Not so much when trying to convert coding veterans
Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.
In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.
"You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets," said Lozano and Maier.
Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.
Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.
"Here's the thing, you're not going to force all of us to learn Rust," said a Linux kernel contributor during a lively discussion earlier this year at a conference.
Wut? They're a member, because they find Rust useful. This is just them saying another time that they find Rust useful.
While they (and everyone using Rust) will benefit off of more people using Rust, it's not like they have a vested interest to the point of spreading misinformation.
They’re a member, because they find Rust useful. This is just them saying another time that they find Rust useful.
Fans of a programming language stating they like the programming language is hardly thought-provoking stuff. There are also apps written in brainfuck and that means nothing as well.
I mean, I work as a software engineering and if I'm not doing continuing ed, be it about architecture, storage, or new languages, I'm going to be of less value in the marketplace. I've learnt languages I didn't particularly want to in the past for work (though I generally came to tolerate or even like some of them. Not lua, though; lua can go to hell).
If Rust truly is the better, safer option, then these people are holding everything back.
Fortunately, they aren’t being asked to do that. All the rust team was requesting was metadata about the call signatures so that they could have a grasp on expected behavior.
That timestamp is about where the audience member (a maintainer of ext4 and related utilities) starts speaking. The "here's the thing" quote is around 28:40.
If the linux kernel had any real budget to speak of, they could hire rust experts to maintain the rust code. But the "linux" foundation spends 2% of its budget on Linux, this is the situation you end up with.
I believe that's incorrect. The reporter who started this rumor either misunderstood the meaning of the chart or was lying through his teeth. I'll find the original source and share it here later.
This is the actual source. If you simply scroll through it, you'll see they're investing in many things that move the Linux ecosystem forward. Open standards, open hardware, security in the software stack, providing for latest market needs, keeping an eye on legislation that could affect Linux, staying in touch with important entities in the industry, and so on.
Scroll down near the bottom and you'll find where the reporter got their information from. It's an expenditure chart and, sure enough, it says "Linux Kernel Support 2%" Note, however, that it also says:
Community Tooling 5%
Training and Certifications 7%
Project Infrastructure 9%
Project Support 64% (!)
Note that it doesn't say how any of them is further divided. Remember all the things I mentioned earlier? All of that is value for Linux as a whole.
Software projects aren't just about programming the big thing. Working on a large project will show you this. Could the foundation spend more on Linux? Maybe. But saying they only spend 2% on it is disingenuous.
The reporter doesn't mention this in his clickbait piece, either because he doesn't get it in the first place, or more likely because he just wants to push his views.
This is yet another example why Lunduke isn't a credible source of news.
Why do you believe that forcing something onto everyone around you is justifiable? I mean, if what you're pushing is half as good as what you're claiming it to be, wouldn't you be seeing people lining up to jump on the bandwagon?
It's strange how people push tools not based on technical merits and technological traits, but on fads and peer pressure.
It is literally being pushed for its technical merits and traits.
Memory safe code with comparable performance in the kernel seems like an absolute no brainer.
Also if you watch the video all he's asking for is consistent interfaces for the file systems. He's not even trying to get them to use rust. And the guy starts screeching about how he'll code however he wants.
Is it wrong to expect a consistent and well documented interface?
Pretty sure C is actually being pushed against its technical merits here.
Rust is one of those things that every time I look into it, I don't really follow what makes it so good. What's a good starter project to learn the language and get a sense of what makes it worthwhile over the established stuff?
If your alternative is C++ then it removes the enormous burden of manually tracking lifetimes and doing manual memory management. C++ does have RAII which helps with that enormously but even then there are a gazillion footguns that Rust just doesn't have - especially with the newer stuff like rvalue references, std::move, coroutines etc. It also saves you from C++'s dreaded undefined behaviour which is everywhere.
It has a very strong (and nicely designed) type system which gives an "if it compiles it works" kind of feel, similar to FP languages like Haskell (so they say anyway; I've not used it enough to know). The borrow checker strongly pushes you to write code in a style that somehow leads to less buggy code. More compiler errors, but much less debugging and fixing bugs.
The libraries and APIs are generally very well designed and nice to use. If you've ever used Dart or Go think how nice the standard library is compared to JavaScript or PHP. It took C++ like 2 decades to get string::starts_with but Rust started with it (and much more!).
Fast by default.
Modern tooling. No project setup hassle.
It's a value based language, not reference based. References are explicit unlike JavaScript, Java, C#, etc. This is much nicer and makes things like e.g. copying values a lot easier. JavaScript's answer for ages was "serialise to JSON and back" which is crazy.
Downsides:
Slow compilation sometimes. I'd say it's on par with C++ these days.
Async Rust is kind of a mess. They shipped an MVP and it's still kind of hard to use and has unexpected footguns, which is a shame because sync Rust avoids footguns so well. Avoid async Rust if you can. Unfortunately sometimes you can't.
Interop with C++ is somewhat painful because Rust doesn't have move constructors.
Great language overall. Probably the best at the moment.
I am an electronics engineer, so admittedly only ever worked with C and Python scripting (and not a programmer by any means) but I literally stopped learning rust for embedded because every single tooling setup step was wrong or failed for both chips I was testing out (NRF chip and an esp32-C3). Maybe only embedded rust was still a mess tooling-wise, but I have no use case for learning userspace rust first. It would just be a waste of my limited free time 😅
I would add to the downside that it's not the best programming language for game development, etc. There was some blog post about how troublesome is it to develop games using Rust due to some of the features that are good in other areas, like the whole concept of "immutable by default".
I can also recommend D, if you want to deal with different issues, like the D Language Foundation fearing of change due to not wanting to deal with division from a new and incompatible version yet again, the GC being both a blessing and curse, if you want to go without a (tracing) GC you'll need to go with a custom runtime that potentially missing many of its features, the attribute hell, etc.
Memory safety for one. C is very memory unsafe and that has been the source of a great, great number of software vulnerabilities over the years. Basically, in many C programs it has been possible to force them to execute arbitrary code, and if a program is running with root privileges, an attacker can gain full control over a system by injecting the right input.
I have very limited knowledge of rust, but from what I remember writing memory unsafe programs is nigh impossible as the code won’t really even compile. Someone else with more knowledge can probably give more detail.
That's fair. To be clear, I meant minimal experience with the Rust programming language. I've mainly tinkered with ESP32 types of MCUs in Arduino and CircuitPython when it comes to firmware, but have much more software experience. In some ways, I found the little bit of Rust that I tried easier because of the tooling - defaulting to a CLI tool to flash rather than an IDE is much more comfortable for me.
Meh, it's depends on what you do. I know several low level C engineers who would be far more comfortable rolling a fresh driver over doing some more abstract intro CS projects.