| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by Ygg2 1380 days ago

> You can't simultaneously argue that unsafe languages are categorically bad and also use unsafe rust as an argument against rust's limitations. Unsafe is either bad or it isn't.

I'm not arguing philosophically. I'm arguing from a safety viewpoint. A language that's 100% unsafe is worse than a language that's 1% unsafe.

Saying it's not perfectly safe is sophistry. Nothing is perfectly safe, but you still don't hand out your sensitive bank information to random person on the Internet/street/etc.

> Again, once you use unsafe Rust, why not just use an unsafe language?

Assume data race happen. Would you prefer to audit 30k lines or 3? Unsafe language is unsafe everywhere. In Rust, you can limit your search to unsafe regions.

> Static analysis tools outside of the language would also be the way you would check for UB and unsafe behavior in languages like C and Zig.

Define outside language? Miri is maintained by rust-lang team. And Clippy and so on. Sure valgrind and so forth aren't, but their checks are somewhat complementary.

> For instance, let's say I am making an HPC program for identifying pricing arbitrage in the market which generates 10 million dollars a day when it's operating. If it takes 10 days longer to implement in Rust, that cost me 100 million dollars. I am not going to care if it crashes twice a day because of an NPE I didn't catch.

Sure, but if your implementation has a data race error, that when triggered happens causing massive loss of funds. First you'll have to find the issue (good luck searching most of language and deps). Then you need to patch it to prevent future errors. And it can happen again. So maybe 3 days here, 5 days there, 4 days there, and so on.

Granted it's a contrived example, but hey... If you want HPC and safety use Java/C#/Lisp, no Rust necessary.

Point being - Strength of Rust isn't in speed of development, so much as in avoiding certain sets of bugs. And borrow checker isn't the only tool to achieve this.

> Depending on use-case.

On that I agree. If your game is one and done (no maintenance), no user content, no MP, basically worse that can happen is crash sure go ahead. Jams are in that way perfect candidates for small langs where speed of development is crucial.

I'd argue most sold games aren't one and done.

> I don't even know what to say to this. Spaces and punctuation got accepted because they're more ergonomic and universally accepted by consensus as the better solution for making text readable.

Keep in mind that in Rome everything was written without spaces for hundreds of years. From their POV the spaces would be just unnecessary fluff. And there are still languages that have little to no spaces, so spaces aren't even universally accepted. See Chinese and Japanese.

> Most system programmers do not program in rust.

I don't understand, this wasn't specific about just systems language? Going from C# to Zig is a safety downgrade (but a possible performance uplift). And GC langs have been used in OS implementations.

> There's no consensus that it has chosen the right tradeoffs.

Sure, but consensus is a matter of current status and it's not set in stone.

Status quo is C, which has null - a trillion dollar mistake (adjusted for inflation and software spread :P)

> What's your point? Python is not the easiest code to maintain...

My point that we use Python won in ML because allowing people to achieve value isn't the only important aspect. There are many aspects. Sure you get to pick your own, but I've seen too many CVEs caused by memory unsafety.

But safety and reducing footguns should be ideals for any language to strive. Reintroducing footguns? What's next? Return of GOTO Spaghetti monster.

1 comments

skohan 1380 days ago

> Saying it's not perfectly safe is sophistry. Nothing is perfectly safe, but you still don't hand out your sensitive bank information to random person on the Internet/street/etc.

You want to make a nuanced argument that calculated unsafety is better than general unsafety, but you don't want to accept a nuanced argument that Rust's safety tools maybe a detriment in some use-cases.

> Assume data race happen. Would you prefer to audit 30k lines or 3? Unsafe language is unsafe everywhere. In Rust, you can limit your search to unsafe regions.

It depends on the use-case.

> Sure, but if your implementation has a data race error, that when triggered happens causing massive loss of funds. First you'll have to find the issue (good luck searching most of language and deps). Then you need to patch it to prevent future errors. And it can happen again. So maybe 3 days here, 5 days there, 4 days there, and so on.

This is a strawman argument which doesn't reflect reality. C/C++ is actually the main language used in HPC applications like high frequency trading, and they have massive incentives to choose the correct tool for the job.

> If you want HPC and safety use Java/C#/Lisp, no Rust necessary.

You can't. I chose HPC deliberately as an example: in HPC performance is the most important constraint. You couldn't use a garbage collected language because you will not be able to optimize memory performance beyond a certain point since you don't have direct control over allocations.

> On that I agree. If your game is one and done (no maintenance), no user content, no MP, basically worse that can happen is crash sure go ahead. Jams are in that way perfect candidates for small langs where speed of development is crucial.

Then what are we arguing about if you agree with me?

> Keep in mind that in Rome everything was written without spaces for hundreds of years. From their POV the spaces would be just unnecessary fluff.

You don't know that. They might have looked at spaces and understood immediately that it was an improvement.

> And there are still languages that have little to no spaces, so spaces aren't even universally accepted. See Chinese and Japanese.

What point are you trying to make? Wouldn't that support my argument that there's room for different modes of programming, both safe and unsafe?

> I don't understand, this wasn't specific about just systems language? Going from C# to Zig is a safety downgrade (but a possible performance uplift). And GC langs have been used in OS implementations.

I could have also said "most systems programmers don't program in safe languages". The point is the jury is still very much out on whether language-level memory safety is the best solution for all systems programming languages. It's relevant because Zig is the language you are cliticising.

> Status quo is C, which has null - a trillion dollar mistake (adjusted for inflation and software spread :P)

You can focus on the negatives because C is literally the most successful PL ever which the entire world is built on. People are already talking about how GC is a mistake for a lot of applications. Maybe 10 years from now we will be talking about some big mistake Rust made with async colored functions.

Maybe it will turn out Zig's approach is the right one. We don't know yet.

> My point that we use Python won in ML because allowing people to achieve value isn't the only important aspect.

It's the most important aspect. Every other aspect is just relevant to how you deliver value.

> But safety and reducing footguns should be ideals for any language to strive.

I'm sorry but you seem to be missing my entire argument. You agree there are tradeoffs. You agree there are use-cases where safety might not be the most critical thing. You have agreed with every component of my argument but you then want to draw the conclusion that safety is somehow a requirement for every new language.

link

Ygg2 1380 days ago

> You want to make a nuanced argument that calculated unsafety is better than general unsafety,

No. I'm making a simple argument. More safety is better than less safety. You're trying to move argument that since perfect safety is impossible it's not worth pursuing. This is the sophistry part.

> It depends on the use-case.

No it doesn't. Debugging 30k lines is always going to take more than 3/30/300 lines especially when data races are involved.

> This is a strawman argument which doesn't reflect reality.

I said it's a contrived counter example for a contrived example.

> You can't. I chose HPC deliberately as an example: in HPC performance is the most important constraint.

There are HFT systems using Java, few were on HN even. That said, you might have thought of UHFT, but those use FPGA and ASIC, so not even C/C++ would be really correct.

> You don't know that. They might have looked at spaces and understood immediately that it was an improvement.

I know human nature. What we are used to is what we consider natural/ergonomic.

And for the record ancient Greek and Romans made it point of pride to know where and how words end.

> Wouldn't that support my argument that there's room for different modes of programming, both safe and unsafe?

Well, not really. I'm saying ergonomic isn't universal. Due do mixing with English and other such languages what's considered ergonomic is shifting towards spaces and punctuation.

> It's the most important aspect. Every other aspect is just relevant to how you deliver value.

Ok, I see where you are coming from but I fundamentally disagree. If you prioritize delivering stuff fast (move fast, break things) you'll end up with a lot of broken software, and unmaintainable messes along the way.

Maintainability and safety should be primary motivatiors.

Without safety, your performance gains can be rendered moot point anyway. And without maintability your code performance will slowly rot and die.

link

skohan 1380 days ago

> No. I'm making a simple argument. More safety is better than less safety. You're trying to move argument that since perfect safety is impossible it's not worth pursuing. This is the sophistry part.

I'm not trying to move anything. I've made the consistent argument from the beginning that more language-level safety is not the most important design constraint for all use-cases.

> No it doesn't. Debugging 30k lines is always going to take more than 3/30/300 lines especially when data races are involved.

Yes it does. See HPC use-case.

> There are HFT systems using Java, few were on HN even. That said, you might have thought of UHFT, but those use FPGA and ASIC, so not even C/C++ would be really correct.

The point still stands.

> I know human nature. What we are used to is what we consider natural/ergonomic.

Ok now I suspect you're deliberately waisting both of our time. You can't claim to know what romans thought about spaces.

> If you prioritize delivering stuff fast (move fast, break things) you'll end up with a lot of broken software, and unmaintainable messes along the way.

I never said you should prioritize delivering stuff fast. I said you should focus on delivering value. So if your code is an unmaintainable mess, cleaning up your code is going to be the shortest path to delivering more value because it affects your velocity.

If you're writing OS-level networking code, safety is going to be critical to delivering value because security is paramount to your mission.

If you're writing a game, having direct, explicit, ergonomic access to memory may be more relevant to delivering value than slowing yourself down to make sure you are 100% sure every line of code is safe.

> Maintainability and safety should be primary motivatiors.

Unless they're not. If I'm prototyping a project it might me much more important to get something in front of users to see how they like it than it is to make something safe and maintainable.

Some code is used and built on for years and years. Other code is used and thrown away after it serves its purpose.

link

mzl 1376 days ago

> There are HFT systems using Java, few were on HN even.

The HFT systems I know about in Java are mostly not recognizable as Java to most Java programmers. They use static allocation of all data making sure that there is no risk of a GC interrupt and have a fixed set of threads that have assigned cores.

It is sometimes a reasonable way to build a system, but very seldom.

link