← Back to context

Comment by taneq

2 days ago

I’m reminded of the hierarchy of controls in machine safety. If you can’t eliminate the hazard, or substitute a less hazardous thing, then engineering out the hazard (like Rust did) is preferable to a procedural control (“git gud at engineering”).

Can you elaborate on the distinction between "eliminate the hazard" as the first choice and "engineering out the hazard" as a fallback approach?

In my safety background (recently aerospace, ARP4754/4761), removing and avoiding the hazard are essentially equivalent, with reducing the likelihood and mitigating its effects acceptable if you can't remove or avoid the hazard, and procedure is also the least preferred mechanism.

C/C++ with static code analysis is not worse than Rust. But most Rust developers are beginners during there are many C/C++ developers with 20+ years knowledge. So whats exactly is the point in using Rust?

  • The number of critical CVEs every year related to memory safety seems to point to the contrary. The amount of "just one more static analysizer and we'll never have any bugs!" in the C++ community is honestly disturbing, alongside the obvious elitism and absurdity of statements like 20 years of knowledge == no bugs ever.

C/C++ does not care and they’re currently the language for foundational work (OS, platforms, and libraries). Python and Java does not care, they will just throw runtime exceptions and crash. Rust care, but they don’t play well with the rest of the world.

  • rust is currently making its way into linux kernel, core contributors even did rust conf talks...windows already has rust going into kernel and core libraries, osx is also adopting rust, its making its way into all those 'foundational works' you're talking about.. so i'm pretty confused what you are saying