Slashdot Mirror
Rust Creator Graydon Hoare Says Current Software Development Practices Terrify Him (twitter.com)
An anonymous reader writes:
On Monday Graydon Hoare, the original creator of the Rust programming language, posted some memories on Twitter. "25 years ago I got a job at a computer bookstore. We were allowed to borrow and read the books; so I read through all the language books, especially those with animals on the covers. 10 years ago I had a little language of my own printing hello world." And Monday he was posting a picture of O'Reilly Media's first edition of their new 622-page book Programming Rust: Fast, Safe Systems Development. Then he elaborated to his followers about what happened in between.
"I made a prototype, then my employer threw millions of dollars at it and hired dozens of researchers and programmers (and tireless interns, hi!) and a giant community of thousands of volunteers showed up and _then_ the book arrived. (After Jim and Jason wrote it and like a dozen people reviewed it and a dozen others edited it and an army of managers coordinated it and PLEASE DESIST IN THINKING THINGS ARE MADE BY SINGLE PEOPLE IT IS A VERY UNHEALTHY MYTH)." He writes that the nostaglic series of tweets was inspired because "I was just like a little tickled at the circle-of-life feeling of it all, reminiscing about sitting in a bookstore wondering if I'd ever get to work on cool stuff like this."
One Twitter user then asked him if Rust was about dragging C++ hackers halfway to ML, to which Hoare replied "Not dragging, more like throwing C/C++ folks (including myself) a life raft wrt. safety... Basically I've an anxious, pessimist personality; most systems I try to build are a reflection of how terrifying software-as-it-is-made feels to me. I'm seeking peace and security amid a nightmare of chaos. I want to help programmers sleep well, worry less."
"I made a prototype, then my employer threw millions of dollars at it and hired dozens of researchers and programmers (and tireless interns, hi!) and a giant community of thousands of volunteers showed up and _then_ the book arrived. (After Jim and Jason wrote it and like a dozen people reviewed it and a dozen others edited it and an army of managers coordinated it and PLEASE DESIST IN THINKING THINGS ARE MADE BY SINGLE PEOPLE IT IS A VERY UNHEALTHY MYTH)." He writes that the nostaglic series of tweets was inspired because "I was just like a little tickled at the circle-of-life feeling of it all, reminiscing about sitting in a bookstore wondering if I'd ever get to work on cool stuff like this."
One Twitter user then asked him if Rust was about dragging C++ hackers halfway to ML, to which Hoare replied "Not dragging, more like throwing C/C++ folks (including myself) a life raft wrt. safety... Basically I've an anxious, pessimist personality; most systems I try to build are a reflection of how terrifying software-as-it-is-made feels to me. I'm seeking peace and security amid a nightmare of chaos. I want to help programmers sleep well, worry less."
Don't know enough about programming languages to recognise a reference to the ML language, even in a tweet that also describes some of its features? Just elide the references you dont understand and replace ML with "machine learning" and you too can be a Slashdot submitter! Don't worry, there are no editors checking that your summary reflects the contents of your links.
Well, his zombified hoarde of brainwashed language fanbois terrifies me, so I guess we're even.
The summary say "machine learning" but if you read this feed you'll see it's "ML". ML is programming language.
I know some people are excited about it but Rust is just the language de jure until it gets an actual spec that other people can implement.
Anons need not reply. Questions end with a question mark.
... making the difference between "return the evaluation of this expression" vs "don't" is such an improvement in software development practices.
Rust is interesting, the way that that wreck on the 101 is "interesting".
-- A change is as good as a reboot.
DeWalt doesn't sell power tools that go out of their way to make sure you don't cut off your fingers.
Unfortunately, they do. That's why when I get a new power tool, I have to make modifications to pare it down to an elegant C-style device:
I remove the blade guard. I cut off the grounding prong and file down the ears on the neutral conductor. I permanently glue down the little trigger interlock button. I put a lock washer on the blade arbor so that it can't ever slip and reduce my torque. None of these annoying things even matter so long as I never make a mistake.
To prevent casual accidents. Nothing is stopping someone from sliding the guard out of the way and jamming their hand into it. Programmers should know how to use their tools so they don't do the equivalent of sliding the guard out of the way and jamming their hand into it.
You'd think so. And yet here we are with buffer overflows still causing havoc, Intel's best and brightest allowing your CPU to get pwned at the hardware level, Apple allowing anyone with local access to authenticate as root with no password, Adobe still shipping Flash Player update after update, Oracle releasing patch upon patch for Java and Microsoft being forced to un-patch systems that have just been patched due to a higher than expected number of reboots. Even OpenBSD which is secure by design and runs fully audited code isn't immune from remote exploits in the base install.
We have spare CPU cycles today, we don't need to code for the bare metal to get the performance we need. What we do need are safety nets and liferafts to prevent human errors from becoming security vulnerabilities. Humans make mistake. Maybe the top 5% of programmers would never make these kinds of errors, but not every programmer writing code for a major (or not so major) corporation is an International All-Star Programmer. By definition, 95% of them are not in the top 5% of coders.
Even with safer languages these errors can, and will, occur - but there are whole classes of errors and vulnerabilities that are able to be prevented by using a suitable language. There are other errors that can still be made in safer languages, but you need to go out of your way to do so.
It's the same with tools. There's a guard on my circ saw, but I can slide it out of the way if I try. It does mean however that after I've made a cut, if I put the saw straight down, it's not going to drive itself across my workshop floor, or cut my toes off.
He is terrified of other language because, being a Social Justice Warrior, his group finds the terms "master" and "slave" to be "problematic."
No, I'm not kidding, though I wish I were.
When a language is gleefully throwing away well understood, well used terms because of someone's misguided feelings, then quite frankly I wonder what other decisions - truly important ones - have been impacted by the same toxic SJW attitude.
I hate to break it to you, but the early power tools were very dangerous, they lacked handguard etc, and they lacked automatic cut-offs in case you cut yourself. You had to actually turn the power off manually to stop them cutting your fingers off, instead of having something you need to constantly hold down to make them work. Those safety features came about in the 1970s mainly, because when power tools started being used by home handymen in the 1950s, they were cutting too many fingers off.
Good tools take into account the range of people who need to use them, and add in ALL the safety that you can, which doesn't sacrifice performance. A few simple changes to C/C++ can reduce many of the common typos and bugs, by turning them into compiler errors. More errors picked up by the machine is a good thing. For one, if less bugs creep through, the cost of code and time wasted on code checking is reduced. This means even good programmers become more productive, while bad programmers get more feedback from their tools.
I have recently performed a relatively simple development by using programming languages on which I had low-to-to-no experience: Perl (low), Ruby (no), Rust (no) and Go (no). Note that I am quite adaptable on the programming language front and that this small experiment was precisely meant to showcase these adaptability skills. Rust was, by far, the most difficult-to-learn, difficult-to-research, counter-intuitive, unfriendly, constrained, unappealing, etc. of all of them. Warnings and errors appeared systematically and, despite their verbosity, were rarely helpful. I had problems even to find an editor/install it! (relied on Visual Studio Code in both Linux and Windows, an editor which I rarely use; and had to struggle with my Visual C++ installation on Windows, which was working fine until Rust came in).
The most ironic part is that so many restrictions and problems are likely to provoke people to rely on whatever option happens to work, which might not be the best/safest one. Being so concerned about making sure that the generated code is extremely safe no matter what by sacrificing flexibility and user friendliness is far from ideal. Restrictions and prohibitions have always to be seen as an in-the-worst-case-scenario resource, not as a primary solution; much less when dealing with something as complex as programming, a very powerful tool supposed to be managed by knowledgeable individuals. The higher the freedom, the better the results delivered by a sensible/knowledgeable person. Unless Rust changes a lot, I don't see it going anywhere. It might get some support from theoretical/academical/inside-whatever-bubble circles, but seriously doubt that developers with real-world experience can like or even accept most of what this language represents.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
That would be the *other* BBC :)
Unfortunately, Rust doesn't have any way of constraining the side effects of unsafe code, and most nontrivial Rust programs end up using unsafe in at least some places.
I am TheRaven on Soylent News
Unfortunately, Rust doesn't have any way of constraining the side effects of unsafe code, and most nontrivial Rust programs end up using unsafe in at least some places.
This is unfortunate: it would be ideal if there was graduated unsafety. Rather than havina an "unsafe" block with everything off, it would be cool if you could specify what you want relaxed.
On the other hand, it's a lot better than nothing. Having 99% of the code safe and spending extra attention on flagged unsafe blocks is better than having to look for pitfalls everywhere.
SJW n. One who posts facts.
It's a bit hard for me to trust someone whose webpage had a banner proudly suggesting voluntary human extinction to make a programming language that is more secure.
Avantgarde Hebrew science fiction
Rust aims for thread safety only through the blunt tool of object lifetime management, but people make it out as though it performs magical compile time checks for deeper threading issues.
Those who do not learn from commit history are doomed to regress it.
I'll also add look up a few of your favorite projects on github and look carefully at the "insights" chart on the contributors. Many of them will clearly have one significant contributor, or maybe a small team, and hunderds of one-line contributors (putting your brand on big projects is good for resumes).
I'd take a team of 4 or 5 solid people over dozens of developers. I resisted 'investmnet' in my team at a former employer as I had never seen a project survive such an expansion with quality intact under their management.
XML is like violence. If it doesn't solve the problem, use more.
What the fuck is Rust? Never heard.
Rust is a relatively new programming language.
I looked into using it a little while ago. On the surface it sounded appealing. It sounded like it would give me a lot of what C++ offers, but without some of the headaches that C++ suffers from.
To keep a long story short, Rust, as a language, did not meet my expectations. The syntax is C-like, but it's also quirky in some ways. The performance was mediocre. The borrow-checking approach to memory management is a pain in the bottom in practice, even after you understand it and have worked with it. There was only one compiler implementation, and I found it to be buggy and slow, even compared to a slow C++ compiler like GCC. The standard library was pretty bad, and the string handling was atrocious. Third-party libraries often didn't compile, and many were woefully incomplete. It was a really bad experience.
But the worst part, in my opinion, was the Rust community. I've dealt with a lot of programming language communities over the decades, but Rust's was by far the worst I've ever experienced.
The whole Rust Code of Conduct thing is kind of weird. I mean, programming language communities got along just fine without codes of conduct for ages. At first I though it was just a symbolic thing, but I soon realized that the Rust Code of Conduct was much more than that. I'd classify it more as a religious text, or even a behavioral script. It was like the Rust community worshiped it. In my experience it turned what should have been friendly discussion among collaborating colleagues into a highly controlled, flow-chart-like, courtroom-like, overly-formal, totally-artificial, robotic-like ritual. You literally had to walk on eggshells the whole time, out of fear of accidentally violating the Rust Code of Conduct in some obscure and non-obvious way.
The Rust Code of Conduct itself is contradictory. For example, there's a paragraph that says, "we don’t tolerate behavior that excludes people", yet that same paragraph starts with, "We will exclude you from interaction if ...". They basically would be violating their own Rust Code of Conduct when they try to uphold it!
I later found out that they even have a Rust Moderation Team that goes around and enforces the Rust Code of Conduct! I can't think of any other programming language community that I've dealt with that has a formally organized hit squad whose sole purpose is to take out community members who are deemed to be "undesirable". It's absurd. It's really, really absurd.
Something else I found disturbing was the extreme leftism that permeated the community. Now I don't think that programming and politics really need to mix much. They're pretty separate, for the most part. But in my experience the Rust community was very heavily into promoting "diversity" and "tolerance" and all of those other left-wing buzzwords, even when they really had nothing to do with programming. It's like they're more focused on "social justice" than they are on creating a usable programming language.
Another thing that bothered me was the smugness I kept encountering from Rust's contributors and supporters. They kept portraying Rust as being this great savior, when in my opinion it's rather mediocre, and actually has some pretty serious flaws and problems. If you questioned these Rust supporters, they would basically belittle and insult you, assuming they didn't try to censor you through down-modding or banning, if the discussion venue supported such things. I found it strange how they often ridiculed C++, yet when it came to the same functionality or features Rust was often much worse than C++.
I've been programming for a long time, and I've used a lot of different programming languages, but my experience with Rust was perhaps the worst I've ever experienced. No programming languag
Not that BBC....
I've never liked the 'unsafe' keyword. It gives two false impressions: code that uses it is unsafe and code that doesn't use it is safe.
A much better keyword is probably 'unmanaged', because that doesn't connote incorrect assumptions and actually represents what the keyword means.
I'm also a firm believer that the most severe software bugs are due to code that isn't designed but merely written. Code is often written only looking at a "nominal" use case without considering failure modes, so even in the rare instances where there are tests in place the tests don't often catch the errors (just look at stuff like the recent Malwarebytes-eating-all-the-RAM thing).
No language is ever going to be able to eliminate software development culture errors. And by "software development culture" I mean things like you need a design, you need tests, and those tests need to adequately cover off-nominal use cases.
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
I took shop in junior high and our shop teacher was showing us how to use a table saw. He demonstrated how to use a push stick and then held up a hand with two missing fingers and said "USE YOUR PUSH STICK!" in a very loud voice. I made sure to use the damn push stick.
Graydon Hoare sounds like the SIGSEGVs he got from his crappy C++ code triggered him.
Then, in classic SJW form, he completely overreacted. And keeping with the SJW "thought" process, it wasn't his fault: a bad workman always blames his tools...
Rust is the intersectional racist victim-mongering language - we are all victims of RAAAACIST C and C++ - languages that allow you to think for yourself - and therefore you are responsible for your code.
Rust is the perfect SJW language - it tells you how to think and absolves you of any personal responsibility for your code.
Sure, but his point isn't that the language allows you to make mistakes - they *all* do that, the problem is that the developers are too overwhelmed with frameworks, libraries, architectures and having to use many different languages all the time that they will make mistakes.
I used to code C++ and I was good at it, the number of errors I put in was minimal. But that was the days when it was the only language I used.
Today I'm using C++ and C# and javascript with a dose of scripting and loads of different ways to do the same thing, and every time I think of dong something I realise I don;t have the same level of expertise I used ot have before - not because I'm no longer good at my job, but because there is so much stuff to remember and apply that I will forget the odd bit here and there, and that is where mistakes creep in.
Once you've seen the kind of serious PCI compliance checking tools that tell you your perfectly-working code is unacceptable because of things you didn't consider, then you get a handle on why the language is not the problem at all.
the only safe way to write code today is to keep it modular, and then to keep things separated. Too bad that all the frameworks you code with try to make everything into a single monolithic lump "for ease of coding" so the noobs can find it accessible.
If you had only experienced programmers coding, in a few languages and systems, they'd be able to do all the stuff we have today, but faster and better. As it is, we try so hard to get as many people coding as possible, and have so many different systems to code in, that the whole industry is a massive chaotic mess.
once all I needed to code was a knowledge of C and the IBM big book of library calls (which told me everything their API did). Today, we need google and stackoverflow and looking up stuff hourly, and even then I'm having to filter results on the version of the library I'm working with so even the results for the documentation is often wrong. How does anyone expect our systems to work properly without massive amounts of effort.
So why does Rust require the programmer to describe intent to an exacting detail, rather than figuring it out on its own? If computers are so very fast at it?
Also, Rust does absolutely nothing about deadlocks. Its multithreading features were designed by people looking for an appearance of parity with e.g. POSIX threads, while neglecting practical applicability. The same problem exists in various other new languages, such as Java and D; omitting POSIX, they can't reach parity despite replicating the threading portion equivalently.
It takes 5-7 Yeats to learn anything to a more than cursory level. Simple programming languages are included in that statement. It's just that some languages fool you into thinking you know more than you do. It's a function of the size of the ecosystem and the primary area of application.
C++ is used for more complicated stuff, on average, than Perl or JavaScript, so you end up feeling like you don't know what you're doing when you jump into the deep end on a C++ project. Again, on average.
I am a consulting real-time systems engineer.
I created the paging and hand-off algorithms which made it possible for cell phones to receive phone calls anywhere and to keep them while moving.
I created the integrated on-line inventory accounting system for McDonalds.
I created the software used by major refineries to make gasoline and distillate from crude oil.
I created software that runs steel mills.
My programs had to work properly, or people died.
I used ANSI C for my work. I created libaries to handle I/O and Memory Management including Garbage Collection.
I mostly worked alone, often with a small team of 6 - 12, and toward the end with 97 at McDonalds and 45 at Home Shopping Network.
By the end of my career, I designed systems using a CASE tool set, then pushed the button and the tool generated the code.
Rust, like C++ and C#, is an academic's desire to get tenure via publications in journals. It, like the others, is a memory hog, snd over hyped.
The problem with C is it will let you do anything the machine is capable of. good, bad, or ugly. It is up to the engineer to specify the desired functionality.
The Functional Specification............
To specify the program architecture.......... The Architectural Specification....
To specify test conditions, and success criteria.. The Test Specification
To specify transformations performed by each and every routine.......... The Detailed Design Specification
To specify data architecture...... The Database Specification
To specify data definitions and constants........... The Header Files...............
Then to write the code in conformance with the above.
It matters not whether you are using COBOL, PL1, ALGOL, BASIC, FORTRAN, ASM, C, C++, C#, JAVA, or RUST.
The professional engineer, thinks, specifys, writes, and tests..... in that order.
INDY
PLEASE DESIST IN THINKING THINGS ARE MADE BY SINGLE PEOPLE IT IS A VERY UNHEALTHY MYTH
It is absolutely true. There is no myth to it. I have been involved in dozens of projects from the tiny, to the absurdly huge. On the small projects I have worked on, they were almost without exception, single developer projects. A single guy building the hardware (for that type of product), and a single software / firmware guy doing the programming. For more medium sized projects, You might break the software into UI and server type setup where each piece is handled by a separate person, but they are essentially separate programs with an API in between. I have also worked on larger projects where I was the sole developer. I had one where I was the sole developer and produced a system that had 50k lines in it. (I was replacing a 250k line product that was written by committee and sucked a fat nut). Took me about a year to reproduce the entire thing complete with learning about the requirements and documenting the new codebase.
I am currently working on another large product (high performance database implementation). We have 4 developers on the project, plus two people who perform code reviews only. Of those 4, only two of us actually produce code in any significant quantity, 1 is an entry level guy that produces what you would expect form an entry level guy, and the other produces not much. The biggest stumbling block is the reviews and documentation process. We do peer reviewed designs and peer reviewed code. The problem is that one of the two review only team members is hopelessly out of his league, and we spend huge amounts of time and effort arguing with him about the designs and review because he simply doesn't get it. He used to be a code contributor to the project, but most of the code he produced has had to be replaced (It was accepted before there was a review process).
The original team for this project consisted of two people, the reviewer mentioned above, and one other person that is no longer with the company. They hired more developers to increase the performance of the "team", when all they needed to do was get rid of the problem and replace him with a competent person, and the project would have moved along just fine. By keeping him on, they are simply slowing down the entire team. I would estimate that he is contributing about -70% of a developer worth of work because he creates so much more work for others than he actually contributes to the project.
TLDR: more developers rarely gets the project done faster or better. You need high quality devs and you need to get out of their way. The biggest challenge is that there are many times as many mediocre or bad devs as there are good devs, and it can be very difficult to tell the difference in an interview. Experience doesn't always mean better either. The problem guy above has been programming for at least 15 years that I know of, and if you give him a hundred more, he still won't be any good.
I wish I had a good sig, but all the good ones are copyrighted
Sadly, his comment is in line with stuff I've seen in the wild. Not *exclusively*, mind. I'm sure there's plenty of normal Rust coders, but it doesn't take a particularly large coterie of insufferable douchenozzles to leave an impression that is really difficult to overcome (in part because, at least for that coterie and those who accommodate them, it's a true impression.)
"People will pay big bucks for the luxury of ignorance."
If you test at all you recognize your fallibility. If you are fallible then your tools should make bugs less likely to have severe consequences. The only way your thinking could be consistent is if you removed the testing part. If you are convinced you can do it first time perfect without testing, then better languages to be able to consistently express constraints and guarantee them are not necessary ... you are, so they are.
Instead you convince yourself that your tests, which we both know will not have had 100% coverage, caught 100% of your bugs. Not even your impressive resume makes that kind of thinking justified.
SJW is a term coined by SJWs themselves [...]
Nope, not even close.
I think you're thinking of the term "PC", which was indeed coined as a joke by the PC crowd.
"Social Justice Warrior" is a term that arose on Tumblr and Livejournal to describe a certain kind of keyboard warrior (related to what we used to call "flame warrior"). Here's the definition on Urban Dictionary:
A pejorative term for an individual who repeatedly and vehemently engages in arguments on social justice on the Internet, often in a shallow or not well-thought-out way, for the purpose of raising their own personal reputation. A social justice warrior, or SJW, does not necessarily strongly believe all that they say, or even care about the groups they are fighting on behalf of. They typically repeat points from whoever is the most popular blogger or commenter of the moment, hoping that they will "get SJ points" and become popular in return. They are very sure to adopt stances that are "correct" in their social circle.
The SJW's favorite activity of all is to dogpile. Their favorite websites to frequent are Livejournal and Tumblr. They do not have relevant favorite real-world places, because SJWs are primarily civil rights activists only online.
If you see someone in real life engaging in activism to reform the structures of society to be more just (as they see it), that person is not a SJW the way it was originally understood.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
We have spare CPU cycles today, we don't need to code for the bare metal to get the performance we need.
Great points, but I must take issue with this. We don't have spare CPU cycles, because this is exactly equivalent to saying we have electricity to spare, which we most certainly don't, especially on mobile.
Language safey features do not necessarily need to come at a run-time cost in any case, since well-written C++ is about as safe and fast as it gets. Unless you count the hours it ends up taking to compile...
Hi. I'm not a Rust supporter, I don't know anything about it except that it came from Mozilla, and I did not attack the person I was replying to.
It was merely a friendly suggestion, and I see two mods agreed with my message.
I do have an account, and this time I decided to post under it. I suppose I could have used it for my earlier post too, but I don't always bother to log in.
(And my skin is fairly thick, but I am not particularly fond of faecal references.)
"Slow Down Cowboy! It's been 58 minutes since you last successfully posted a comment" -- slashdot, driving users away.