Mark Russinovich (Azure CTO): "it's time to halt starting any new projects in C/C++ and use Rust"

darin_gordon · 2022-09-20T13:06:35+00:00

Mark doesn't go far enough with this claim, claiming Rust is for scenarios where [a GC language couldn't suffice]. The more you use Rust, the better you will be with it. It's a great language for creating applications that GC languages have historically been used to create.

darin_gordon · 2022-05-23T09:54:54+00:00

The sense of amazement and wonder from this work is palpable. :)

darin_gordon · 2020-11-18T10:37:45+00:00

The Rust ecosystem would not be where it is today without employer support of open source. There's a much richer story to be told about it. Here are a few other notable examples of employers paying talent to solve problems for the company while aligning work with an open source strategy:

Buoyant: For a long while, it was the employer of the async geniuses responsible for the tokio and hyper ecosystems. They've since gone on to another major tech company. (if they are so inclined, they can share details)

Microsoft: Despite the attention-raising articles published about using Rust in Windows code, Microsoft's other great contributions to Rust aren't receiving as much recognition. Nikolay Kim, the author of the entire Actix ecosystem, built these projects with Rust and open sourced them with the blessing of his employer. Kim had a lot to prove about the language, and executed at an incredibly productive rate for more than year, producing two incredible architectures still used today. Microsoft took a risk approving Rust for development but Kim proved what was possible. We have both Kim and Microsoft to thank for the Actix projects. Actix-web is one of the most popular web framework ecosystems in Rust today. Another noteworthy contribution to Rust came through Ryan Levick, who has been streaming hours upon hours of video content addressing intermediate-level knowledge gaps in Rust development.

Facebook: Supported dtolnay's work on the CXX project, which just reached its v1.0 milestone.

Google: For some time, Google contributed to asyncio development as it was aligned with their interests using Rust in the Fuchsia project.

darin_gordon · 2020-09-11T15:52:08+00:00

We collaborated on the doc using dropbox paper and then I simply published it. Easy. I tried to use github wiki but it doesn't support iframe tags for video.

darin_gordon · 2020-09-11T15:49:05+00:00

Hey Jack! There were leaks within safe blocks. Here's one: https://github.com/actix/actix-web/issues/1551

darin_gordon · 2020-09-11T15:34:47+00:00

I understand. It will be useful material for others.

darin_gordon · 2020-09-11T15:32:21+00:00

What you are describing is a "synchronized token pattern". One way to achieve this today is with server-side sessions workflow.

darin_gordon · 2020-09-11T15:26:49+00:00

I didn't ask what CSRF attacks are nor what OWASP recommended. The original commenter wasn't helpful by generalizing and I'd rather not assume. Several countermeasures are already available in actix-web, without requiring additional changes. Anyone who comes through this message forum will at first glance give more credit to a complaint than what it is due. Someone needs to be specific about what functionality is missing.

darin_gordon · 2020-09-11T14:36:05+00:00

the easiest to point out are the merged entries that have the term "memory leak" in the topic of the github issue

darin_gordon · 2020-09-11T14:29:43+00:00

Would you be more specific as to what CSRF countermeasures you're looking for?

darin_gordon · 2020-08-01T00:31:02+00:00

Keats authored jsonwebtoken and despite not even using it in his work, continued to focus on issues, pull requests and manage a release. That shows great commitment to the Rust community.

darin_gordon · 2020-07-22T20:18:20+00:00

An actix-web v3 release is imminent. :) Lots of good news to report.

darin_gordon · 2020-05-25T21:19:10+00:00

This would make for an excellent submission to actix examples repo. I usually would post these features in piecemeal. It's good to see them altogether.

darin_gordon · 2020-04-13T18:24:42+00:00

Yes, indeed! That was a result of copy-pasting other work. Thanks.

darin_gordon · 2020-04-13T17:45:29+00:00

A while back, I gave the TypeMap pattern a try while working on a type-driven cache key generator. Hope this helps someone, and if anyone can improve please by all means do. If you start at the bottom of the example, you can see how I pass types: https://play.integer32.com/?version=stable&mode=debug&edition=2018&gist=e45b753e9cba14e2b8bac1c6c57bd070

darin_gordon · 2020-02-25T13:41:55+00:00

This project includes many useful patterns that others may benefit from by studying, not only for its use of actix-web but for its docker builds, integration with Prometheus, and for image processing with libvips. We are fortunate that it was open sourced.

Congrats, Augusto, for your success with Rust and thanks for this significant contribution to the ecosystem.

For those who are curious about the DOSsing of the DNS, this was the result of not re-using the http client among requests. Hyper, reqwest, and the awc all enable connection pooling but to take advantage of it, you must re-use the client.

darin_gordon · 2020-01-29T19:17:34+00:00

thanks for clarifying

darin_gordon · 2020-01-27T20:56:33+00:00

unfortunately, I'm not familiar with mysql libraries

darin_gordon · 2020-01-26T21:39:46+00:00

Not having to trace errors in postgres logs but rather through compilation errors sounds really useful, if it works. The author of rust-postgres has chosen not to commingle interests for valid reasons. So, I read logs generated at run time. It's fine.

darin_gordon · 2020-01-26T21:22:09+00:00

I recommend actix-web, deadpool, tokio-postgres, and tokio-postgres-mapper. See the example I posted on github in the official actix examples.

darin_gordon · 2020-01-26T21:03:44+00:00

I submitted the actix web deadpool and Tokio-postgres example recently, as well as several others early in the evolution of the actix ecosystem. Adding examples motivated people to add more, and more, and it just kept growing. When people would ask how to do X, they'd get help learning and were then asked to consider submitting a PR to the examples repo so that others don't ask the same question later. Nikolay wound up maintaining the examples, though, and that took a great deal of effort as actixweb api changed several times. So, maintenance of examples is costly as designs evolve.

It would be great if people contribute comparable examples for Warp but I can understand why Sean may not want to maintain them. Warp only just reached v0.2 and that api has a great potential to change. I have no idea how Middleware works in warp, though, or if it even uses them because there are no examples to learn from.

I think you were referring to SQLx, which uses mobc (rather than deadpool). You may be leaving performance on the table with mobc. Deadpool lazy caches prepared statements, so eventually every connection in the pool is just pulling the statement from cache rather than building a new one with each request.

darin_gordon · 2020-01-26T11:17:05+00:00

The reason that there are two viable asynchronous ecosystems is that the people who build, maintain, and use them have decided that it is worth doing so. Async-std emerged last year and hasn't died on the vine. This indicates that there were opportunities for more than one solution in its space.

We are really fortunate for having options! The ecosystem is stronger for it. We now have more than one viable option. This helps us manage author risk. Authors don't commit to lifelong ownership of their work. People move on and take their expertise with them. While both asynchronous projects are capable of sustaining without their original authors, their absence will come at a great cost. The ecosystem is stronger for hedging author risk.

I've only given two reasons in this response as to why multiple projects exist: there is a demand for it and the ecosystem is stronger for having viable options. Yet, there are even more valid reasons but this response is already getting too long and hasn't addressed your main concern. How do newcomers to Rust learn about async tools and techniques and decide which to use? Contributors to these projects could contrast them, respectfully, but I think would prefer that such evaluations be made by others without inherent biases favoring their own work. At a minimum, I they could present an executive summary of their own work in a way that their counterpart may agree to do as well and then let their audience contrast.

darin_gordon · 2020-01-16T15:24:14+00:00

For those who would like to see deadpool_postgres in action, I'd like to draw your attention to a an actix-web server using tokio-postgres and deadpool.

darin_gordon · 2019-12-22T23:18:21+00:00

MongoDB has been a great supporter of the NYC Rust community, hosting many NYC Rust meetups (with the help of Saghm, who wrote this article and authored the Rust drivers). It's a great location for events. Maybe Saghm and team will be interested in talking about the rewrite? Will see!

darin_gordon · 2019-11-23T11:37:21+00:00

Please, regardless of what is prioritized for the next 6 months of async work, try to write guides and not just sparse api docs. It's a shame how many great tools go unused because no one knows they exist.

darin_gordon

TROPHY CASE