[jimmydoreornot]

I was a security researcher since 1992. I don't mean to sound arrogant, but why continue to use languages that lead to security holes when we now have a language that it strongly resistant to most of those failings? Rust isn't just type safe or memory safe - eliminating foot-guns was a guiding principle throughout. People hate the borrow checker, but that concept of ownership eliminated broad classes of concurrency bugs. Rust was a godsend for computer security.

[closeparen]

Memory safety is the main thing though, and people were not normally practicing web development in C.

For concurrency safety, there are a number of approaches from functional programming/immutability, to the actor model, to even PHP's shared-nothing architecture.

And then there's the whole area of type safety, fancy type systems, dependent types, etc.

Rust doesn't seem to be a particular standout for web application correctness in the same way that it is for systems code (where memory safety issues are indeed a huge deal), although you could certainly do worse.

[dhzhzjsbevs]

Wasn't most of Google and eBay written in C/C++?

Most of the webs applications were written in C/C++ pre PHP days.

[saghm]

I think the original question here was asking about frontend since this post is about using Rust with web assembly as an alternative to JavaScript. There's no need to use web assembly to use Rust on the backend, nor is there any reason why you couldn't use JavaScript on the frontend if you were using Rust on the backend. As much as I love Rust and prefer to avoid writing JavaScript, I think the arguments for using Rust on the frontend are a lot less clear right now given the hoops you'd need to jump through. If wasm ends up getting proper access to the DOM, that might change, but I'm out of the loop and have no idea if there's any planned timeline for that at all, let alone when that might be.

[icedchai]

Many folks were using Perl CGI scripts, or ASP (VBScript.)

[ozzythecat]

> Rust isn't just type safe or memory safe - eliminating foot-guns was a guiding principle throughout. People hate the borrow checker, but that concept of ownership eliminated broad classes of concurrency bugs. Rust was a godsend for computer security.

How often are folks writing server side code where they need to pass objects across thread boundaries?

Back end logic is usually straightforward. Each request uses a single thread. Maybe there’s some client library that has a thread pool, for things like reusing connections. But that’s about it.

Is Rust a security silver bullet? Are the other languages obsolete? Is there nothing simpler than Rust, because the borrow checker saves you from doing things you can do in C++, and that’s what we should all optimize for?

Again… why do I need Rust and WASM for serving web pages? It sounds like you’re saying security is the number one non functional requirement and is the only requirement, which I don’t think is accurate. Even then, entire companies are running on JVM.

If I have a C++ use case, I can maybe see using Rust benefits in some areas, although the learning curve is very steep.

[switchbak]

Backend logic is not necessarily straightforward, that depends completely on your domain.

Each request uses a single thread? In the stuff I'm working on we often orchestrate asynchronous operations across many different systems, that alone would involve a lot of parallelism and concurrency. We lean heavily into functional code with immutable data, but we're not writing a systems level program.

If you're doing much beyond simple crud, I imagine you're going to want a lot of what you're describing fairly quickly.

[ozzythecat]

> If you're doing much beyond simple crud, I imagine you're going to want a lot of what you're describing fairly quickly.

There are different models for asynchronous execution across different systems. Even then, Rust isn’t a silver bullet.

A request can be scoped to a single thread, and then messages can passed across systems (queues, pubsub, etc), stored to a database, etc etc.

Not having concurrency within a single process doesn’t mean someone is doing simple CRUD, unless you’ve mistaken Facebook.com, Twitter, and Amazon retail website to all be simple CRUD applications.

Rust seems like a solution for your very specific use case, or it’s better suited for C++ and systems programming scenarios.

The borrow checker is a pain in the ass to use. Presenting Rust as silver bullet and ignoring its cost is misguided and near sighted at best. It’s not just Rust but saying <X> is the perfect solution is generally wrong. Every thing has a cost.

[switchbak]

I'm not advocating for Rust (not the OP), and I would say Rust is never a silver bullet any time. It might make sense in context for a given problem and team, but there's a lot to go into such a decision.

I'm saying that once you go beyond simple needs, you're going to want to orchestrate async in a fairly sophisticated fashion. That might be in a Node-style architecture, old-school Java with real threads (probably pooled), new-school Java (ie: project Loom), Go, etc.

"How often are folks writing server side code where they need to pass objects across thread boundaries" - In the JVM land this is very common. Also true in many other environments as well (Erlang, Go, etc). The fact that it isn't true in your tooling of choice doesn't make it universal.

"Back end logic is usually straightforward. Each request uses a single thread" - Again, both of those statements don't ring true to me. Yes, they do in some environments, but certainly not all. Especially the last statement hasn't been true in the stacks I use for over a decade now.

Keep in mind I was also talking about parallelism here, some folks want to do some compute in addition to gluing together API calls.

"Not having concurrency within a single process doesn’t mean someone is doing simple CRUD, unless you’ve mistaken Facebook.com, Twitter, and Amazon retail website to all be simple CRUD applications.". - You're suggesting that none of those systems support orchestration of concurrent calls? Please explain in detail.

"Rust seems like a solution for your very specific use case" - It doesn't actually. Our problems are not system level issues (as I mentioned), and doing manual memory management is an overhead we'd gladly let a GC handle, same with the borrow checker. We don't use Rust, I didn't advocate using Rust. I was responding to your comment about backend code being single threaded and straightforward.

"Presenting Rust as silver bullet and ignoring its cost" - Who did that exactly? - And who said "<X> is the perfect solution"?

Your tendency to create strawman arguments is a bit much.

[Edited for elaboration on not using Rust, not proposing to use Rust]

[neya]

Security is just one aspect of web application development. Writing in rust doesn’t guarantee an application free of security issues like how writing in another language doesn’t necessarily guarantee an app full of security issues.

[jimmydoreornot]

The odds of correct operation are higher with Rust, and for some people that matters a lot to them.

There are plenty of good reasons not to use rust. If your use case doesn't care about security, fine use whatever. Or if time-to-market is critical, use go or whatever. Or if your organization can't handle the risk that when you leave they can't find another good rust developer, then don't use it.

[lolbutwtfsrsly]

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust

Rust only appears safe when compared to C. Many languages have even better support for writing correct programs (thanks to garbage collection, arbitrary-precision arithmetic, message-passing concurrency, contracts, etc.)