and GCC targets, a port of the Linux kernel, a V8 backend, and acceleration for various codecs.
And while at this point a platform needs to have support from both compilers, I can see the GCC/glibc ecosystem being made redundant; LLVM is more adaptable and has found its way into so many specialized compiler stacks.
C++ is a 28-year old language that's been showing its age for at least a decade or two. If we want the software world to progress we need to move on from such languages.
When I see someone mention human nature in some blog, I stop reading...
Human nature is our species ability to transform nature. A cat, for example, is only doing hunting for immediate consumption. A pet cat is even more limited, just a furrring biological shell, he does not hunt.
So when a human is limited in all his potentials, thinking, planning, building, etc to something like a tool on the market, optimized for some task, when human relations limited to objects of consumption... this will reduce human to just one sided being.
May be this optimization was once necessary some time ago, since labor productivity was low and this high division of labor allowed optimized production, to feed everyone.
At the moment, the labor productivity is so high, that only 10-20% working on something necessary for living. But all work is still done as this optimized instrumental labor, as life depends on it. This is not required anymore.
The solution is obvious.. build more not as an optimized one sided "worker", but as an universal human being, as a free time activity.
Which politically means that the work day should be reduced.. and this is not easy to implement. But if you really want a social change, this is the way to go.
I agree specialization has allowed the expansion to other fields. Fields like microcontrollers, biological development, energy research, etc.
This is why we see an exponential growth in development of new products and new science. If those same people were required to work in the fields to eat, we wouldn’t see the expansion.
... now ... how does this work In practice? How do we get these efficiency gains in agriculture and other necessary parts of life?
Cheap and transportable energy. Fuel, gas, etc. if we want to reduce the work week we need exponentially cheaper energy OR research into new forms of energy production. The later is currently happening and needs to continue to happen. In the mean time, we also need cheap and transportable energy.
For reference, I own a farm. I code professionally and as a hobby raise cattle and food. I can do that only because I have the fuel to run a tractor and the wireless internet provided from the satellites. To your point, in a 50-60 hour work week I can produce enough food for 20-30 families for the year AND be a highly skilled tech worker AND raise a family. All because of fuel.
Now to my point, in my opinion, specialization has less to do with it. Cheap energy is what allows it. Anyone could raise cattle or grow food with minimal training. But without fuel you can’t produce food for more than a few families per year.
Indeed. A rather curious difference between the Anglo-Saxon and Latin work ethic (and of course I'm painting a picture here, this blunt generalisation is meant only to propose an argument), is that: For the former, your job is who you are - the second question out of anyone's mouth in the UK is 'what do you do?'. Whereas, for the latter, who you are in society determines your job.
Hopefully we can reach beyond both these erroneous socialisations.
You can reduce work right now if you'd like. Live like the 1920's. No access to modern medicine, no automobile, no internet, no antibiotics. Grow your own food.
Only if you already own your own housing or live somewhere where that is already covered for you. Even then it's not like the job market is bursting with opportunities where you can take a decent FT position and earn the same pro-rata at lower hours.
Except that's the healthcare industry including large swathes of money going to parasites like student loan providers and opiate pushers as a whole, not 'modern medicine' or 'antibiotics'.
Cuba's standard of healthcare is a reasonable compromise, and their total spending per capita is 2% of the USA's gdp per capita.
The internet as a tool for sharing information rather than an endless red queen's race of scammers is similarly cheap.
And yes please, let's get rid of the private automobile. Without it we can build dense enough that walking (or transit or bikes) will get you where you are going far faster than driving 5x as far at an average of 30km/h does now.
It's really hard to get a job with such nonstandard hours, and also the housing market is extremely screwed up, and wages haven't risen enough with productivity gains, among other things.
But my choice isn't what's important here. What's important is that you don't have to give up the vast majority of modern amenities because those are usually very cheap.
Considering health is quite literally the most important thing in your life (can't spend it when you're dead anyway unlike the Egyptian pharaohs) I do not understand why so many complain about the cost of healthcare.
But when you are twenty I suppose one sees health differently. When you are 60 and take a bunch of pills to keep yourself from dying it suddenly all makes sense...
At a certain point... how many hours of your life are you willing to spend working to extend your life by an average of 1 month / 500 waking hours?
If almost all of GDP was healthcare, with costs dramatically increasing with age, then that number climbs for each additional month and reaches into the thousands. I wouldn't make that trade, especially because I'd be spending so many of those hours in my early to mid life.
Cash spent on an activity does not reflect the time that it takes, doubly so if you were able to reduce the administrative layers involved in eg health insurance.
Ah, some stupid Silicon valley bullshit. Programming and many more things done there, is not work. Yeah, it looks like work, but it is not, it does not produce something necessary for biological living or education or life support. It is more like: I like reading, I read 18 h/day. OK, cool.
Work is something that is done to reproduce life. Programming, reading, is not work, it is life activity itself, do it as you like.
Example 2: it does make sense to optimize biologically needed production. But it does not make really sense to optimize life activity. I like cycling, I measure my performance, but I'm ok that some people cycle just for fun.
Yes, I too think that GDP growth goal is not very compatible with sustainable production. But not to the point where you have less kinds of food.
But the main problem I think is: there is no option to work less. Lets say you want to consume less, what will you do with your money, throw away? So I think that the workday should be reduced.
I think there is a contradiction: on one hand, consumption should be reduced for sustainable production. But I have not heard anything on reducing the work time. I do not think that there can be a consensus that asks to work more for less.
It is not possible for some type of workers, who already work 12 h/day and have no savings.
Something should change in what work is, how production is organized and profit is produced or I do not see how else this contradiction can be resolved.
The work can be organized by reducing work time (workday) to produce all there is necessary for biological living. Say 4 h workday (see productivity growth on why this is possible), no wage cut, at production factors, construction, food, etc. This 4 hour workday will be enough for some good level of living. And everything else can be produced somehow else, not as work. Then it will not be necessary to keep production of some object only for the sake of paying for a house, thus consumption will slightly lower but work day will lower, too.
