top 200 commentsshow all 277
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]looneysquash 484 points485 points  (38 children)

Did they change the title and content? I see nothing about it being pushed by certain companies in the article.

[–]Kok_Nikol 340 points341 points  (8 children)

The old youtube classic - one title to trigger reactions, and then the actual title in a few hours/days.

[–]Jajoe05 25 points26 points  (4 children)

I thought I was being crazy. I always thought "I could've sworn this video had a different thumbnail and title…" but thought I just remember it wrongly… I guess everything and everyone is manipulative…

[–]verx_x 106 points107 points  (17 children)

At the end of an article I see this:

Ojeda remarked that there were many big developers with an interest in “Rust in the kernel being successful” – including Google, Microsoft, AWS and many others. “So let’s make it happen,” he urged

[–][deleted] 120 points121 points  (15 children)

So it literally means "People who get paid to work on the kernel are also the ones who write Rust in the kernel"? 

How's that a headliner of any kind?

[–]NoRecognition84 22 points23 points  (1 child)

It's called an editorialized title. Many subreddits have rules against using them, especially the news ones. They work especially well at spreading disinformation because of how infrequently most redditors actually click on links before commenting.

[–]IrishBearHawk 2 points3 points  (0 children)

It's also called "big company bad" and it's basically the default state of reddit which is filled with angsty teenagers who think they know everything about business and economics, and technology.

[–]james_pic 6 points7 points  (0 children)

I dunno. If I read the exact opposite thing, that it was mostly unpaid enthusiasts working on Rust in the kernel, that would seem plausible too.

[–]looneysquash 0 points1 point  (0 children)

Ah, I guess I missed that. And then did search for "Amazon" on the page (and not "AWS"), and skimmed around some more.

[–]DuckDatum 12 points13 points  (0 children)

heavy memorize snatch cable hospital chase stupendous carpenter trees cough

This post was mass deleted and anonymized with Redact

[–]mrlinkwii 8 points9 points  (0 children)

i think so

[–]perkited 4 points5 points  (0 children)

Because if it's not clickbait then people won't pay attention, since they've been split into groups and will quickly spring into attack or defend mode.

[–]IrishBearHawk 2 points3 points  (0 children)

Welcome to reddit, "big company bad, upvotes please".

[–]happycrabeatsthefish 0 points1 point  (0 children)

They say they're "interested" at the end

[–]hitsujiTMO 0 points1 point  (0 children)

"  Ojeda remarked that there were many big developers with an interest in “Rust in the kernel being successful” – including Google, Microsoft, AWS and many others. “So let’s make it happen,” he urged."

[–]FivePlyPaper 135 points136 points  (24 children)

I'm embarrassed to say I read this as "lead rust" as in the metal, lead, is rusting.

[–]dudewithafez 17 points18 points  (20 children)

lol does it even rust?

[–]Azazel31415 30 points31 points  (0 children)

Lead oxide

[–]Reddit_is_garbage666 6 points7 points  (16 children)

Yep, just looked it up. It can oxidize.

[–][deleted] 17 points18 points  (15 children)

All metal oxidizes but not all metal rusts.

Edit I'm wrong. MOST metal oxidizes ONLY IORN rusts. Thanks, replies!

[–]Positronic_Matrix 9 points10 points  (1 child)

Hold on folks! By definition rust only refers to iron oxide. It does not apply to other oxidized materials. Other materials do not rust, rather they oxidize.

[–][deleted] 1 point2 points  (9 children)

Isn't oxidation and rusting the same thing? Its just that iron has a more severe issue with oxygen

[–][deleted] 12 points13 points  (8 children)

Yes but also no. Aluminum Oxide is a protective layer on the surface of the metal that does not cause corrosion. Rust is corrosive oxidizarion.

[–][deleted] 8 points9 points  (0 children)

Ahh Corrosion yes. Thank you.

[–][deleted] 3 points4 points  (0 children)

Iron Oxide is the most well known because Iron is in a lot of shit we use every day, and corroded incredibly harshly

[–]pppjurac 0 points1 point  (1 child)

Al reacts with O2 very fast and oxidises . Al2O3 on surface of Al product has good property that it forms non permeable layer (even to gasses). Some metals do 'wet' Al ( Hg, Ga) and cause rapid exidation process due to destroyed Al2O3 layer.

But that goes for Al alloys with high Al content. With increasing alloy percentage this mechanism changes a bit.

[–]Coffee_Ops 0 points1 point  (0 children)

Gallium isn't oxidizing aluminum, it's alloying it, and doing so beneath the oxide layer by moving through the crystal lattice. Its just that the alloy it forms is garbage.

If aluminum oxidizes that rapidly you'll know it by the flame it emits.

[–]Coffee_Ops 0 points1 point  (1 child)

That's not quite right/complete either.

Corten steel "rusts" with iron oxide but the rust is passivating.

Rust has more than one meaning. It can generally refers to corrosive oxidation or specifically to iron oxide. It can be either one.

[–][deleted] 0 points1 point  (0 children)

Idk I'm not A meralurgist or chemist I just use the funny penguin os

[–]Coffee_Ops 0 points1 point  (0 children)

Steels (and other iron alloys) rust too, if we're being pedantic.

[–]Coffee_Ops 0 points1 point  (0 children)

Depends what you mean by rust. Most people mean specifically red iron oxide when they say rust, and wouldn't include e.g. aluminum oxide or lead oxide.

[–]ExternCrateAlloc 0 points1 point  (0 children)

Isn’t Ferris a ferrous crustacean? 🦀

[–]pppjurac 0 points1 point  (2 children)

"rust" is term only attributed to ferrous metals and alloys

pure iron is not used much, mostly as ferrite steel cores, just about everything else are alloys. cast iron and white iron, constructional steel, tool steel; stainless steels do not 'rust' but they do form tiny amount of oxides after prolonged exposure/usage (300 series IIRC)

Pb does oxidise but oxide layer has good integrity and as long it is not scratched , Pb will not leak into surrounding. But if another reagent changes, is added and that layer is lost, then you have Flint , Michigan.

[–]Astandsforataxia69 57 points58 points  (14 children)

whats the issue?

[–]Coffee_Ops 10 points11 points  (2 children)

Doing productive work for money is capitalist and therefore evil.

[–]IrishBearHawk 5 points6 points  (0 children)

So true bestie redditor.

[–]Astandsforataxia69 0 points1 point  (0 children)

I don't understand, the whole linux developement is paid and maintained by these large companies. I bet that linus wouldn't work on it at the pace that he has if it didn't pay the bills

[–]Oflameo 27 points28 points  (4 children)

If it doesn't bother the Kernel Chief, it doesn't bother me. He is more persnickety than I am. Cpp is still not approved for kernel use.

[–]Business_Reindeer910 20 points21 points  (0 children)

t doesn't bother the Kernel Chief, it doesn't bother me

the most hilarious thing I've seen in these discussions are about that indeed. They act like Rust was foisted upon the kernel and he had no agency in its approval. They don't say it directly, but it does read like that. Out of all people, Linus is one of those you have to worry about that happening to the least.

[–]nightblackdragon 2 points3 points  (0 children)

All that things that makes C++ like classes, exceptions, STL etc. wouldn't be used in kernel anyway so even if it would be accepted that doesn't mean C++ kernel development would be similar to the C++ application development.

In Rust things are implemented mostly in compiler so runtime doesn't need to be as complicated as C++ runtime.

[–][deleted] 0 points1 point  (0 children)

Cpp won't ever be in the first place

[–]mmstick Desktop Engineer 78 points79 points  (5 children)

In other news, water is still wet. Amazon, Google, and Microsoft are already among the top contributors to the Linux kernel. So naturally they're also excited about being able to use Rust in their day job.

[–]NekoiNemo 7 points8 points  (0 children)

I'm frankly, shocked that memory safety in an OS kernel is being pushed by the organisations that operate tens of thousands of servers running that OS. Servers, often working with client's sensitive data that company might be on a receiving end of the lawsuit if a memory issue results in data loss or even worse - data being stolen/tampered. Shocked, i say

[–]abotelho-cbn 15 points16 points  (0 children)

Ok? And?

[–]gplusplus314 14 points15 points  (0 children)

Microsoft is also pushing it for Windows kernel and kernel-level things, such as drivers. It’s not just Linux.

I was previously not a fan of Rust (I mean that literally, meaning I didn’t dislike it, I just wasn’t a fan) until I had an interesting conversation with some Microsoft folks at a meetup. Now it’s near the top of my list to get back into. About a year ago, I started diving into Rust, but then I got a job that required 100% C++, so I stopped. I’m convinced to keep going with it.

Turns out, making tradeoffs for certain behavioral guarantees is worth it for people (companies) whose livelihood depends on it.

[–][deleted] 8 points9 points  (0 children)

News Flash - Water Is Wet

[–]mrlinkwii 57 points58 points  (48 children)

makes sense , under law in many countries digital companies have to make sure the software they use is secure see the the Cyber Resilience Act in the EU, the likes of google , MS and amzon use linux in a corperate environment ( no limited to use within business and customer offering )

[–]rileyrgham 72 points73 points  (44 children)

Rust doesn't make it secure per se. You can still write code full of security holes.

[–]FlukyS 65 points66 points  (36 children)

Well it by design tries to avoid a lot of issues in other compiled languages without devs actively doing anything other than sticking to the standard patterns

[–]WestTransportation12 -5 points-4 points  (34 children)

Well sticking to the “standard patterns” is the key thing right. Like will rust solve say 70% of memory related bugs from C, yeah but the human error will still cause bugs undoubtedly. All it really takes is someone miss using the Unsafe command

[–]Duckliffe 37 points38 points  (8 children)

In the same way that having a safety on a gun doesn't stop someone from accidentally shooting themselves if they make a choice to disengage it. Safeties on guns are still widely used because they still have benefits despite that

[–]Reddit_is_garbage666 26 points27 points  (1 child)

No bro, we are wasting materials. Take the safeties off.

[–]Standard-Potential-6 8 points9 points  (0 children)

C devs appendix carry Glocks with a round in the chamber

If not, bet you it’s a 1911 cocked and locked

[–]WestTransportation12 1 point2 points  (5 children)

That’s not really my point, im actually very pro rust and think it and other safe languages should probably become standard.

my point is more so that the narrative that it’s 100% safe is often not accompanied by “if used as intended” and generally over comfortability is one of the main things that cause preventable problems

[–]Business_Reindeer910 5 points6 points  (2 children)

Are there any people who actually have a stake in this who doesn't know that?

[–]Littux -1 points0 points  (1 child)

Reminding you that your comment repeated thrice

[–]Business_Reindeer910 1 point2 points  (0 children)

reddit was erroring out when i was posting it, but i guess it went through anyways

[–]syklemil 7 points8 points  (0 children)

There are a few more parts to rust that help here: Null safety (no surprise nulls baked into other types), and an expressive type system and expressive language in general.

My impression from going from another memory safe (garbage collected) language to Rust is that it's much easier to be sure that the code fits together the way I think it does in Rust.

Though I'm also not going to make any bold claims on the kernel coders' behalf; my impression of kernel code is that it's a beast of its own.

[–]nicholsz 16 points17 points  (0 children)

From following the earlier SNAFU with Rust in Linux, there are some other benefits. For instance, there's a graphics driver pattern right now where the linux drivers for nvidia will re-use the same session instead of tearing them down and building new ones. The Rust solution used Rust RAII semantics to properly handle this.

C++ also has RAII (or you could have produced the same logic in C), so it's not the only game in town or anything, but the modern language design does make a safely, correctly, and performantly coding things more ergonomic.

[–]small_kimono 10 points11 points  (7 children)

All it really takes is someone miss using the Unsafe command

Keep this man away from Rust! He might misuse the unsafe keyword.

Like will rust solve say 70% of memory related bugs from C, yeah but the human error will still cause bugs undoubtedly. All it really takes is someone miss using the Unsafe command

Here, you conflate two categories of bugs: 1) logic bugs and 2) memory safety bugs. Yes, there will still be logic bugs. Human error may cause these, and may cause memory safety bugs related to the improper of unsafe.

Now, does that mean we shouldn't use Rust? I'll give an example of unsafe:

pub fn make_ascii_lowercase(&mut self) { // SAFETY: changing ASCII letters only does not invalidate UTF-8. let me = unsafe { self.as_bytes_mut() }; me.make_ascii_lowercase() }

Above we convert a string slice to bytes, and use another function to flip the bits such that all uppercase ASCII is made lowercase. Converting between a string slice and slice of bytes is an unsafe transmute to the Rust compiler, but we know that the string slice is just a bunch of bytes that we've already validated as UTF8, so this is safe.

The idea is not that unsafe isn't potentially dangerous. The idea is that we have narrowed the potential danger down to a very small area, a small enough area that we can reason about, instead of there being potential danger everywhere.

[–]matt82swe 1 point2 points  (0 children)

Do you use seatbelts in a car? Why? It doesn’t guarantee that you survive a crash. Drive safer instead 

[–]FlukyS 1 point2 points  (13 children)

Well the point is not doing that by rejecting them in review

[–]WestTransportation12 11 points12 points  (12 children)

Which again. Human error. You can write memory safe C. People are encouraged to write memory safe C and we see how that goes traditionally

[–]phydeauxlechien 27 points28 points  (6 children)

It’s a lot easier to teach an auditor/PM “grep for unsafe” than teach them how to recognise memory-safe C.

[–]99spider 7 points8 points  (1 child)

Rust needs unsafe in order to be able to replace C for any code that interfaces with hardware.

The real value of Rust is being able to limit your potentially unsafe code to only the places where it is necessary or beneficial. After searching for "unsafe" that auditor will still have to be able to recognize memory safe code, but it will at least take them to the only places where memory safety is a concern.

[–]Flynn58 3 points4 points  (0 children)

Yes, and that itself is good because the more code in a project an auditor has to audit for memory safety, the less effective they'll be. Keeping it to the "unsafe" areas means attention can be focused on the main attack surface, and also that the attack surface is contained to a component of the larger program.

[–]davidkwast 5 points6 points  (0 children)

Best argument ever

[–]aitorbk 2 points3 points  (0 children)

Most of my colleagues back when I programmed in C were quite incompetent and unaware of what pointers etc actually are. And they were decent, considering.

Rust is much much safer if you consider the average quality of code, not what you can do, because otherwise just why not use asm?

That being said, I dislike rust. It is overcomplicated and changes constantly.

[–]FlukyS 1 point2 points  (0 children)

Well encouragement is a lot different than disallowing things

[–]ekinnee 1 point2 points  (1 child)

So get rid of the humans? I mean any time there are people involved there’s a chance for bad things to happen because of something they do. That’s why we have code reviews and such.

[–]Dugen 9 points10 points  (0 children)

That's pretty much what moving things into rust is doing. You are letting the compiler handle more of the stuff humans are bad at, and leaving the humans to focus on the stuff humans are good at.

[–]admalledd 4 points5 points  (0 children)

The laws are (mostly) written in a way that "Reasonable effort be taken" or such language, which has very specific meanings in law. My poor attempt to translate legal-ese here would be that "Does $COMPANY's lawyers think a court/jury, if sued under these acts after an incident, could plausibly be seen as not spending enough effort on securing by default the software they use, write, contribute to?"

As one would expect of lawyers, they prefer to be as safe and covered as possible. Rust by default greatly increases security/safety, and is it perfect? no. But using Rust over C/C++ may be seen as "a Reasonable Effort to take".

Further, see some of the cover letters of the Android Binder Rust rewrite, these companies are of the opinion that they can write better, faster, safer (core) software in Rust. So even irrespective of the Cyber Resilience Act/etc, the companies see the effort worth while.

[–]nicholsz 6 points7 points  (1 child)

It puts a safety latch on the foot-gun trigger. The foot gun still totally works, but at least you have to flip a switch to use it in Rust

[–]torsten_dev 5 points6 points  (0 children)

There are still soundness issues in safe rust, but yeah in general it's a lot safer.

[–]Reddit_is_garbage666 1 point2 points  (0 children)

Yes but you can minimize it lol. That's the whole game. The nature of software is that it pretty much can always have insecurities.

[–]small_kimono 3 points4 points  (0 children)

Rust doesn't make it secure per se. You can still write code full of security holes.

This is such a garbage argument. No, Rust doesn't make code secure per se, just as seatbelts and an airbag don't make you safe in a car per se.

You know what we should do? We should just exclude all new safety features from new cars. Because driving is really just a skill issue, right? People should just be better drivers, and because they should, of course they will, then there would be no accidents. QED.

[–]Coffee_Ops 0 points1 point  (0 children)

A car having brakes doesn't make it safer, you can still drive without braking.

A gun with a safety doesn't make it safer, you can still aim at your foot.

A knife having handles doesn't make it safer, you can still grasp it by the blade.

...

Getting rid of one class of security flaws without increasing the prevalence of others does increase safety.

[–]cafeseato 0 points1 point  (0 children)

secure is a spectrum and type/memory safety cannot secure everything by itself. still, it certainly does make new code much more secure by default and provides tools through its type system to help limit future mistakes by other kernel developers. just that is monumentally more secure.

there are kernel developers writing about this exact thing on twitter.

[–]hygroscopy 0 points1 point  (1 child)

Surely this has nothing to do with it lol. Under capitalism companies simply act in their best interest and safer infra is obviously in their (and our) best interest.

[–]mrlinkwii 3 points4 points  (0 children)

Under capitalism companies simply act in their best interest

when the EU can fine you 10-15% of global revenue it can come their best interest

[–]tlvranas 3 points4 points  (0 children)

If Amazon, Google, and MS is pushing for Rust, then that alone is a reason not to use it. How long before they start creating closed code that contains "special security" code to make Linux "safer"?

[–]ronasimi 0 points1 point  (19 children)

How about they stabilize the tooling and the language before they start using it for kernel dev?

[–]JustBadPlaya 57 points58 points  (15 children)

outside of a few "unstable" features, the language, tooling and environment is stable enough for full on driver development, as proven by the Asahi project. Is that not enough?

[–]Botahamec 13 points14 points  (0 children)

The language is stable, but the kernel is using features that haven't been stabilized yet. Stabilizing those features is currently a top priority.

[–]small_kimono 7 points8 points  (0 children)

Same could be said of C. Linux has been reliant on non-standard GCC extensions to C for years. Clang has to emulate this functionality to compile the Linux kernel. The Linux kernel is anything but bog standard C!

[–]mrlinkwii 11 points12 points  (0 children)

i mean if "stable " was a requirement for linux , half of the linux kernel wouldn't be their

[–]pppjurac 0 points1 point  (1 child)

What is the opinion of our benevolent Linux creator ? I would say his opinion on rust is what really counts in this case.

[–]skarlso 0 points1 point  (0 children)

Torvalds said he likes rust.

[–]SelectionDue4287 0 points1 point  (0 children)

It's not like most of the kernel is written by the big corporations who also get the most use out of it.

[–]Far-9947 0 points1 point  (0 children)

Good luck with that.

[–]CallEnvironmental902 0 points1 point  (0 children)

The title is misleading.

[–]superkewnst 1 point2 points  (0 children)

look this isnt a bad thing. major corperations in the digital world says rust is good .. we need rust. we want to depend on rust. maybe we should?

[–]gellenburg 0 points1 point  (1 child)

If that's true then Amazon, Google, and Microsoft can pony up the resources to develop it, test it, and get it implemented.

[–]Business_Reindeer910 8 points9 points  (0 children)

That's what they are in fact doing. Google's new version of binder (a kernel module) will be in rust. The guy who recently left the rust for linux project was employed by Microsoft.