More use of Rust is inevitable in open source software

December 26, 2022

Recently, I saw a poll on the Fediverse about making Rust a hard dependency for fwupd. This got me to post a lukewarm take of my own:

Lukewarm take: the spread of Rust in open source software is inevitable, because nothing else fills the niche for 'C/C++ but strongly safe'. We need a replacement C because in general we can't write safe C/C++ at scale.

Rust isn't really my thing, but this shift implies that sooner or later I'm going to have to learn enough to read it and modify it.

I was then asked about my views on Zig in this context:

@williewillus I haven't used Zig, but it (and other C alternatives) doesn't bring the kind of memory, concurrency, and other safety that Rust does. My view is that changes for only small improvements are not going to motivate many OSS developers (although they could get used in some greenfield projects driven by enthused developers).

This issue is similar to how Rust is in our future, but from a different angle. My earlier entry was coming from how quite a few open source programmers like Rust and so naturally were writing things in it. Now I feel that Rust is also inevitable because people trying to add more safety to important software (such as Linux's fwupd) are going to turn to Rust as basically their best option. Zig could become inevitable for the first reason (programmer enthusiasm), but seems unlikely to do so for the second reason, where Rust stands more or less alone.

(In a similar line is Google's Memory Safe Languages in Android 13, although I consider Android only nominally open source software in this sense.)

This shift will inevitably make life harder for smaller and more niche (Unix) operating systems and architectures, since you'll increasingly need a Rust toolchain as well as a C and C++ one in order to bring up various important software. In that way it's just as harmful and also just as inevitable as the migration from HTTP to HTTPS for websites. The security landscape isn't getting much better for C and C++, and at the same time we have a steady increase in the amount of code out there. There are plenty of developers who really want to bend this curve, and asking them to refrain from their best and easiest option in order to help a small fraction of people is not likely to work.

(Telling developers to do better at writing safe C and C++ doesn't work, especially at scale. Doing so is also generally more work than simply writing in Rust, and open source developers have finite amounts of time.)


Comments on this page:

In that way it's just as harmful and also just as inevitable as the migration from HTTP to HTTPS for websites.

Another similarity is the total ignorance of better solutions to these problems. The TLS nonsense obscures cryptographic signing that works, and the Rust nonsense obscures the existence of Ada that worked better decades ago.

I'm thoroughly convinced the reason Rust is pushed so fervently is to make it impossible to build things from source code easily, not that it was easy beforehand.

Written on 26 December 2022.
« Sorting out PC chassis power switches for ATX power supplies
Our varied approaches to upgrading machines with local state »

Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Dec 26 21:43:08 2022
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.