The worst part about MS Office isn't the direct user experience, because I can usually choose to use other software. The worst part is that I and everybody else are subjected to the documents that Office produces. Their defaults and their UX inevitably produce stuff that is hard to read and inconsistent, unless you fight the software really hard and make sacrifices with your desired output. And there's no escape from it. Another specimen of Word's 2.5 cm margins, 200-character lines in poorly designed knockoff Helvetica will probably find its way to my mailbox before the end of the day.
I'm not the person you are replying to, but like all of technology, you just find the latest (or most public) change made, and then fire your blame-cannon at it.
Excel crashed? Must be that new WiFi they installed!
In the chain of events that led to Cloudflare's largest ever outage, code they'd rewritten from C to Rust was significant factor. There are, of course, other factors that meant the Rust-based problem was not mitigated.
They expected a maximum config size but an upstream error meant it was much larger than normal. Their Rust code parsed a fraction of the config, then did ".unwrap()" and panicked, crashing the entire program.
This validated a number of things that programmers say in response to Rust advocates who relentlessly badger people in pursuit of mindshare and adoption:
* memory errors are not the only category of errors, or security flaws. A language claiming magic bullets for one thing might be nonetheless be worse at another thing.
* there is no guarantee that if you write in <latest hyped language> your code will have fewer errors. If anything, you'll add new errors during the rewrite
* Rust has footguns like any other language. If it gains common adoption, there will be doofus programmers using it too, just like the other languages. What will the errors of Rust doofuses look like, compared to C, C++, C#, Java, JavaScript, Python, Ruby, etc. doofuses?
* availability is orthagonal to security. While there is a huge interest in remaining secure, if you design for "and it remains secure because it stops as soon as there's an error", have you considered what negative effects a widespread outage would cause?
This is generally BS apologetics for C. If that was in C this would have just been overrunning the statically allocated memory amount and would have resulted in a segfault.
Rust did its job and forced them to return an error from the lower function. They explicitly called a function to crash if that returned an error.
We don't know how the C program would have coped. It could equally have ignored the extra config once it reached its maximum, which would cause new problems but not necessarily cause an outage. It could've returned an error and safely shut down the whole program (which would result in the same problem as Rust panicking).
What we do know is Cloudflare wrote a new program in Rust, and never tested their Rust program with too many config items.
You can't say "Rust did its job" and blame the programmer, any more than I can say "C did its job" when a programmer tells it to write to the 257th index of a 256 byte array, or "Java did its job" when some deeply buried function throws a RuntimeException, or "Python did its job" when it crashes a service that has been running for years because for the first time someone created a file whose name wasn't valid UTF-8.
Footguns are universal. Every language has them, including Rust.
You have to own the total solution, no matter which language you pick. Switching languages does not absolve you of this. TANSTAAFL.
> You can't say "Rust did its job" and blame the programmer,
You absolutely can. This is someone just calling panic in an error branch. Rust didn’t overrun the memory which would have been a real possibility here in C.
The whole point is that C could have failed in the exact same way but it would have taken extra effort to even get it to detect the issue an exit. For an error the programmer didn’t intend to handle like in this case, it likely would have just segfaulted because they wouldn’t bother to bounds check.
> TANSTAAFL
The way C could have failed here is a superset of how Rust would. Rust absolutely gives you free lunch, you just have to eat it.
“haha rust is bad” or something, is’s a silly take. these things hardly, if ever, are due to programming language choice and rather due to complicated interactions between different systems.
Cloudflare was crowing that their services were better because “We write a lot of Rust, and we’ve gotten pretty good at it.”
The last outage was in fact partially due to a Rust panic because of some sloppy code.
Yes, these complex systems are way more complex than just which language they use. But Cloudflare is the one who made the oversimplified claim that using Rust would necessarily make their systems better. It’s not so simple.
This is what reasonable people disagree on. My employer provides several AI coding tools, none of which can communicate with the external internet. It completely removes the exfiltration risk. And people find these tools very useful.
Are you sure? Do they make use of e.g. internal documentation? Or CLI tools? Plenty of ways to have Internet access just one step removed. This would've been flagged by the trifecta thinking.
Yes. Internal documentation stored locally in Markdown format alongside code. CLI tools run in a sandbox, which restricts general internet access and also prevents direct production access.
I see where you're coming from. But I often find that when I have some idea or challenge that I want to solve, I get bogged down in details (like how do I build that project)... before I even know if the idea I _wanted_ to solve is feasible.
It's not that I don't care about learning how to build Rust or think that it's too big of a challenge. It's just not the thing I was excited about right now, and it's not obvious ahead of time how sidetracked it will get me. I find that having an LLM just figure it out helps me to not lose momentum.
Maybe not slower once it has warmed up, though for memory-bandwidth bound use cases I would still say the lack of mutable records has you fighting the language to get reasonable cache locality (and everybody will hate your code for not being good Java). The fact that everything is a pointer kills the CPU execution pipeline and cache.
But even for I/O bound applications it still feels slow because excessive memory usage means more swap thrashing (slowing down your entire OS), and startup time suffers greatly from having to fire up VM + loading classes and waiting for the JIT to warm up.
I can start a C/C++/Rust based web server in under a second. The corresponding server in Java takes 10 seconds, or minutes once I have added more features.
The article got off on the wrong foot from the start by separating the purpose from the product. To my mind the purpose is the product and always will be.
> To my mind the purpose is the product and always will be.
A lot of industries would disagree with you. There are plenty of products where the physical form and direct purpose of the product itself is quite disjoint from the product they are actually selling.
For example, Hermès doesn't sell bags to carry stuff in - they sell status symbols. Restaurants don't sell food for sustenance - they sell a dining experience. Car companies only tangentially sell modes of transportation - they are treated more like fashion items in practice. Items like wedding rings have zero purpose - what they are selling is a physical manifestation of an emotion.
If everything we ever interacted with was 100% utilitarian, we'd be living in a very dull world.
You misunderstand my point. I'm not saying that the purpose of Hermès is to sell bags. I'm saying that the _product_ that Hermès sells is status, and the product of a restaurant is a dining experience.
We could instead say “promote a utopia where everyone is treated fairly and empathetically and everyone’s needs are met without destroying the planet or a need for government”. That’d “fix” the current problem and more, the issue is what exactly can we do to “promote” that change.
It's actionable if you have some imagination. Raise funds for a nonprofit. Start lobbying on both sides of the aisle. Enlist an advertising company to show the dystopian future if something like chat control comes into effect, poll for focus groups and target them. Find ways to undermine and expose the forces that are pushing for authoritarian legislation.
Humans and LLMs are deterministic in the sense that if you would rewind the universe, everything would happen the same way again. But both humans and LLMs have hidden variables that make them unpredictable to an outside observer.
reply