Linux people doing Linux things, it seems.

  • Snot Flickerman
    link
    fedilink
    English
    164
    edit-2
    4 months ago

    Here’s the thing: you’re not going to force all of us to learn Rust.

    That’s precious coming from Linux developers.

    I am a heavy Linux user. I run multiple microservices on multiple headless devices all Linux.

    This sounds like every fucking Windows user you’ll ever encounter.

    “Here’s the thing: you’re not going to force all of us to learn to use Linux.”

    So, yeah…

    • @[email protected]
      link
      fedilink
      English
      574 months ago

      I finally watched the talk today and that wasn’t what I thought he meant. What I thought he was getting at was that the rust parts of the kernel interact with lots of other modules written by people who don’t know rust. When those C modules change their semantics in ways that break the rust code, they can’t go fix it because they don’t know rust. In fact, whenever they make a change, they don’t even know if they broke some rust module, because they don’t understand the rust code well enough. And this is something that everyone is going to have to live with for the foreseeable future, because you can’t force all those other kernel hackers to learn rust.

      • @[email protected]
        link
        fedilink
        64 months ago

        If you are that good in C(pp), I guess understanding rust code of a module is not sooo hard… I mean, I learned what I know about C from reading stuff in the Kernel that made my embedded Linux project not working.

        But I have yet to read rust.

        • @kautau
          link
          254 months ago

          It’s a whole different ballgame. I’ve written a good amount of C and C++ in my day. I’ve been learning Rust for a year or so now. Switching between allocating your own memory and managing it, and the concept of “Ownership” https://doc.rust-lang.org/book/ch04-01-what-is-ownership.html is just something many devs set in their ways aren’t willing to do.

          I understand where they’re coming from, I’ve gone through massive refactors with new tech in my career. I think this approach needs to be more methodical and cautious than it is, but I don’t think they are correct in the end result. I think a memory-safe language is the way to go, and it needs to happen.

          This to me is a classic software project with no manager and a bunch of devs arguing internally with no clear external goals. There needs to be definitive goals set over a timeline. If someone doesn’t agree after a consensus is reached they can leave the project. But as of now I think as others have said this is 80% infighting, 20% actual work that’s happening.

    • @[email protected]
      link
      fedilink
      574 months ago

      It’s just their ego showing through.

      It basically now comes down to the current devs depending on new Rust devs for anything that interacts with Rust code.

      They could just work together with Rust devs to solve any issues (API for example).

      But their ego doesn’t allow for it. They want to do everything by themselves because that’s how it always was (up until now).

      Sure, you could say it’s more efficient to work on things alone for some people, and I’d agree here, but realistically that’s not going to matter because the most interactivity that exists (at the moment) between Rust and C in Linux is… the API. Something that they touch up on once in a while. Once it’s solid enough, they don’t have to touch it anymore at all.

      This is a completely new challenge that the Linux devs are facing now after a new language has been introduced. It was tried before, but now it’s been approved. The only person they should be mad at is Linus, not the Rust devs.

    • kbal
      link
      fedilink
      54 months ago

      Switching everything from C to Rust because it has better memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns and other cool features. Maybe it’s a good idea, but it’s understandable that some people are reluctant.

      • Snot Flickerman
        link
        fedilink
        English
        69
        edit-2
        4 months ago

        Maybe it’s a good idea, but it’s understandable that some people are reluctant.

        I understand that position. I also understand how the words and phrases that the C community has used to communicate with the Rust community seems to be completely dismissive, not just reluctant.

        I quoted what I did explicitly because of how a statement like that comes off to the person it’s aimed at. It doesn’t make them feel like they’re on an even footing working on the same project with the overall goal of it becoming better.

        memory safety is more akin to changing languages from English to Esperanto because it has gender neutral pronouns.

        I mean… not at all? Memory safety is huge for cybersecurity, buffer overflows and the like are common attack surfaces. C requires you to have deep knowledge of safe memory management practices and even then you can end up with memory issues. Rust was developed to avoid such issues entirely. I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”

        • @[email protected]
          link
          fedilink
          13
          edit-2
          4 months ago

          People prefer what’s familiar to them. Rust is completely foreign to them, the syntax is very different, the community is different (and often much younger), it still has many issues and is not ubiquitous, and many people are just slow/averse to change in general. So I absolutely understand the hesitation. And some just don’t like it for other reasons like the syntax, learning curve or other reasons. There’s also still a host of memory-related things Rust doesn’t fix like stack overflows, leaks, bitflips, unsafe context code, and just bad coding practices in general.

          • @[email protected]
            link
            fedilink
            English
            24 months ago

            I blame C++. When these kernel hackers hear about how they should switch to this shiny new language that’s going to make their code so much cleanser and more manageable, I don’t blame them for thinking it’s all bullshit. It was last time.

            • @[email protected]
              link
              fedilink
              5
              edit-2
              4 months ago

              To be fair, there’s nothing wrong with only using the parts of C++ you want. If you avoid things like templates, exceptions, RTTI etc. then e.g. your compile times will not suffer like people always complain about, your error messages will not be cryptic, plus you’ll have stronger typing, easier/safer lifetime management with ctor/dtors and easier to read code from class usage.

              Personally I think Swift has great potential if it can get past the speed and cross-platform issues, as it was designed by (among others) some C++ committee folks, and so it feels a lot more familiar than say, Rust, plus it fixes a lot of long-standing issues.

              There is also an Indian kernel fork that allows C++ drivers.

        • kbal
          link
          fedilink
          134 months ago

          Gender neutral pronouns are pretty huge too. Sure you can do them in English without too many problems usually, just as it’s also possible to code safely in C. It requires everyone to change their old habits, but it’s much less of a change than is involved in adopting a whole new language.

          Anyway, I do like Rust better personally.

          • @[email protected]
            link
            fedilink
            244 months ago

            I would still say that getting people to the point where they can write safe C code every time is harder than learning Rust, as it’s equivalent to being able to write rust code that compiles without any safety issues (compiler errors) every single time, which is very difficult to do.

          • Snot Flickerman
            link
            fedilink
            English
            12
            edit-2
            4 months ago

            Ok, that made your analogy make more sense to me. I can agree with that. Thanks.

          • @[email protected]
            link
            fedilink
            10
            edit-2
            4 months ago

            Gender neutral pronouns might be pretty huge too, but nobody’s private data is getting hacked because of gendered pronoun use.

          • @[email protected]
            link
            fedilink
            English
            14 months ago

            Don’t thinknits possible by on write safe c code. Otherwise we would not have these issues time and time again. But yes its only the idiots begin don’t know how to code. Projects are big and complicated itsneasy to make mistakes.

        • rhabarbaOP
          link
          fedilink
          34 months ago

          I understand the reluctance but it feels to me like arguing “we should just stick with COBOL because it works.”

          For those depending on COBOL code that does the job and has been doing it just well for a few decades, there are approximately zero good reasons to not stick with it.

          • @linearchaos
            link
            English
            144 months ago
            1. Eventually all the people who know and are good at cobol will die.
            2. A while before that happens, the people who know it will continually demand more money for their rare skills.
            3. Eventually, the cobol systems out there will need to interface new systems in some way it wasn’t designed to and it’ll be more expensive to shoehorn the remote system than to let the ancient beast retire.
            • @[email protected]
              link
              fedilink
              14 months ago

              Even if, we are talking about the Linux kernel. Our entire ecosystem builds upon C. People choosing C for new projects because it is the common denominator.

              If Rust should be adopted in the kernel faster, patches should be send which comment how each line addresses issues of memory management solved and elaborations for rust specific patterns unfamiliar to a C dev.

              Lurkers will pick up Rust that way as well.

              Each Rust dev had to pick it up and therefore should be able to enable other - probably more experienced - Linux kernel hacker to provide reviewable patches.

              It shouldn’t be the other way around, else you are just stepping on the efforts the other human provided to that project.

              • @linearchaos
                link
                English
                14 months ago

                I’m not against Rust. I’d like to see something less dangerous with memory than C, but I don’t think it’s time yet for the kernel to leave C.

                It’s pretty clean, stable, it’s working well at the moment and the C language (or variants of it) is/are still actively used everywhere. I think the kernel universally going Rust will be a long road of everything under the sun going there first before it’s ported in earnest.

                • @[email protected]
                  link
                  fedilink
                  English
                  24 months ago

                  The goal ATM is simply to allow people to write new drivers in rust, not convert the whole kernel to rust. It will be a very long time, before more core parts would be allowed to be written in rust let alone rewriting any existing core kernel code. Which is all fine as new drivers are a large part where bugs are added - older parts have had a long time for bugs to be found and fixed and so it is far less important to need to rewrite them.

          • @[email protected]
            link
            fedilink
            34 months ago

            Does it count as “doing it well” when every release has fixes for previous releases’ memory bugs?

      • @cm0002
        link
        164 months ago

        Vast majority of the cybersecurity community: “an absolute ton of exploits come from memory safety issues with C/C++, we should move to memory safe languages like Rust to greatly reduce security risk and make everyone safer”

        You: “Ehh Rust has a couple features, but it’s totally not worth switching from my precious precious C”

        • @[email protected]
          link
          fedilink
          English
          44 months ago

          Yes people are also like you can code c safely yet it doesn’t seem to be that way. With the amount of bugs found over and over again.

        • @[email protected]
          link
          fedilink
          14 months ago

          like Rust

          But no one is talking about that that is doesn’t need to be Rust. There are alternatives that can do as much if not more with the type system & safety while being as low-level as C without some of Rust’s restrictions.

          • Pup Biru
            link
            fedilink
            English
            104 months ago

            rust was literally written as a systems programming language to take a similar place as C. i’m not sure of the restrictions you mean

          • @cm0002
            link
            104 months ago

            Not quite, had I done something more broad than sure. But I reference a specific group of people whose job it is to provide security guidance on such matters. The ones who are out there fighting the good fight, RE’ing malware and busting down botnets among many security things

            But I’m sure you are similarly credentialed as the SMEs in the cybersecurity field right?

            • kbal
              link
              fedilink
              -104 months ago

              Nah. If you’d been leaning on specific statements of any given expert — of which it is of course possible to find plenty that might in such casual rhetoric be used to support whichever conclusion you like — that would’ve been argumentum ad verecundiam, an appeal to authority. Instead you cited an imagined “vast majority” to exaggerate the universality of your opinion.

              P.S. Whilst I’m indulging my argumentative side perhaps it is also worth pointing out that you totally mischaracterized my own statements and motivation. I am not primarily a C programmer, and I’ve been happy to use Rust myself when the opportunity arises. I have no personal stake in this particular fight.

              • @cm0002
                link
                84 months ago

                Ah I see your default is to sprinkle in a bit of argumentum ad logicam and add a dash of straw man at the end

                Your statement comes across as the migration from C/C++ is more of an upgrade for new features and increased “ease of use” rather than an urgent security issue when it definitely is. It’s more than just a case of a couple of experts and some articles, you’ve got multiple governmental and NGOs like The NSA, The Whitehouse, CISA, DARPA all calling for the migration away from C/C++ to memory safe languages

                https://devops.com/darpa-turns-to-ai-to-help-turn-c-and-c-code-into-rust/

                “DARPA, the Defense Department’s (DOD) R&D agency, will lean on emerging AI capabilities in a new program to deal with the costly and time-consuming challenge of rewriting C and C++ code to Rust in a move designed to meet the push for federal agencies and private organizations to adopt memory-safe programming languages.

                https://www.theregister.com/2023/12/07/memory_correction_five_eyes/

                "CISA, in conjunction with the National Security Agency (NSA), FBI, and the cyber security authorities of Australia, Canada, the United Kingdom, and New Zealand, said its call for better memory safety follows from its Secure By Design recommendations – endorsed by all of these cyber authorities.

                “With this guidance, the authoring agencies urge senior executives at every software manufacturer to reduce customer risk by prioritizing design and development practices that implement MSLs [memory safe languages],” the report argues."

                ~

                "CISA suggests that developers look to C#, Go, Java, Python, Rust, and Swift for memory safe code.

                “The most promising path towards eliminating memory safety vulnerabilities is for software manufacturers to find ways to standardize on memory safe programming languages, and to migrate security critical software components to a memory safe programming language for existing codebases,” the CISA paper concludes."

                • kbal
                  link
                  fedilink
                  -44 months ago

                  Indeed the language is extremely fashionable among government types and many others. I did not really mean to suggest otherwise. If accusing me of erecting a straw man is your way of apologizing for your initial comment, I accept it.

      • @[email protected]
        link
        fedilink
        -24 months ago

        😂i wish my country switched from german to English because of how difficult it is to talk genderless in that language. Like, every fucking word seems to be gendered here.

  • Avid Amoeba
    link
    fedilink
    79
    edit-2
    4 months ago

    “It’s herding cats: introducing Rust effectively is one part coding work and ninety-nine parts political work…”

    All software development in a team is. More like 20/80 or 40/60 if you’re lucky.

    • @[email protected]
      link
      fedilink
      874 months ago

      Except in this case, it was a bunch of old C devs who aren’t just resistant but openly hostile to change, and they’d rather bully people into silence than try to progress.

        • @inbeesee
          link
          3
          edit-2
          4 months ago

          God bless Douglas Adams

      • Avid Amoeba
        link
        fedilink
        64 months ago

        If I go to any of the teams I interact with who program their components in C++ and proposed Rust or anything else, I’d get a similar reaction. They’re very good at C++ and they very rarely have memory and threading issues. 😂

        • @orangeboats
          link
          40
          edit-2
          4 months ago

          They very rarely have memory and threading issues

          It’s always the “rarely” that gets you. A program that doesn’t crash is awesome, a program that crashes consistently is easy to debug (and most likely would be caught during development anyway), but a program that crashes only once a week? Wooo boy.

          People vastly underestimate the value Rust brings by ensuring the same class of bugs will never happen.

        • @[email protected]
          link
          fedilink
          13
          edit-2
          4 months ago

          They don’t get, that without memory issue resistant language, not a lot of new blood will be as good as them dealing with that stuff since they already have that solved in the language itself.

          It is about making kernel development future proof, so that new devs keep on coming and don’t create massive security holes on the way.

          Well this is how I understand it.

          • @[email protected]
            link
            fedilink
            264 months ago

            And it’s a bad argument anyway. You’re only good at memory management until the first bug takes down production.

            Rust isn’t a panacea and certainly has problems, but eliminating an entire class of potentially very dangerous bugs is a very good argument.

          • @Giooschi
            link
            English
            174 months ago

            Note that Rust does not “solve” memory management for you, it just checks whether yours is memory safe. Initially you might rely on the borrow checker for those checks, but as you become more and more used to Rust you’ll start to anticipate it and write code that already safisfies it. So ultimately you’ll still learn how to safely deal with memory management, just in a different way.

            • @[email protected]
              link
              fedilink
              7
              edit-2
              4 months ago

              Yeah all of the times I see Rust being described as “harder to learn” than C I just shake my head. It’s like saying that it’s easier to just fall off the cliff at the Grand Canyon instead of taking the path down. Any additional difficulty is because the language forces you to understand memory and pointers properly, instead of just letting you fuck around and find out.

      • @saddlebag
        link
        44 months ago

        Several downvotes with zero comments to refute or discuss your point. Some devs don’t like you calling them out

        • @[email protected]
          link
          fedilink
          74 months ago

          In a twist of delicious fate, my instance doesn’t have downvotes. They get dropped before they even hit the database. So I’ll never know or “feel ashamed” if they don’t bother to take time to refute it. 🤣

        • PureTryOut
          link
          fedilink
          154 months ago

          I mean, it is. RedoxOS is just that. But it’s not Linux and that means a lot of things.

          • @[email protected]
            link
            fedilink
            14 months ago

            Maybe this is the fork in the road for something new. These circumstances were kind of how GNU/Linux was born, after all.

        • @Giooschi
          link
          English
          44 months ago

          Rust for Linux used to be developed in parallel to the mainline Linux before Linus Torvalds merged support in the main tree.

      • @TunaCowboy
        link
        -54 months ago

        If you want to talk about bullying you ought to include all the rust zealots who show up to shit on C every chance they get.

      • @kautau
        link
        -54 months ago

        Ironically the majority of the rust memory management ruleset is called ownership, and they are unwilling to release any of it, and claiming all of it, so there’s an out of memory error.

        • @Nibodhika
          link
          34 months ago

          I didn’t understood your criticism, what are they unwilling to release? What are they claiming all of? Why would ownership rules cause an OOM?

          Sharing stack memory is a bad practice in C as well btw.

          • @kautau
            link
            2
            edit-2
            4 months ago

            Lol the out of memory error was a joke. A reference to that two people both trying to do the same thing will fill the heap since there’s unnecessary work.

            I tried to make a code joke but it failed.

            As far as what are they unwilling to release? Control. Ownership of any bit of the kernel they control

            kernel maintainer Ted Ts’o, emphatically interjects: “Here’s the thing: you’re not going to force all of us to learn Rust.”

            Lina tried to push small fixes that would make the C code “more robust and the lifetime requirements sensible,” but was blocked by the maintainer.

            DeVault writes. “Every subsystem is a private fiefdom, subject to the whims of each one of Linux’s 1,700+ maintainers, almost all of whom have a dog in this race. It’s herding cats: introducing Rust effectively is one part coding work and ninety-nine parts political work – and it’s a lot of coding work.”

      • @[email protected]
        link
        fedilink
        English
        -104 months ago

        bunch of old C devs

        I knew this ageist bullshit would pop up. I know we lost our mentors and are kinda feeling in the dark, but the moment people pop out the ageist slurs I know they’ve got nothing to say.

        • @orangeboats
          link
          144 months ago

          The C developers are the ones with the ageist mindset.

          The Rust developers certainly are not the ones raising the point “C has always worked, so why should we use another language?” which ignores the objective advantages of Rust and is solely leaning on C being the older language.

        • @[email protected]
          link
          fedilink
          94 months ago

          “Old” doesn’t have to mean biologically old. In this case, it means people who have been doing it for a long time—long enough that they’re set in their ways.

          So while I can understand the confusion, it doesn’t apply here.

  • r00ty
    link
    fedilink
    584 months ago

    Here’s what I think. Both opinions are correct.

    Rust is sufficiently different that you cannot expect C developers to learn rust to the level they have mastered C in order to be working at the kernel level. It’s not going to happen.

    I don’t really know too much about rust. Maybe one day I’ll actually mess around with it. But the one time I looked at a rust git repo I couldn’t even find where the code to do a thing was. It’s just different enough to be problematic that way.

    So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

    Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don’t want to learn a new language in order to help isn’t going to make many friends on that team.

    • @[email protected]
      link
      fedilink
      59
      edit-2
      4 months ago

      But that’s the thing where you are wrong. They clearly state they don’t want C developers to learn Rust. In the particular video posted he was saying “I want you to explain to me how this particular API works so that I can do it”

      The concerns about who fixes what on a merge when the C code breaks Rust code are valid, but that’s easily fixed by gathering with the Rust developers, explaining the changes and letting them fix it.

      • @[email protected]
        link
        fedilink
        English
        74 months ago

        You could alternatively phrase “But that’s the thing where you are wrong” as “But here’s the crux of why I disagree”, it’s a bit more personable

        • @[email protected]
          link
          fedilink
          174 months ago

          This isn’t a disagreement. One person is stating something incorrect. You can disagree on opinion, but facts are facts. The person being referred to here isn’t asking others to learn Rust, they are just asking for more information about the already existing C code so that they can write their Rust code to interoperate with it. This misunderstanding is exactly why that developer was getting heckled on stage, and is the reason why now one has left the project. I would appreciate it if you didn’t make a misunderstanding sound like a valid opinion. Enough damage has already been done.

          • @[email protected]
            link
            fedilink
            English
            04 months ago

            It doesn’t matter if you know it’s a fact, and i agree with you for the record. It’s about bringing people along with you - you catch more flies with honey than vinegar - and creating good vibes in the softwaresphere

            • @[email protected]
              link
              fedilink
              94 months ago

              That to me sounds like exactly the reason why developers like the above have left. They are having to take on the burden of gently letting down other devs who are angry over a simple misunderstanding. A misunderstanding that wouldn’t have happened if they had been listening or bothered to ask first before jumping to conclusions. Imagine someone heckles you on stage and you have to respond kindly. I certainly wouldn’t. If someone had listened to my talk, misinterpreted it, then heckled me over it you can bet I would be angry and would respond in kind. To then see this misinformation being spread again would drive me nuts. I can see why they left.

              The bottom line for me is that Rust devs who work on this stuff for free shouldn’t be getting hounded by C devs just for asking for proper documentation that frankly they should have provided in the first place. I say this as someone who is skeptical of Rust for various reasons.

              • @[email protected]
                link
                fedilink
                English
                1
                edit-2
                4 months ago

                They are having to take on the burden of gently letting down other devs who are angry over a simple misunderstanding.

                I feel like, if anyone would be happily willing to do that in their free time, they would have been a Politician or an HR and not a Developer.

                I’m pretty n00b as a dev, but if I were to see someone misinterpreting my explanation, the most I would do is rephrase the same in a more understandable manner.
                Definitely not going to resort to using “people management tactics”, specially not in an Open Source Free Work setting, where the expectation is that the other person wants the good of the project as much as I do [1].

                Facts are more important than feelings, specially when written text is the medium, where the reader can, at any time, go back and re-read to make sure they are at the same page, which a responsible, non-sleepy, non-drunk person would do in such a case.

                On this note, I went and re-read the above comment and I realise, the “But that’s the thing where you are wrong.” sentence is kinda useless. If the previous commenter were to have read the rest, they would realise that’s where they were wrong. Mental note to not use useless stuff like this as the first sentence in a reply, because I probably have the habit


                Yes, I know I joined both circumstances, this comment thread and the condition of the Rust Linux dev. It seemed relevant to me.


                1. as compared to a corporate setting, where if they are getting money to sit and do nothing, they will prefer that ↩︎

            • @Buddahriffic
              link
              64 months ago

              How to Win Friends and Influence People by Dale Carnegie should be required reading for everyone. It’s full of things that are so obvious in hindsight but go against our natural instincts so we blunder through attempts to persuade not realizing that we might be increasing resistance rather than decreasing it.

              Like the whole, “you might be right but you’re still an asshole” thing. Being correct just isn’t enough. In some cases you get crucified and then after some time has passed, the point you were trying to convince others of becomes the popular accepted fact. And they might even still hate you after coming around on the point you were trying to make.

              That book won’t turn you into a persuasive guru, but it will help avoid many of the pitfalls that make debates turn ugly or individuals stubborn.

              Or, on the flip side, you can use the inverse of the lessons to become a more effective troll and learn how to act like you’re arguing one thing while really trying to rile people up or convince them of the opposite. I say this not so much to suggest it but because knowing about this can make you less susceptible to it (and it’s already a part of the Russian troll farm MO).

            • @[email protected]
              link
              fedilink
              54 months ago

              Yup. Often best to use phrases like ‘oh my understanding was x, am I missing something’ or ‘Wait I don’t see how you’re accounting for x, what am I missing?’ or ‘i looked at the source a few times and it seems to be indicating x, not y, am I misunderstanding the impact of z?’. Basically, people are much more willing to admit err when you are. If you start a ‘debate’ by recognizing you could be wrong you immediately soften the ground for both parties. Plus, everyone walks away feeling like ‘we’ won since we ‘beat the problem’ . Also, sometimes you actually are missing something and now when it’s explained to you you don’t feel like a jerk. Good vibe kinda shit

            • @[email protected]
              link
              fedilink
              44 months ago

              Have you ever tried catching flies? Vinegar works better than honey, after all, flies eat shit.

      • @TunaCowboy
        link
        -204 months ago

        I’ve inserted myself into your C project because only idiots write C. Rust is the one true god, mUh MeMoRy sAfteY! Now please explain to me how C works.

        LMAO

        • @hikaru755
          link
          144 months ago

          Now please explain to me how C works.

          That’s not what they’re asking. It’s not about how C works, it’s about how specific APIs written in C work, which is hard to figure out on your own for anyone who is not familiar with that specific code. You’ll have to explain that to any developer coming new into the project expected to work with those APIs, no matter their experience with C.

    • @Giooschi
      link
      English
      224 months ago

      But the one time I looked at a rust git repo I couldn’t even find where the code to do a thing was.

      IMO that tells more about how the project was organized and names things than the language used.

      So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

      As the other commenter pointed out, there’s Redox. The issue is that this completly disregards an incremental approach: you have to rewrite everything before it comes usable, you can’t do it piece by piece. Currently the approach of Rust for Linux is not even to rewrite things, but to allow writing new drivers in Rust.

      Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don’t want to learn a new language in order to help isn’t going to make many friends on that team.

      Have you seen the conference video? That’s not just refusal to learn a new language, it’s open hostility. And it’s not the only instance, for example Asahi Lina also reported unreasonable behaviour by some maintainers just because she wrote Rust code, even when Rust was not involved.

      • @[email protected]
        link
        fedilink
        84 months ago

        I think the point of redox is more than just rewriting Linux in Rust. Architecturally they are very different. Redox uses the more modern microkernel approach, whereas Linux is a modular monolith. There are advantages and disadvantages to both designs. They are actually polar opposites in fact. The compromise is something called a hybrid kernel which is used by Windows NT.

        • @[email protected]
          link
          fedilink
          English
          34 months ago

          This is true, but the differences go even further than that. Redox is intentionally non-posix-compliant. This means that userspace programs written for posix operating systems may or may not need patching to even compile.

          Part of the philosophy of Redox is to follow the beaten path mostly, but not be afraid of exploring better ideas when appropriate.

            • @[email protected]
              link
              fedilink
              English
              24 months ago

              I’m not sure. I remember seeing an example in the docs, but I can’t find it now. Actually the docs in general are a lot less opinionated than I remember them.

              One thing that I did find is that the ion shell document mentions that it isn’t a posix compliant shell because they would have had to leave out a bunch of features.

              • @[email protected]
                link
                fedilink
                14 months ago

                Makes sense. Posix was created a long time ago and there are most probably some features that could be changed

    • @[email protected]
      link
      fedilink
      154 months ago

      RedoxOS! There’s been solid progress too, beyond just having a functional microkernel, they have many of the userspace tools/their version of coreutils, even a desktop environment already mostly implemented!

      My understanding is that it shouldn’t be too bad to port some other things over as well. The main issue I had was just the lack of drivers, especially since it’s still tricky even on Linux, and the microkernel architecture (though more secure) also means there’s no way to reuse any of those from Linux

      • @[email protected]
        link
        fedilink
        54 months ago

        They are actually looking into using the Linux Kernel for modular drivers in a really interesting way.

      • Jay🚩
        link
        fedilink
        34 months ago

        Same with Ironclad kernel and OS written in Ada Programing language. Nice to see these systems development

        • @[email protected]
          link
          fedilink
          English
          14 months ago

          Gives me vibes of a second iteration of the OS writing boom. Though this time, the kernel mostly.

      • r00ty
        link
        fedilink
        13 months ago

        I think this overall is a better idea. I’m going to say this because, I thought I’d look into rust today. So I installed it, setup vscode to work with it etc. And it’s all up and running. I thought I would port over a “fairly simple” C# project I wrote recently as a bit of a test.

        While I’ve generally had success (albeit with 30+ tabs open to solve questions I had about how to do certain things, and only making it about 20% into the task) I’m going to say that it’s different enough from C, C++ and C# (all of which I can work with) that I really don’t think it is fair to expect C developers that have day jobs and work on the kernel in their spare time to learn this. It’s fundamentally different in my opinion.

        Now, I don’t condone any bad attitude and pushing away of rust developers from the project. But there’s no way they’re going to want to do anything to help which involves learning a new language. It’s just not going to happen.

        Likewise, C is not a language most new developers are learning. So, I feel like over time there won’t be so much of an influx of new kernel developers and any Rust based kernel could find itself with more contributors over time and taking over as the de-facto kernel.

        In terms of Redox (not looked into it yet). So long as there’s a different team working on the userspace tools. I would say the main task should be getting a solid kernel with drivers for most popular hardware etc in place. The existing GNU tools will do until there’s a kernel that is able to compete with the C one. But that’s just my opinion.

    • kingthrillgore
      link
      fedilink
      14
      edit-2
      4 months ago

      Good news there’s a project that aims to implement Unix in Rust called Redox and it’s already a good enough project for studying microkernel design

          • @[email protected]
            link
            fedilink
            4
            edit-2
            4 months ago

            Not even, it will suffocate on its own by having the capitalists keeping their changes from each other. Like a bucket of crabs; where if one crab is about to get free the others grab onto it and pull it down.

            Kernels really benefit from being “forced” to share the code changes as the GPL license, they are too tied to HW, and HW needs a lot of capital when iterating.

            • @[email protected]
              link
              fedilink
              24 months ago

              Permissive licenses mean faster and more widespread adoption, it’s up to project maintainers if the tradeoff is worth it. Ideally a company would realize that an open source part of their project probably isn’t radically going to affect their revenue stream, but you don’t just have to convince devs, you have to convince the suits and lawyers, and they will tell you to just build your own rather than give up any precious IP.

    • @[email protected]
      link
      fedilink
      10
      edit-2
      4 months ago

      Yeah, the Rust guys’ proposition is roughly this:

      Hey you guys with 20-30 years of experience doing a single thing very well. Let’s nullify most of that skillset and replace it with a thing we’re good at.

      Don’t worry, we will teach you.

      They’re not technically wrong about Rust being a better choice for a kernel, of course. They’re just incredibly misinformed about the social hurdles they need to climb over for it to happen.

    • Anti-Face Weapon
      link
      84 months ago

      Honestly, if anyone has become a master in C, they can become a rust master in short order. It’s different, but not THAT different. The roots are the same.

      • @[email protected]
        link
        fedilink
        3
        edit-2
        4 months ago

        I don’t know. Rust seems like a better C++ to me rather than a better C. Plain C is a very simple language.

    • @pathief
      link
      34 months ago

      Just go ahead and write a very basic working kernel in rust.

      I don’t get this stance, really. If I want to write a driver in Rust I should start by creating a completely new Kernel and see if it gains momentum? The idea of allowing Rust in kernel drivers is to attract new blood to the project, not to intentionally divert it to a dummy project.

      Rust is sufficiently different that you cannot expect C developers to learn rust to the level they have mastered C

      If you watch the video, no one asked anything from the C developers other than documentation. They just want to know how to correctly make the Rust bindings.

      Note that Rust is not replacing C code in the Kernel, just an added option to writing drivers.

    • @ZILtoid1991
      link
      -104 months ago

      That’s why I often recommend D instead.

      Has a much more C-style syntax, except much more refined from the years of hindsight. The catch? No corporate backing, didn’t jump on the “immutable by default” trend when functional programming evangelists said for loops are a bad practice and instead we should just write recursive functions as a workaround, memory safety is opt-in (although “safe by default” can be done by starting your files with @safe:), some of the lead devs are “naive centrists” who want to “give everyone a chance at coding even if they’re bad people (nazis)”, implementing new changes to the lang has slowed down significantly up until the departure of Adam D Ruppe and the drama surrounding it, etc.

      • @Giooschi
        link
        English
        74 months ago

        “safe by default” can be done by starting your files with @safe:

        Last time I heard about that it was much more limited than Rust, for example it even disallowed taking references to local variables. Has something changed since then?

        • @ZILtoid1991
          link
          04 months ago

          D has many memory safety features. For local variables, one should use pointers, otherwise ref does references that are guaranteed to be valid to their lifetime, and thus have said limitations.

          • @Giooschi
            link
            English
            54 months ago

            For local variables, one should use pointers, otherwise ref does references that are guaranteed to be valid to their lifetime, and thus have said limitations.

            Should I take this to mean that pointers instead are not guaranteed to be valid, and thus are not memory safe?

            • @ZILtoid1991
              link
              14 months ago

              Pointers are not guaranteed to be safe. DIP1000 was supposed to solve the issue of a pointer referencing to a now expired variable (see example below), but it’s being replaced by something else instead.

              int* p;
              {
                int q = 42;
                p = &q;
              }
              writeln(*p);     //ERROR: This will cause memory leakage, due to q no longer existing
              
              • @Giooschi
                link
                English
                34 months ago

                Pointers are not guaranteed to be safe

                So I guess they are forbidden in @safe mode?

                but it’s being replaced by something else instead

                Do you know what is the replacement? I tried looking up DIP1000 but it only says “superceded” without mentioning by what.

                This makes me wonder how ready D is for someone that wants to extensively use @safe though.

  • @pete_the_cat
    link
    English
    52
    edit-2
    4 months ago

    part of the problem is that old-time kernel developers are used to C and don’t know Rust," Torvalds said. “They’re not exactly excited about having to learn a new language that is, in some respects, very different. So there’s been some pushback on Rust.”

    Linus hit the nail on the head. If you’ve been a Kernel dev for a decade or more, and have spent decades learning the ins and outs of C, why would you want to switch to something that is similar, but different in a lot of ways, just because a small subset of devs think it’s the best way forward? Let them handle Rust and the majority of devs will keep using C, even though Rust is objectively better.

    As one of the other quotes suggested: fork the kernel project and rewrite it entirely in Rust, that way there isn’t any push back from the C devs. Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it’s running or being used every day.

    • @emax_gomax
      link
      99
      edit-2
      4 months ago

      This specific talk was about defining shared common interfaces so these different groups could work together and the guy who actually talked him into stepping down essentially said “I’m gonna keep writing C and if that breaks your rust stuff that’s not my problem”. This isn’t about convincing the c devs to write rust it’s about convincing them to work together when some of them seem to have made up their mind to sabotage rust support (either through indifference or willful interface regressions). Personally I’m more ashamed what this points to for someone new wanting to come in contribute to Linux.

      • @pete_the_cat
        link
        English
        14 months ago

        Ah, but I still agree with the C devs, it creates unnecessary headaches for them. Also, old habits die hard.

        I view it as the same way ZFS is supported: Linus and Greg KH are like “you can maintain it, but we don’t give a shit about it, and if what we do breaks ZFS support, well too bad.”

        • @emax_gomax
          link
          24 months ago

          The reverse is also true. Any dev wanting to contribute to Linux in rust which linus himself allowed (despite his silence on this matter) are just going to have to deal with constant headache trying to maintain compatibility with the C interfaces which the devs keep breaking. Either they should’ve never allowed rust in the kernel or they should force devs to at least act in good faith and collaborate (and any that refuse to, well they should be ousted because they can’t behave responsibly). This entire situation is so toxic and I see that as a failure in leadership. That zfs comment is also a little toxic but I don’t think it’s a direct quote. It also doesn’t seem like a fair comparison because from what I can tell zfs isn’t even part of the kernel code base and due to legal reasons cannot be. While it would be great for the kernel not to break it, it is, for all intents and purposes an external project. This rust debacle is different because it’s rust kernel devs and c kernel devs both operating in the same project and trying to find some kind of alignment. To me it seems like there’s enough of an acknowledgment of the value of memory safety that rust support was considered but there’s no authority figure actually supporting it or defending the devs that were invited to actually contribute in it. What a mess.

      • RichieAdler 🇦🇷
        link
        fedilink
        -304 months ago

        I think all the Rust devs should remove their code and leave. And when in the future the Linux devs change their tune and ask for their help, they should refuse.

    • @De_Narm
      link
      284 months ago

      The kernel is probably too large to rewrite the whole thing at once. This could lead to a future without any new C kernel devs, leading to stagnation, while the Rust kernel could be many years away from being finished. (Assuming we actually move away from C.)

      At that point you might as well just start an entirely new kernel and hope it is good enough to eventually replace the Linux one once all devs are gone. Kinda the X11 and wayland thing.

      • @Eranziel
        link
        174 months ago

        You can very safely remove the “probably” from your first sentence.

      • qprimed
        link
        fedilink
        English
        4
        edit-2
        4 months ago

        the Rust kernel could be many years away from being finished.

        the number I saw floating around was 3 years to production useful. regardless, C’s end days as the go-to, large systems level language are drawing nigh.

        edit: tear

        • @[email protected]
          link
          fedilink
          64 months ago

          I think this number is overblown. Production useful doesn’t have to mean 1:1.

          Running it without all graphics drivers would be fine for server use. Also, not all filesystems need to be ported: basic ones should be enough for start. But not only servers, home routers run Linux kernel…

          If every OEM starts contributing their drivers in rust, this could move quickly…

      • @pete_the_cat
        link
        English
        14 months ago

        I agree. C isn’t going anywhere anytime soon, but if we don’t start modernizing the kernel now we could end up with a future like the US government is in where all critical systems run on COBOL code and no one wants to touch it for the fear of breaking everything.

        I’m not sure if it was in my above post or not, but the article said we should start modernizing the kernel now before someone does to Linux what Linux did to Unix.

        Redox OS already exists and is functional (meaning it boots and has a GUI, but it’s lacking in various aspects), from what I understand it’s pretty much Linux/Unix rewritten entirely in Rust and looks pretty promising. In 5 or so years it could be a competitor with BSD and then overtake Linux once it has a proven track record.

    • @[email protected]
      link
      fedilink
      English
      274 months ago

      As one of the other quotes suggested: fork the kernel project and rewrite it entirely in Rust

      That’s not practically possible given the scale of the kernel. And doing a total rewrite is almost always a recipe for getting stuck and, if you ever create anything, creating something worse.

      Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it’s running or being used every day.

      Almost all real-world software development is like this. That’s what we do.

      • @pete_the_cat
        link
        English
        14 months ago

        Yeah it is a monumental task, but it’s also the one with the least push back. I don’t mean start from scratch, but convert the C code to Rust in a dev branch or something and release a Linux-Rust kernel image.

        Almost all real-world software development is like this. That’s what we do.

        I’m aware, I’ve written my own software even though I’m a SysEng, all I’m saying is that it’s not an easy process with a potential for disaster. Just look at CrowdStrike (not saying that they were attempting to switch languages but just the scale of the fuck up and the fallout that it caused), we don’t want that to happen with Linux.

    • @[email protected]
      link
      fedilink
      244 months ago

      It blows my mind that Linus is just so darn based all the time. That guy has a good take on like every issue.

      • @[email protected]
        link
        fedilink
        74 months ago

        Strong opinions. Sometimes Linus’s takes are ‘bangers’ &, while probably fewer, he’s had a lot ‘woofs’ on the opposite end.

    • @[email protected]
      link
      fedilink
      204 months ago

      Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it’s running or being used every day.

      That’s in no way what’s been proposed. Rust is used in a very well defined niche, nobody wants to get rid of C.

      But it’s just that sentiment that got us here, you’re arguing against a non-existent threat, and thus reject the whole proposal.

      • @pete_the_cat
        link
        English
        14 months ago

        I’m not rejecting it, I’m just saying that it’s very difficult to completely change the code of a critical piece of software. The long-term goal is for Rust to overtake C in the kernel (from what I understand, I’m a System Engineer, not a software dev. I know Go, not Rust) due it being memory-safe and about 30 years newer. Critical code gets left untouched (a lot of the time) because no one wants to be the one that breaks shit (and get bitched out by Linus 😂) so I’m sure there is tons of code from the early 90s that could be made better with a newer language like Rust, but it’s not as mature as C right now so that’s not going to happen for a while, if at all.

        • @[email protected]
          link
          fedilink
          14 months ago

          The long-term goal is for Rust to overtake C in the kernel (from what I understand

          Your understanding wrong. Rust is limited to some very specific niches within the kernel and will likely not spread out anytime soon.

          critical code gets left untouched (a lot of the time) because no one wants to be the one that breaks shit

          The entire kernel is “critical”. The entire kernel runs - kind of by definition - in kernel space. Every bug there has the potential for privilege escalation or faults - theoretically even hardware damage. So following your advice, nobody should every touch the kernel at all.

    • rhabarbaOP
      link
      fedilink
      English
      164 months ago

      even though Rust is objectively better.

      In some of its characteristics, Rust is certainly a good language. The borrow checker, however, still haunts my restless dreams today.

      • TimeSquirrel
        link
        fedilink
        84 months ago

        I’m a C/C++ dude but I heard it being called the “Karen compiler”. It doesn’t look that scary based on samples I’ve seen, but there’s way more to it I am assuming.

        • @[email protected]
          link
          fedilink
          English
          214 months ago

          I’m no Rust expert, but in my experience the borrow checker is a pain for a bit, then you start to get a sense of what works and what doesn’t, and after a while it has taught you to write cleaner code.

        • trevor
          link
          fedilink
          English
          12
          edit-2
          4 months ago

          “Karen compiler” is almost perfect, except unlike Karens, the compiler is delightfully helpful with the error messages it gives you (usually). It usually gives a straightforward error, an error code, and sometimes, an easy fix.

          As someone that started with Rust, but just yesterday had to fix some C++ code, working with any other compiled language makes me shudder. I have nothing but respect for devs that have to wade through stuff like that.

          • @[email protected]
            link
            fedilink
            English
            44 months ago

            To be fair, most of them aren’t as nasty as C++. But Rust certainly gives you a sense of security you don’t get with most other languages.

        • Mia
          link
          fedilink
          24 months ago

          At least it has something to complain about, unlike Karens.

        • rhabarbaOP
          link
          fedilink
          04 months ago

          Ha, I’ll steal that! “Karen compiler” - quite fitting, to be honest.

      • @pete_the_cat
        link
        English
        24 months ago

        I’m not a software dev (I’m a SysEng), and have never touched Rust (I’ve looked at the Rust source code and it scares me haha), but I know a fair amount of Go, and even the Go compiler is a pain in the ass occasionally. I’ve “mother fucked” it so many times.

    • @cm0002
      link
      12
      edit-2
      4 months ago

      Tl;Dr: Old farts holding us back, as always

      • @pete_the_cat
        link
        English
        14 months ago

        “If it ain’t broke, don’t fix it!”

        I’m not a software dev, but I’d imagine that the codebase could definitely be reduced once most things are converted to Rust. From what I’ve heard, the kernel is a huge mess of spaghetti code that most people don’t want to touch, for the fear of going insane in the process 😂

  • @[email protected]
    link
    fedilink
    394 months ago

    One detail about Rust in the kernel that often gets overlooked: the Linux kernel supports arches to which Rust has never been ported. Most of these are marginal (hppa, alpha, m68k—itanium was also on this list), but there are people out there who still use them and may be concerned about their future. As long as Rust remains in device drivers only this isn’t a major issue, but if it penetrates further into the kernel, these arches will have to be desupported.

    (Gentoo has a special profile “feature” called “wd40” for these arches, which is how I was aware of their lack of Rust support. It’s interesting to look at the number and types of packages it masks. Lotta python there, and it looks like gnome is effectively a no-go.)

    • @[email protected]
      link
      fedilink
      264 months ago

      It seems like gcc rust would pretty much fix that issue, since soon gcc will be able to compile rust for any architecture gcc supports.

      • @[email protected]
        link
        fedilink
        104 months ago

        Assuming that it works out, yes, this might fix the problem. On the other hand, I remember gcj, which kind of quietly vanished after a while, so I prefer to reserve judgement until gcc’s Rust implementation is ready for production use.

    • @[email protected]
      link
      fedilink
      English
      54 months ago

      Or wait for rust to support the extra languages. With LLVM adding new architectures or projects like gccrs. But all of these options are a way out and rust will remain device driver only for a long time I suspect - it is still experimental after all. I would hope that as rust in the kernel matures so do the available architectures that rust supports.

    • @[email protected]
      link
      fedilink
      324 months ago

      Ted is the maintainer of ext4 and there are not many people in the world who understand this code.

      For Rust to succeed, it has to get the subsystem maintainers to agree. It is going to be many years of petting very angry bobcats…

      And that is not even the worst I’ve heard, makes you a bit numb if you follow LKML.

      • KeriKitty (They(/It))
        link
        fedilink
        English
        154 months ago

        not many people in the world who understand this code.

        Kinda sounds like maybe he writes some freaky garbo C that nobody can figure out 😅

        • @[email protected]
          link
          fedilink
          94 months ago

          Yeah. Isn’t it funny that the most popular file system in the world has such a codebase, and it is not even well documented how it works!

          I have my reasons to choose XFS or bcachefs with my machines.

      • @xantoxis
        link
        English
        74 months ago

        Linus is the leader of the kernel project. As a leader, it’s his job to get the maintainers to agree. It’s not Rust’s job to make the C devs stop bullying them.

        If Linus thinks Rust is a good direction, he should show it by actually standing up to Ted and developers like him and making them behave.

        If he doesn’t think it’s a good direction, he should say that too, so the remaining Rust devs can stop wasting time on the project.

        When someone in a niche part of the project steps down like this, that’s a problem with the top-level leadership. Linus’ record on leadership is… mixed. Trending in a good direction the last few years, but this makes me wonder. He can still save this, but he has to want to.

        • @[email protected]
          link
          fedilink
          84 months ago

          Yes and no. Linus can yell to people and he does, he can force his say as he has been recently doing by expecting sched_ext to land in 6.12. BUT. Linux is a bazaar, it’s so big and there are so many different factions forcing them to do anything is going to take a long time. Lots of different teams are working on Linux, with their own priorities.

        • @[email protected]
          link
          fedilink
          34 months ago

          His job is to not get the maintainers to agree, but his job definitely is to bark a bit if somebody behaves like Ted.

          It might even be Rust is not meant for Linux kernel and it will never happen. Or it happens in the driver layers, but stays out from the core. We do not know yet. The concern Ted is raising is definitely valid: if the C APIs change, people who work daily in the C code cannot spent cycles fixing the Rust APIs. These people have their day jobs which pays them to maintain these subsystems, and it is at least not yet clear will these employers fund rewriting anything in Rust. There are tens of filesystems in Linux, with lifetimes passing around that are not documented and might not work in Rust.

          Note: I’m a Rust dev for the past 10 years, and I follow this discussion with high interest.

          • @[email protected]
            link
            fedilink
            1
            edit-2
            4 months ago

            No one’s saying the points raised are not valid, just that there’s no need to be a cunt about it in what should be a professional setting.

  • @[email protected]
    link
    fedilink
    English
    154 months ago

    Adding rust to a massive mature C project that targets lots of architectures and has many contributors is a difficult process. If it succeeds it is going to take a lot more time and patience.

    • @steeznson
      link
      44 months ago

      Especially when Rust has limited support for less common architectures. This has been forcing distros like gentoo to drop support for more niche arches since many common packages like python-cryptography are now pulling in rust as a mandatory dep.

  • Anti-Face Weapon
    link
    144 months ago

    IMO this has been very publicized in certain circles, and will have the effect of martyrdom. More people are going to be interested in doing this.

  • @[email protected]
    link
    fedilink
    144 months ago

    Not an expert in both the languages but I heard that C developers are trained to use memory smartly, sometimes even reuse a range of allocated memory for completely different purpose to save cycles freeing and reallocating. But for Rust developers, everything is about making sure when one should get the hand away from the memory, and whose memory is allowed to be touched.

    Sounds to me like sharing rides that maximise economically but we may have some oops moments sitting on someone’s laps vs absolute private rides to make sure no one in your family will be harmed but we have to make sure everyone gets a car only when needed.

    It is quite interesting to see how it will work out eventually…

    • @[email protected]
      link
      fedilink
      English
      244 months ago

      I heard that C developers are trained to use memory smartly

      Kernel coders are an entirely different breed, and when I worked with a few of them they were just stunning. The smartest man I know on the planet so far coded on the Unix kernel – the one that IBM forced back to Novell who’d already fired their staff after selling it, and thus shelved it and killed Unix. He is and was amazing.

      So yes, I can confirm that Kernel devs know how to manage their memory – they use very little, they allocate and free it, and they build very small, tight, optimized kernels by knowing how the optimizer will do things and how to hint it to do what they know needs to happen.

      Yeah, it’s a skill. Yeah, it takes skilled people. I’d like to one day find out that really big training wheels will let anyone build code that well, but I’ve seen the goal and I don’t expect we’re there yet.

      Let the kernel be built by kernel devs.

      • @LordKitsuna
        link
        59
        edit-2
        4 months ago

        They are amazing but at the end of the day they are still humans and they can make mistakes. In the YouTube video referenced one of the C devs is heavily against rust.

        Decided to go look for CVEs from code the guy manages (Ted Ts’o) I found these

        CVE-2024-42304 — crash from undocumented function parameter invariants

        CVE-2024-40955 — out of bounds read

        CVE-2024-0775 — use-after-free

        CVE-2023-2513 — use-after-free

        CVE-2023-1252 — use-after-free

        CVE-2022-1184 — use-after-free

        CVE-2020-14314 — out of bounds read

        CVE-2019-19447 — use-after-free

        CVE-2018-10879 — use-after-free

        CVE-2018-10878 — out of bounds write

        CVE-2018-10881 — out of bounds read

        CVE-2015-8324 — null pointer dereference

        CVE-2014-8086 — race condition

        CVE-2011-2493 — call function pointer in uninitialized struct

        CVE-2009-0748 — null pointer dereference

        Do you see a pattern in the type of error here? It’s pretty much entirely memory related and right in the wheelhouse of something rust would just outright not allow short of just slapping everything into unsafe blocks.

        The Old Guard is not perfect, and they are acting as a barrier to new talent coming in. Sometimes change is good and I’m heavily in the camp that rust one of those times. Linus seems to agree as he allowed the code into the kernel which he would never do lightly or just because it’s fomo

      • @kautau
        link
        12
        edit-2
        4 months ago

        But on the other hand you can’t expect some smaller and smaller subset of the population to primarily just learn C and meet the criteria of a kernel dev.

        I absolutely agree with all your points, and most rust devs would agree, but the general idea is that over time that energy (which would have been spent tweaking malloc and such) should be spent on the rust compiler and memory management systems, which is already magic as someone who as written a lot of c, c++, and spent the better part of a year learning rust. (I’m no expert of course, but I have a pretty decent grasp on the low level memory management of both the Linux kernel and the rust compiler).

        So that over time the effort that would be spent on memory management and kernel functionality can be properly divided. Rust not being efficient somewhere in catching memory faults or managing memory? Fix it. Someone writing unsafe rust code? Fix it.

        I think at the end of the day everyone wants the same thing which is a memory safe kernel, and I think that rust Is being shoehorned into kernel projects too early in places where it shouldn’t be, but I also think there is unnatural resistance to it just because it’s different elsewhere to “how it’s always been done.”

      • @[email protected]
        link
        fedilink
        34 months ago

        I guess the question is, what happens to the kernel when all the people who learned on C are gone? The majority of even the brightest new devs aren’t going to cut their teeth on C, and will feel the same resistance to learning a new language when they think that there are diminishing returns to be had compared to what’s new and modern and, most importantly, familiar.

        I honestly get the hostility, the fast pace of technology has left a lot of older devs being seen as undesirable because the don’t know the new stuff, even if their fundamental understanding of low level languages could be a huge asset. Their knowledge of C is vast and valuable, and they’re working on a project that thrives because of it. To have new people come to the project and say “Yeah, we could do this without having to worry about all that stuff” feels like throwing away a lot of the skill they’ve built. I’m not sure what the solution is, I really don’t think there are enough new C developers in the world to keep the project going strong into the future though. Maybe a fork is just the way to go; time will tell which is more sustainable.

    • @[email protected]
      link
      fedilink
      7
      edit-2
      4 months ago

      Unfortunately there are a lot of problems created by using C in the kernel, and having all of this done manually. Many kernel vulnerabilities including several severe ones have been due to issues with memory management. Even the whitehouse has spoken on these issues related to C. Rust has been proven to be comparable to C in terms of performance, sometimes even faster. So it doesn’t make a great deal of sense to keep using C for new projects.

      That all being said Rust has had its own issues. There was a recent vulnerability in older versions of cargo the Rust package manager for instance. It’s a somewhat new language so obviously teething issues are to be expected, and it might be too soon to use Rust for mission critical systems. It’s also a harder language to learn and understand, so that makes adopting it more difficult especially for very experienced C developers like those who work on the Linux kernel. It might be better to wait and see what other languages like Zig and Carbon manage to do, but those are even newer and will take more time to actually be production ready.

      • @davidagain
        link
        14 months ago

        Expecting C programmers to like a compiler-based approach to memory safety is like expecting petrolheads to like a car purely because it’s electric. They have always viewed compiler based memory safety techniques as guard rails for novices. In their view, good bowlers don’t need guard rails at the bowling alley. It’s a massive massive clash of cultures and the rust folks come into the discussion with an assumption that C devs would leap with joy at the chance to automate memory management. Rust and C are complete opposites, but rust programmers seem to assume that just because rust is fast C programmers will love it.

        • @[email protected]
          link
          fedilink
          1
          edit-2
          4 months ago

          That might be true but it’s not what happened at that specific conference. I beg you watch the clip to see what happened. Also fuck programmers with the attitude you describe. It’s been proven wrong over and over again with so many C memory safety vulnerabilities.

          • @davidagain
            link
            24 months ago

            I saw the clip previously. The rust guys are absolutely assuming that the C guys would go for something because (a) the compiler guarantees it’s memory safe (b) the semantics would be encoded in the type system. They demonstrate this using rust terminology and algebraic data types. Algebraic data types are the bees knees, (but not with that syntax and clumsiness), and compiler guarantees are the bees knees, but that’s not how a C programmer who’s middle aged sees the world, it just isn’t. Your typical middle aged C programmer grew up telling pascal programmers that automatic array bounds checking is for wimps and real men use pointer arithmetic and their programs run five times as fast. They were always right because their programs did really run significantly faster, but now rust comes along and its fast and safe. Why wouldn’t C programmers like it? Because the speed was the excuse and the lack of guardrails was the real reason they liked C.

            I said it’s a massive culture clash that the rust folks didn’t realise they were having because they just assume that “memory safe” wins people round, whereas C folks value their freedom from automatic compiler-based safety, and here you are, sounding like a rust person, saying it isn’t a culture clash at all and that the rust folks are right about memory safety and the C folks are just being irresponsible.

            • @[email protected]
              link
              fedilink
              04 months ago

              They aren’t asking C devs to write Rust code, which is what the guy being a heckler was claiming. Why don’t they want to right Rust? For exactly the reasons you describe. The thing is though that’s not currently being asked of them, all they actually want is the documentation to create that code themselves.

              You really don’t have to explain any of the culture clash to me lol. I’ve written both C/C++ and Rust. My C and C++ coding skills are demonstrably better (or at least used to be, it’s been a while) than my Rust skills. Why? Because of how complex those guardrails are. The difference is I have the self awareness to know that my lack of Rust skills doesn’t mean that the language is bad, or that C is a safe language to use. Rust tutorials could be improved. Perhaps an easier to use language like Zig might be more useful for some people. I feel like it’s a good compromise between safety and ease of use. Rust though is still incredibly progressive for the industry, and will improve systems security, maintainability and reliability going forward if only people would stop getting in the way.

              • @davidagain
                link
                1
                edit-2
                4 months ago

                TL;DR: Vast culture clash that rust guys didn’t perceive and C guys hated and false assertion that “you don’t need to learn rust” based on inexplicably naive lack of understanding that maintenance might be necessary.

                If someone builds a rust api on top of your C code inside your project, you have exactly five choices: (1) preserve the assumptions the rust code is making (2) only change your code if you have a rust expert to collaborate with handy (3) edit the rust code yourself (4) break the rust assumptions leading to hard to find bugs (5) break the build. The C guys hated all five of those options, and the rust guys told them they didn’t need to worry their pretty little heads about it. ON, they weren’t as dismissive as that, but they either didn’t understand those as issues or didn’t care about them or dismissed them.

                The rust guys were asking the C guys to tell them the semantics so that they could fix the type signatures for their rust functions and the C guys were reluctant to do that because they wanted to be able to change the semantics of that turned out to be useful to them. They didn’t want to commit so something that was documented in a way they weren’t familiar with because they felt that even if they wanted to, they couldn’t ensure their code was compliant with this specification going forward because they didn’t understand the rust type signature fully. (They got hung up on the self argument and launched a rant against OOP.)

                The rust guys knew instinctively that the Result return type meant that the operation could fail and could tell from the two arguments to that both in what ways it could fail and every kind of answer it could produce if it succeeded, but the C guys found almost none of that obvious. This was for just one function in the rust API, but it also radically changed the way of doing it. This one rust call replaced the whole algorithms of ask, check answer, if none, check this and that, otherwise do this blah blah blah. The C guys are used to keeping everything lean and simple with a single purpose and were being asked to think of a while collection of procedural knowledge and edge cases with a handle everything monolith. But they were audibly reluctant to commit to that being all the edge cases because they don’t think of all of those tests as one thing and instinctively wouldn’t write something that checks for all of the edge cases because (a) in a lot of circumstances the code they’re writing only needs to know that there was a problem and will give up quickly and move on and (b) they want to be able to freely choose to add other edge cases in the future like they normally do without having to worry about the rust code breaking.

                They weren’t complaining that they were being asked to write rust, they were complaining that they didn’t want to learn rust, and they were complaining this because they could see that to preserve all the rust API type signatures they would have to understand them, the expectations around them and memory safety principles, so that a rust programmer in the future wouldn’t have to change the rust type signature.

                The rust guys would have gained a lot more traction by just asking the C guys to keep a bunch of comments up to date detailing the semantics and error checking procedures, and promising to edit their rust API if the C code changes, but I suspect they didn’t ask for that because they know that no guarantees come from a comment and they want to be sure that the rust code works across all the possible scenarios and in rust culture, that is always documented in the type system where it can be enforced.

                The rust guys spoke like it was self evident that having a monolithic API with a bunch of stuff guaranteed by the rust compiler was best, but seem not to have realised that this is a massive culture clash because the C guys come from a culture of rejecting the idea of compiler guarantees anyway (because they have long had confidence in their ability to hand optimize their code to be faster than some prescriptive compiler’s output and look down on people who choose to have the guardrails up).

                They felt like they were being asked to help write an interface definition in a monolithic style that they have always rejected, to achieve goals that they have long resisted, in a language that they find alien, with no guarantees for them that the rust guys were going to stick around to agree and implement the rust changes necessary if they changed the C code, and with no confidence that they understood what would count as a breaking change at the rust level.

                This perceived straightjacket made them particularly cross. They complained about the inability to change their C code and its semantics and the need to learn enough rust to understand quickly what not to change, but they didn’t want to not change things and would need to edit the rust API at the same time as editing the C code if they didn’t want the rust build to break, and then there would be even more downstream changes from that, so realistically they would need not only to be able to understand the rust type signatures, they would need to be able to edit both the type signatures and the functions themselves, and basically maintain all the downstream rust, and they would want to be sure they were writing efficient rust, well aware that it took them decades to get to the level of extreme efficiency they write in pure C, a much simpler language.

                The rust guys said “Just tell us what your code means so we can write our type signatures”, but the C guys didn’t want to help create for themselves a prison whose walls were of a strange and intricate design they found hard to perceive, made out of materials they didn’t have experience working with. They felt like the first guys were asking them how all the doors, windows, chimneys, air vents etc of the house that they built by hand would ever be used, so they could encase it in a stainless steel shell and make it part of a giant steel city. The C guys said “but I might want to build an extension or a wider garage!” They claimed that the C guys didn’t have to learn how to weld or manufacture steel sheets, and that their house would be much safer, but for some reason this didn’t win the C guys round to the plan, and there’s a bunch of people online calling the C guys tech luddites for not liking the whole thing and saying that they were incorrect that they needed to learn rust just because the rust guys made that claim, but that claim is actually completely incorrect unless you think that it’s OK to stop the project compiling with your pull request or you think that changes to the C code should be banned wherever a rust API is built on top of it.

                • @[email protected]
                  link
                  fedilink
                  14 months ago

                  The rust guys would have gained a lot more traction by just asking the C guys to keep a bunch of comments up to date detailing the semantics and error checking procedures, and promising to edit their rust API if the C code changes, but I suspect they didn’t ask for that because they know that no guarantees come from a comment and they want to be sure that the rust code works across all the possible scenarios and in rust culture, that is always documented in the type system where it can be enforced.

                  I could be being daft but I thought this is more or less what the Rust guys were asking for. Tell us the current symantics of the system, and if it changes in future let us know what the new semantics are and we will fix the Rust code accordingly.

                  I do understand what you mean though about enforcing restrictions on what the C guys can do without breaking the Rust code. I think you run into situations wherever two languages meet. The way most projects handle this is the upstream releases a new version, or a release candidate of a new version with their breaking changes documented and then downstream updates their stuff accordingly when they get time. Obviously this is one project, but I imagine it’s possible for the C guys to update stuff in a pull request and then drop an email in LKML to the Rust guys so they know stuff needs fixing. None of this seems that hard to me.

                  Ultimately though everything here is Linus decision. Either your in or your out. If Linus says yes to Rust doing whatever then that’s what’s going to happen. Likewise if he says no, then it’s not going to happen that way. Until he weighs in no one can really say how this will end.

                  Personally though I disagree with the C guys. Safety features are important and should be used where it is practical to do so. Until now C has had the justification that it’s still the fastest language and by a significant margin. Now a somewhat safe language like Rust exists with the same speed and capabilities I don’t think we can afford to continue ignoring safety for the sake of a few bruised egos. If this was a proper industry like aviation safety would always come first, and if that means adopting new technologies and forcing people to adapt. I can understand if C devs have a hard time adapting, I don’t expect it to happen overnight. The expectation though should be they should learn some Rust eventually, even if it’s just enough to know the type signatures and what not that they might break with their changes to C code. Kernel devs are supposed to be some of the smartest computer people out there. If they can’t learn even that small amount of another language then should they really still be kernel developers?

    • @[email protected]
      link
      fedilink
      1
      edit-2
      4 months ago

      That is honestly a decent analogy. So, on what rides is it ok if something goes wrong and a young family member is killed? Rust says, it is never ok so we won’t let you do it.

      To use your analogy though, the issue is the driver feeling quite confident in their skills and rating the risk as low. Then a tire blows on a corner. Or somebody else runs a red light. Or, there is just that one day when an otherwise good driver makes a mistake. History tells us, the risk is higher than the overconfident “good” drivers think it is.

      In particular, history shows that 70% of the real world injuries and fatalities come from passengers without seat belts. So, instead of each driver deciding if it is safe, we as a society decide that seat belt use is mandatory because it will prevent those 70% of injuries and fatalities ( without worrying about which individual drivers are responsible )

      Rust is the seat belt law that demonstrably saves lives regardless of how safe each individual driver thinks they are. It is a hard transition with many critics but the generation that grows up with seat belts will never go back. Eventually, we will all realize just how crazy it was that they were not always used.

  • @[email protected]
    link
    fedilink
    English
    34 months ago

    Is there an email thread where c and rust Linux kernel devs actually discuss what’s about? Because so far I see some Linux drama and I have no slightest clue what’s about

    • @offspec
      link
      34 months ago

      Rust guys want to make the kernel safer, more expressive, and easier to maintain. To do that they need to know how the kenrnel talks between its parts to ensure they are creating matching behavior. The C guys don’t really care about the Rust guys and say that they can’t be bothered to guarantee interoperability because they like to change how things work on the C side to make things better in the C code.

      • merde alors
        link
        fedilink
        -24 months ago

        me, personally?

        why would it matter how long i would (or did) stay?

        • @[email protected]
          link
          fedilink
          English
          44 months ago

          It’s a rhetorical question. Would you consider 4 years to be a “short amount of time” to remain at a job you didn’t like?

          • merde alors
            link
            fedilink
            -24 months ago

            i would consider 4 years to be

            • too long amount of time for a job you don’t like (it took you 4 years to realize that you don’t like it?)
            • too short for a job you are committed to (you give up only after 4 years?)

            After almost 4 years, I find myself lacking the energy and enthusiasm I once had

            once i had? energy and enthusiasm he had only 3 years ago?! When i started reading the article i was expecting 15 years, 20, 30+

  • @TunaCowboy
    link
    -114 months ago

    The rust community is its own worst enemy. The political infighting and constant compulsion to shit on other languages is a turn off to many, and there are plenty of applications where memory safety is not the highest priority.

    • @[email protected]
      link
      fedilink
      21
      edit-2
      4 months ago

      In this case, the issue is really the C kernel devs, not the Rust devs. Some are not open to new ideas at all. Take a look at the conference video he linked to for example: https://youtu.be/WiPp9YEBV0Q?t=1529. He clearly states that he’s not trying to make the C devs learn Rust.

      • @TunaCowboy
        link
        -134 months ago

        My comment was speaking in a general context.

        I’ve seen the video and I agree with Ted. Anyone with experience understands creep, and although Wedson denies it it’s exactly where they’re headed. Ted and others are right to voice these concerns and attempt to set very clear expectations for the rust developers.

        They took on the task knowing it was experimental, would be difficult, and that they would be second class citizens - you don’t get to agree to the terms and then complain about them later.

        • @[email protected]
          link
          fedilink
          24 months ago

          then complain about them later.

          I don’t see where they’re complaining? They don’t seem to be asking anything of the C devs other than help with API definitions.

    • rhabarbaOP
      link
      fedilink
      54 months ago

      Wait until you see the Lisp community. But yes, Rust is currently in its “why are there even any other languages lol” phase. Just wait.