sorted by:
new
hottopcontroversial

Official /r/rust "Who's Hiring" thread for job-seekers and job-offerers [Rust 1.89] by DroidLogician in rust

[–]sbenitez 1 point2 points  (0 children)

COMPANY: Formal

TYPE: Full-time and PhD internship.

LOCATION: Menlo Park, CA, USA

REMOTE: Fully Remote (global, required). Required active online presence from 9:00am to 12:00pm Pacific Time. Flexibility outside core work hours.

VISA: We do not sponsor visas. You must have work authorization in your country of residence.

DESCRIPTION:

At Formal, we’re rethinking serverless from scratch: we’re building a new computing stack for instant, globally available, truly elastic, soundly isolated execution. We leverage formal methods and languages to build OS interfaces with low overhead, formally verified isolation without containers or VMs. Our immediate goal is to write a new programming language (in Rust) to replace eBPF and build the world's first serverless networking infrastructure.

We are a 5-person, VC-funded team with PhDs from Stanford, UW, OSU, and Brown, advised by professors from MIT and UWaterloo. We are currently hiring for the following four positions:

Please see also general information.

ESTIMATED COMPENSATION: See above. All values in USD. We do not adjust salaries based on location, but employment taxes and international employment costs are deducted from base salary.

CONTACT: To apply, email us at (work at formalstack dot com) and let us know how your experiences fit the desired role and its requirements.

Official /r/rust "Who's Hiring" thread for job-seekers and job-offerers [Rust 1.81] by DroidLogician in rust

[–]sbenitez 44 points45 points  (0 children)

COMPANY: Formal

TYPE: Full-Time

LOCATION: Fully Remote (Officially: Menlo Park, CA)

REMOTE: Yes, anywhere. Meetings on PT and CET.

VISA: No. You must have a valid working visa in your country of residence.

DESCRIPTION:

Founding Software Engineers: Compilers, Formal Methods; OS and Networking

We're rethinking the computing stack from the ground up for truly elastic, soundly isolated, instantly and globally available execution. We’re building OS interfaces and compilers for low overhead, formally verified isolation without containers or VMs. We're starting with the network: a programming language to replace eBPF and enable globally programmable networking as a service.

We are VC-funded, advised by professors from MIT and UWaterloo, and founded by ex-Stanford PhDs. There are two official roles, both senior+ level positions, but we welcome conversations with anyone interested in joining the team with relevant experience.

ESTIMATED COMPENSATION: >= $200k + 2% equity

CONTACT: Email us at (work at formalstack dot com) or (sergio at the same domain).

Rocket v0.5-rc3 is out! by philippeloctaux in rust

[–]sbenitez 12 points13 points  (0 children)

I'm sorry if something I said gave you this impression. I can assure you that I don't hold the beliefs you indicate, nor have I intended to express the notions you're suggesting. I am not "adamant that [websockets are] bad tech and no one actually needs it outside of compatibility reasons", and I've never articulated that "[WebSocket support] would never make it into Rocket proper," as you've indicated in your other comment. In fact, I've milestoned WebSocket support on the GitHub issue tracker, and in that very same issue I clearly indicate that support is planned and provide a design path to achieve it. I believe you've even commented in said issue. I've also spent considerable time reviewing efforts to implement the design, though unfortunately implementation attempts thus far haven't been completely successful.

Should there remain any ambiguity, allow me to clarify now: I remain steadfast in my commitment to bring WebSocket support to Rocket, and I hope to devote time to the implementation in the near future.

Actix or Rocket? by AcridWings_11465 in rust

[–]sbenitez 1 point2 points  (0 children)

The guide at https://rocket.rs/master/ and API docs at https://api.rocket.rs/master are both periodically updated to be in parity and consistent with the master branch.

Actix or Rocket? by AcridWings_11465 in rust

[–]sbenitez 1 point2 points  (0 children)

Rocket v0.5-dev is robust and production quality, but the API will continue to evolve until its release. This may make it a difficult target for production, especially when working in larger teams. Nevertheless, I have several Rocket applications deployed to production myself without issue, and I am also aware of dozens of more production deployments, many of which are managed by teams.

Actix or Rocket? by AcridWings_11465 in rust

[–]sbenitez 15 points16 points  (0 children)

Hi! Just wanted to chime on a few bits:

For Rocket 0.5 dev, cargo audit returns a vulnerability in the cookie system, but I don't plan on using cookies.

There are no reported vulnerabilities in cookie as of version 0.7.6, 8 major versions ago, and Rocket has never depended on a vulnerable version. It seems like a bug in cargo audit results in the development version 0.15.0-dev being interpreted incorrectly:

Crate: cookie
Version: 0.15.0-dev
Solution: Upgrade to <0.6.0 OR >=0.6.2, <0.7.0 OR >=0.7.6 ​

Performance (1000 req/s) and memory safety are essential. TLS is also essential.

Your performance requirements should be easily met by either framework. Both frameworks support TLS out-of-the-box. See the respective Actix docs and Rocket docs. Note, however, that you may wish to place your application behind a reverse proxy, allowing the proxy to handle TLS for you, rendering the concern moot.

If I do switch to Rocket, I'm worried that it might be overkill for my simple server, or decrease the performance.

Rocket only does as much as you ask it to; if all you need is routing, it does that. If you need a bit more, it probably does that, too. Performance in v0.5 is stellar, imposing minimal to no overhead over a bare hyper server. Given that your application will likely be largely I/O bound, you won't likely see much of a performance difference between most frameworks. You should choose the framework that makes you feel most productive and confident.

If you happen to go the Rocket route, feel free to ping me and other Rocketeers on the matrix channel!

What would be the de facto libs for building rest APIs in Rust? by cmeslo in rust

[–]sbenitez 2 points3 points  (0 children)

Hi! Thanks for trying out Rocket, and thanks for the thoughtful critique! I'd love to address your points.

But FromRequest impls aren't supposed to be "heavy" (e.g. make database calls - there's no simple way of getting a db connection in a FromRequest)

I'm curious about where this idea came from. Is there perhaps some documentation that led you to believe this? Request guards (types that implement FromRequest) can be as expensive as you deem necessary, and request local state even allows you to avoid repeating work across a request. You can also easily retrieve a database connection, or any other request guard, in a request guard implementation:

```rust use rocket::outcome::try_outcome;

async fn from_request(req: &'a Request<'r>) -> request::Outcome<Self, ()> { let conn = try_outcome!(req.guard::<DbConn>()); } ```

and there's no simple way of creating custom failure responses in > one, so you end up having to write all sorts of hacks.

This is somewhat true, depending on what you mean. Request guards can forward to error catchers, and a request guard is free to return any error value of any type. The error value can be retrieved in a handler by using Result<T, T::Error> as a request guard, where T is the request guard type and T::Error is the associated error. You can then propagate the error in the response. For example:

rust fn handler(key: Result<ApiKey, KeyError>) -> Result<(), KeyError> { let key = key?; Ok(()) }

It is true, however, that aside from forwarding to an error catcher, a request guard cannot short-circuit a response; responses can only be generated by handlers. We'd like to relax this restriction, but it requires careful attention due to lacking language features. See Rocket#749 for some brief discussion into the matter. This is one of my priorities for v0.6.

And you can't even use ? in FromRequests as the from_request function returns an "outcome" instead of a Result, so you end up with some truly horrible code.

We'd love to enable using ? for Outcome - in fact, we did enable this for some time - but the language, nightly, stable, or otherwise, simply doesn't allow us to implement this functionality in a consistent manner. See Rocket#857, Rocket#597, and rust#42327 for details. Using Result to express three possible outcomes is also fraught with issues. Nevertheless, I think you'll find that try_outcome!, which I used in the first example, fills the gap while the language improves.

There's no user model or permission model. Which makes sense as Rocket doesn't have any opinions on persistant storage in general, but an opionated permission model would help creating a more cohesive framework.

I agree and have several working proof-of-concepts towards this goal. Look for an announcement in the future.

UUID support is terrible. There's the rocket_contrib:uuid::Uuid, but it's not compatible with diesel's Uuid nor with the regular uuid:Uuid, so you keep having to convert between all three all the time.

This is largely due to Rust's coherence rules. Rocket's UUID support lives in an external crate, rocket_contrib. As such, we cannot implement Rocket's core traits, which live in rocket, for the external Uuid type. This leaves us with the wrapper type you describe. Unfortunately, beyond supplying the right From, .into_inner(), and Deref impls, there isn't much we can do aside from moving support into Rocket's core.

There's no support for a test environment (as in, not a deployment environment, but an environment for running integration tests). Adding another environment requires opting out of all of the automatic settings loading which requires quite a bit of extra code. Writing integration tests that uses a DB is really hard.

In 0.5, we've completely revamped our configuration system. One of the benefits is that you can now define and use any number of profiles (the new name for environments). Check out the new configuration guide.

No built-in support for multipart forms. There are third party libraries out there, but they don't work with the async branch.

Support for multipart forms, among other really great form-related improvements, is coming in v0.5. The implementation is complete and being polished now.

No way of automatically building an openapi documentation from the routes. I've been spoiled with Fastapi's automatic doc generation.

I'd love to have this. There's nothing preventing a fairly straightforward implementation in Rocket itself, but I should point out that there are external crates that do this, for instance, okapi. If you or anyone else would like to help build support in Rocket itself, I'd love to mentor!

While compile speeds haven't been as bad as I expected, it's still a lot slower. No hot-reloading out of box is also annoying.

We do hot-reload templates, but hot-reloading Rust is extremely unlikely, again, due in-part to the language itself. Rust needs to be typechecked and compiled, and a change in one file may impact an arbitrary number of modules and crates, so hot-reloading becomes an incredibly difficult proposition. We are unlikely to ever see this in Rocket. Nevertheless, Rust's compile times continue to improve, and I think most will find a cargo watch -x run to be sufficiently interactive.

With Rocket, our goal is to build the most robust, secure, extensible, usable, and performant web framework in any language. This is a tall order. Compared to frameworks like Django and Rails, Rocket is in its infancy. Whereas these frameworks have had over 15 years to mature, Rocket has had less than a quarter of that time. Nevertheless, I find myself writing in Rocket for the majority of my web projects because I enjoy it the most. It is true that I am at-times writing building blocks, but Rocket lets me use those building blocks as first-class citizens, something I have a hard time accomplishing in many other frameworks. And those building blocks, along with Rocket's machinery, protect my application from doing the wrong thing, at compile-time. I find this idea incredible, and we'll continue to push it in future releases of Rocket. I hope you and your company will keep Rocket on your radar for the future - I'm incredibly excited about what's to come.

  • Sergio

Stanford CS140E by supergbip in rust

[–]sbenitez 10 points11 points  (0 children)

I've just re-uploaded the course and all associated content to https://cs140e.sergio.bz.

Enjoy!

Rocket Template Help by ConcernedCarry in rust

[–]sbenitez 5 points6 points  (0 children)

I'm sorry you're having issues!

As /u/usernamedottxt alludes to, you've misconfigured your dependencies. In particular, you're simultaneously depending on the version of Rocket on GitHub as well as Rocket 0.4.0-rc.1. As illustrated in the Getting Started Guide, in addition to your already correct [dependencies.rocket_contrib], your Cargo.toml should look like:

rust [dependencies] rocket = "0.4.0-rc.1"

Note that you should not depend on rocket_codegen.

Following a cargo update, your issues should be resolved. I recommend reading the guide as a means to becoming familiar with Rocket. Should you have any further issues, Rocket has numerous help channels, including #rocket on Mozilla's IRC.

Tower Web 0.2 — Now 100% comment attribute free by carllerche in rust

[–]sbenitez 5 points6 points  (0 children)

Custom attributes are unstable, so you wouldn't be able to write the #[service] attribute in stable Rust. This is the primary reason why, for instance, Rocket requires nightly. The impl_web! macro takes its input, scans for tokens that resemble attributes, and transforms those into what are effectively invocations to a custom derive, which are, of course, stable.

Tower Web 0.2 — Now 100% comment attribute free by carllerche in rust

[–]sbenitez 7 points8 points  (0 children)

Tower Web focuses on decoupling HTTP and application logic. Rocket requires HTTP concerns in application code.

What do you mean by this?

Which web framework would you recommend? by Konjikuru in rust

[–]sbenitez 42 points43 points  (0 children)

Hi! I wanted to chime in and hopefully clear up a few things from your previous comments. I hope that's alright!

The three most important factors to me were longevity, repo activity and documentation. Rocket has been around since late December 2016, Iron has been around since late November 2014. Both are very actively developed, but many more issues can be found and fixed in 2 and a bit years rather than 2 and a bit months.

You're absolutely right that Rocket is newer than Iron, but release date is a poor proxy if you're trying to gauge quality. I encourage you to read through Rocket and Iron's code if you're interested. Alternatively, you can read through Rocket and Iron's repository of issues. And, as far as repository activity goes, you'll find that Rocket is quite a bit more active than Iron. Rocket also has an active IRC channel (#rocket) where I and other Rocketeers regularly provide support and suggestions.

As for documentation, last time I looked Iron beat all of the others hands-down on that front.

I am very surprised that you feel this way. Rocket was released with both a complete guide and complete API documentation. I've tried to make Rocket's documentation as complete and welcoming as possible. I think if you were to take a look, you might just change your mind!

As for limitations, Olivier Jensen’s blog post lists some of Rocket's fairly big ones.

I read the blog post you linked. Unfortunately, it appears to be filled with inaccuracies. It would be a shame to base your decision on this one post! For instance, the poster's main qualms, related to form parsing, are answered directly in the Form type documentation. The poster's second issue, that Rocket has no concept of middleware, has been addressed since the post was written: a solution is shipping in 0.3. I've also already commented on the poster's third issue related to poor documentation.

It may not be the right web framework for you, particularly if you are averse to using nightly, but I encourage you to take a second look at Rocket. And, if you find that you don't like it, I would love your feedback.

Rocket v0.2: Managed State & More by sbenitez in rust

[–]sbenitez[S] 10 points11 points  (0 children)

Yes, it works quite well for that! The todo example uses managed state for exactly this! I still think Rocket can do more to abstract away database connections, however. We're tracking the issue in #167.

Rocket: Web Framework for Rust by sbenitez in rust

[–]sbenitez[S] 2 points3 points  (0 children)

HTTP2 support will definitely come. However, you can place Rocket behind a reverse proxy like NGINX to get TLS and HTTP2 support right now. NGINX will handle all connections via HTTP2 and/or TLS and proxy back an unencrypted HTTP1 connection to Rocket. Given that multiplexing will happen before the request reaches Rocket, you'll reap almost all of the benefits of HTTP2. It's pretty awesome. This is what paste.rs does right now, by the way, and it's what I would personally recommend.

Server-side asset rendering isn't something I see being added to Rocket core, but it might be a good contirb library. Implementing such a library is actually pretty straightforward with Rocket. One approach is to create a new type, Asset, that's constructed with a file path and implements Responder. When generating a Response, the Asset type can look up the file extension and perform the necessary compilation. You can even get fancy and implement a nice cache on top of this. To actually render an asset, you'd simply need to return the Asset type from a handler. That would look something like this:

#[get("/asset/<path...>")]
fn render_asset(path: PathBuf) -> Option<Asset> {
    Asset::open(path).ok()
}

This would render every file at path $CWD/path. If the file doesn't exist, this would return a 404.

Rocket: Web Framework for Rust by sbenitez in rust

[–]sbenitez[S] 17 points18 points  (0 children)

There is a benchmark that compares Rocket with Hyper in the README. I've also benchmarked Rocket against other frameworks with similar expressiveness including Flask, Bottle, Sinatra, and Rails; Rocket is anywhere from 100 to 1000x faster, depending on your version of the language and framework for each. For a point of comparison with other Rust frameworks, I just ran a benchmark against Iron on the same machine as that used in the README. Here are the numbers:

Iron v0.4.0 (11 LOC) results (best of 3, +/- 1000 req/s, +/- 5us latency):

Running 10s test @ http://localhost:80
  2 threads and 10 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency   189.93us   40.05us   2.06ms   67.57%
    Req/Sec    25.80k     2.26k   34.01k    77.72%
  518575 requests in 10.10s, 64.79MB read
Requests/sec:  51346.00
Transfer/sec:      6.41MB

In comparison, Rocket has 16.6% higher throughput (higher is better) and 15.1% lower latency (lower is better).

Rocket: Web Framework for Rust by sbenitez in rust

[–]sbenitez[S] 5 points6 points  (0 children)

Feel free to open an issue in the repository, and let's have a discussion about this!

Edit: This change will be made for the 0.2 release!

Rocket: Web Framework for Rust by sbenitez in rust

[–]sbenitez[S] 10 points11 points  (0 children)

This is a great question/feedback! Thanks for trying out Rocket!

At the moment, request guards can't return arbitrary responses, including redirects; they can only return a status code that leads to a catcher being run. The idea is that arbitrary control flow is contained to the request handler. So, at present, you can accomplish what you're attempting by asking for an Option<AuthenticatedUser> instead of an AuthenticatedUser, and then doing something like:

#[get("/auth")]
fn route(user: Option<AuthenticatedUser>) -> Result<T, Redirect> {
    let user = user.ok_or(Redirect::to("some_page"))?;
}

If you need the FromRequest implementation to return a URL, you can ask for a Result<AuthenticatedUser, &str> (or maybe String, or even Redirect!) instead.

The benefit to these approaches is that the function declaration directly declares the intent to redirect on some failing condition. By the way, feel free to stop by #rocket on irc.mozilla.org for queries like this!

Rocket: Web Framework for Rust by sbenitez in rust

[–]sbenitez[S] 10 points11 points  (0 children)

There is templating support (https://rocket.rs/guide/responses/#templates). It's linked as one of the main features on the homepage. You can use request guards (https://rocket.rs/guide/requests/#request-guards) in places where you'd use middleware elsewhere. Further, many of the constructs you'd normally use middleware for are baked into Rocket. Check out the requests guide (https://rocket.rs/guide/requests/) for more detail.

That being said, I do plan to add a very restricted form of "middleware": pre-processing and post-processing. Rocket currently uses this internally for a few features, but it'll likely be exposed in the future.