[pjc50]

> I have a C++ service running in production

Is it on a network (or other) security boundary, exposed to attack from the Internet?

Is it deployed on millions of machines worldwide?

_Those_ are the primary targets for replacement, because the networked environment is a very hostile place, and people are fed up with the consequences of that. Regular announcements of "sorry all your private data has been leaked lol". Constant upgrade treadmill to fix the latest CVEs.

(the poster child for this was really Shockwave Flash, later owned by Adobe, which had so many RCE exploits everyone united behind Apple killing it off. Even if this meant obsoleting a whole era of media and games which relied on it. That wasn't rewritten, it was just killed.)

[fxtentacle]

I'd guess most services where performance matters are in the background. And this particular C++ service is only accessible over internal LAN, to be used by other back-end servers.

I agree with you that if ha-proxy and nginx didn't exist yet, they would be prime candidates for being implemented in Rust. But now that they already exist and reliably work, I'm not sure there is enough pain for them to get replaced anytime soon. BTW the last ha-proxy CVE was them differing from the HTTP spec and accepting the # character in additional URL components, which is something that probably no compiler could have flagged.

[ttfkam]

> I'm not sure there is enough pain for them to get replaced anytime soon.

https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...

https://blog.cloudflare.com/pingora-open-source

[fxtentacle]

That sounds like a great project :) but

1. "Pingora is Not an Nginx Replacement" https://navendu.me/posts/pingora/

2. you still put it behind ha-proxy https://github.com/cloudflare/pingora/issues/132

3. https://github.com/cloudflare/pingora says "Pingora keeps a rolling MSRV (minimum supported Rust version) policy of 6 months." so for anyone who dislikes the "constant upgrade treadmill", this won't help much.

So my summary would be that Pingora is a great Rust library which one day might be used for replacing nginx and/or ha-proxy.

But the main advantages of Pingora - which are the reason why CloudFlare is using it now - have nothing to do with Rust. Obviously, a software architecture designed in 2022 can take advantage of modern hardware in a way that an architecture from 2004 cannot. (Yes, nginx is that old). Intel's TBB library brought "work-stealing" to C++ around 10 years ago. The other big improvement in Pingora is moving from multi-process to multi-threading pools. Again, C++ had thread pools for years.

So Pingora is probably great and it's written in Rust. But the business benefits that it brings aren't coming from Rust. They are coming from the fact that it's a modern architecture.

[steveklabnik]

> But the business benefits that it brings aren't coming from Rust. They are coming from the fact that it's a modern architecture.

This is moving the goalposts. Your original post said

> I'm not sure there is enough pain for them to get replaced anytime soon.

Yet, here one of them is, being replaced at a company that powers ~10% of the traffic on the Internet.

But beyond that, your links:

> 1. "Pingora is Not an Nginx Replacement" https://navendu.me/posts/pingora/

Here's what the start of the post actually says:

> Think of Pingora as an engine that can power a car while you have to build the car yourself. Nginx is a complete car you can drive. River is a faster, safer, and an easily customizable car.

The title is being pedantic for effect. It doesn't say what you say it's saying.

> 2. you still put it behind ha-proxy https://github.com/cloudflare/pingora/issues/132

This is an issue opened by someone on an open source repository. They aren't talking about how Cloudflare itself uses it, but about how they want to use it.

> so for anyone who dislikes the "constant upgrade treadmill", this won't help much.

Similar to above, this is moving the goalposts. Sure, that might be true, but it's unrelated to the original topic.

> But the main advantages of Pingora - which are the reason why CloudFlare is using it now - have nothing to do with Rust.

This is not what Cloudflare themselves would say. They chose Rust for very specific reasons when building Pingora: (repeating the link from above) https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...

> We chose Rust as the language of the project because it can do what C can do in a memory safe way without compromising performance.

Cloudflare has been a vocal proponent of Rust for years now. Many years ago, they suffered a very serious bug, CloudBleed, that Rust would have prevented. And so they've been using Rust instead of C and C++ for a long time.

They of course would also very much agree that the architecture matters, but that doesn't mean that the implementation language doesn't matter either. If they chose to implement Pingora in, say, Ruby, that wouldn't have accomplished their goals.