thingsiplay@beehaw.org
on 13 Nov 2024 08:46
nextcollapse
with a generous $1M contribution from Google
1M only? Google pays 500M (half a billion Dollar) to their rival Mozilla Firefox. Each year. I don’t want to make this a Mozilla thread, just want to say they could have done more than just a million Dollar for Rust. Given that Google uses Rust as well.
onlinepersona@programming.dev
on 13 Nov 2024 12:28
collapse
I bet this won’t have an impact on memory safety and interop means C++ compilers have to be stricter about memory layout and reduce unspecified edge cases.
robinm@fosstodon.org
on 13 Nov 2024 13:30
collapse
@onlinepersona@snaggen Indirectly it can. Recent studies showed that old code is very unlikely to have security issue. This means that if all new code can be in Rust, while keeping the old code in C++ will be much more secure that rewrite all C++ (because by definition rewrite have more bugs since its new code). So interoperability is both safer and cheaper.
5C5C5C@programming.dev
on 14 Nov 2024 01:16
collapse
It makes total sense that new C++ will contain a higher percentage of bugs than old C++, but after being an almost full time Rust dev for the last two years, you will not convince me that new Rust code has more bugs than old C++ code.
So far I have yet to come across a bug in any of my Rust code that made it into production. All issue reports from users are still related to the C++ code base that we haven’t managed to fully divorce from.
The only advantage to C++ interop is that managers want to see new code get deployed immediately and continuously. They don’t want to wait until the corporation’s billions (literally) of lines of code are all rewritten in a new language before they start to see the benefits of that transition.
robinm@fosstodon.org
on 14 Nov 2024 01:50
collapse
@5C5C5C I found back the study I was talking about
> The good news for organizations with a lot of unsafe legacy code is that rewriting old code in new languages probably isn't necessary.
> That's not to say old bugs miraculously become unexploitable. Rather, the overall density of vulnerabilities diminishes – a statistical win but not a guarantee of safety.
threaded - newest
1M only? Google pays 500M (half a billion Dollar) to their rival Mozilla Firefox. Each year. I don’t want to make this a Mozilla thread, just want to say they could have done more than just a million Dollar for Rust. Given that Google uses Rust as well.
The money Google pays to Mozilla has a direct ROI, since more people use their search engine.
Giving money to the Rust foundation only helps Google very indirectly, by being generally benefitial to software companies.
Google is using Rust more and more in Android, Chromium. So its in Googles direct interest to have a better interoperability between Rust and C++. www.theregister.com/2024/03/31/rust_google_c/ and techradar.com/…/google-hails-move-to-rust-for-hug… are articles talking why Google likes using Rust.
I bet this won’t have an impact on memory safety and interop means C++ compilers have to be stricter about memory layout and reduce unspecified edge cases.
Anti Commercial-AI license
@onlinepersona @snaggen Indirectly it can. Recent studies showed that old code is very unlikely to have security issue. This means that if all new code can be in Rust, while keeping the old code in C++ will be much more secure that rewrite all C++ (because by definition rewrite have more bugs since its new code). So interoperability is both safer and cheaper.
It makes total sense that new C++ will contain a higher percentage of bugs than old C++, but after being an almost full time Rust dev for the last two years, you will not convince me that new Rust code has more bugs than old C++ code.
So far I have yet to come across a bug in any of my Rust code that made it into production. All issue reports from users are still related to the C++ code base that we haven’t managed to fully divorce from.
The only advantage to C++ interop is that managers want to see new code get deployed immediately and continuously. They don’t want to wait until the corporation’s billions (literally) of lines of code are all rewritten in a new language before they start to see the benefits of that transition.
@5C5C5C I found back the study I was talking about
https://www.theregister.com/2024/09/25/google_rust_safe_code_android/
> The good news for organizations with a lot of unsafe legacy code is that rewriting old code in new languages probably isn't necessary.
> That's not to say old bugs miraculously become unexploitable. Rather, the overall density of vulnerabilities diminishes – a statistical win but not a guarantee of safety.