I hate Rust (programming language)
Now, hear me out, it’s the middle of the night here and I’m feeling a bit rusty with my English, but we’ll try to be creative with this one. There are many ways in which we can say that we have a poisonous community, and I’ll enumerate a few in this article. Also, obviously, this is a very subjective article. It’s not about technical merits, although it will mention those as well, it’s more about the social engineering around Rust (programming language). But I hate it, and I don’t even have to touch Rust code yet (but probably will in the future). So join me in this wonderful trip of discovery to see in how many ways we can say the same thing, which is that the Rust community sucks.
My personal experience with Rust
I tried learning Rust three different times. The first time it was way before 2020, when the first drops of enthusiasm around the language started to whet people’s appetites. Probably 2015, probably prompted by the release of 1.0, and I can tell that it looked interesting. I tried to learn it then, but I can’t remember what the problem was - I probably didn’t even go through a full write-compile-execute cycle for a „Hello World” program, most likely because I was burned out and in denial about it. I read a bit about the language, though, took note, said „yeah, that sounds interesting” about its „const by default” strategy, and moved on.
My second time was somewhere right before 2020, in pre-pandemic aka „the good old” times. Back then I was already in
full burnout mode and I opened a Rust book because learning new things made me feel like I was reconnecting with my love
for computer science in general. For some reason, learning new things was a good burnout coping mechanism, but
everyone’s burnout is different. So I started reading on Rust and the first chapter proved to be a moral lesson about
inclusion, and I was like… friend. I’m not here for a diversity lecture, I’m here to learn about the language. But
there it went, the book talked about being Rustaceans (I really hated the term), in love with diversity, and it felt
more like a brainwashing DEI lecture than a serious conversation about a technical topic. This time, though, I tried a
bit more of the language, I actually wrote some programs, used some libraries to do something relatively small, and it
felt deeply unsatisfying - mostly because the libraries weren’t there yet. I also disliked cargo, as well as the way that the book suggested I should set-up Rust, which I see is the current way it’s recommended to be installed as well - by downloading and running a script off the internet. As a 80s and 90s kid, this felt irresponsible. It still is, but we’ll talk about this later.
My third time is my „I give up on this shit” time. Late 2020, early 2021, deep pandemic times, in my sabbatical
stay-at-home time, trying to cope with the fallout of my burnout. I skipped the chapter on diversity (I somehow took the
same book to read) and started writing more code. The code did not compile. I was shocked. It’s quite an amazing feat,
that, to have a recommended learning material that can make your very first program not compile. I will not dig through
my archives but I discussed this at length back then, because it was really funny. The problem was, of course, the fact
that I didn’t copy-paste right the setup sequence, and instead of choosing a certain numbered version of the random
library (if I remember correctly) I let cargo download the latest version which had a completely different API. I think
that the program was a „guess the number” program, and writing it and getting a compile error was absolutely batshit
insane. I had a very „get to your fucking senses” moment and dropped Rust forever (until I’ll have to pick it up again
because that’s just my luck).
Now, listen up, I’m very good at avoiding technologies. I managed to avoid the wave of Microsoft bullshit UI technologies for a very long time; I almost managed to avoid MFC as well, although I had to implement MFC sync objects in Linux in 2001, until (just my luck) I had to pick up MFC when nobody used it anymore and implement stuff on Windows CE just when everyone was waking up to the fact that Microsoft’s monopolistic attitude is not good for business and switched to Linux. It was a frustrating time, to see all this flurry around Linux (of which I was a relatively early adopter) precisely when I had to use Microsoft technologies, but… heh, that’s my luck. Also, for a long time I managed to avoid Java (although I had to learn some Java for a C# interview that turned out to be my next job, and C# proved to be a pleasant surprise, said the Stockholm-syndrome sufferer, me). I managed for a long time to avoid Javascript as well (and I think that I’m still thankful that I can ignore innovations such as leftpad). So ignoring a technological artefact as an experience is not new to me, and I thought I will be able to ignore Rust hopefully for the rest of my life. That proved to be impossible.
Let me tell you about our Lord and Savior Rust
I think I started noticing the Rust proselitizing in 2022, when it started being everywhere, even in places you didn’t want it to be. Every C++ conference had a talk on Rust, the Rust community was infecting every corner of the internet that pertained to C or C++ (and, coincidentally, C#, because sometimes search engines ignore that # character). Everyone started talking about the merits of The One True Language, which were basically little more than enabling some sanitizers in the command line for the C++ compiler, and the borrow-checker which felt like compile-time garbage collection made hard. And, to be frank, once everyone started talking about Rust it felt like a cacophonous chorus that tried to sing about the future of the computing while not contributing with much to it. „We can rewrite everything in Rust!” „We can rewrite the Web in Rust!” „Rewrite it in Rust”. Well, fuck off, why don’t you rewrite it? Ah, because you’re too busy writing on social media platforms about how great Rust is instead of writing the code, heh?
And I’m not saying that there aren’t a lot of busybodies who actually do the thing, not talk about the thing. What I’m saying is that the people who don’t are very noisy about adopting Rust and not doing it at the same time. „If only we could rewrite this in Rust!” „You old people are gatekeeping with your C code and memory unsafe languages!” „You’re horrible people for writing in memory unsafe languages!” „It’s a cardinal sin to write code in C and C++ in the year of our Lord 10 (or 2022)”. There was not a space for discussion with the Rustaceans - despite the inclusion discourse on the book on Rust, the community around the language felt awkwardly aggressive and exclusivistic. Especially as their discourse was really light on arguments, beside the const by default and the borrow checker.
So many issues caused by memory unsafe languages
Perhaps the most hypocritical thing about Rust is the claim that the world’s ails are caused by the fact that in C++
(the primary target of Rust-infested brains) you can still write very bad code. There are numbers behind these claims,
and indeed, there is a lot of bad code out there. I do agree that the software world requires a rewrite - I have argued
about dropping POSIX altogether since POSIX propagates the single worst idea in the history of computing. I also argued
that there’s not enough research done in the Operating Systems field and definitely not enough effort put into replacing
Linux, itself becoming the stone tied to everyone’s necks right now. Hell, people keep complaining that systemd
exists, although it’s definitely a step in the right direction. But people are creatures of habit - and we create
avenues to make ourselves feel righteous while continuing to do the bad things. And rust is one such way to feel
righteous while continuing old behaviors.
I call rust similar to recycling plastic. We know that recycling plastic is not practical, it would be a lot better to
not use plastic anymore, but not using plastic is very hard for the modern world. So we invent this small loophole in
which we feel fine about the fact that every aspect of our lives is polluting the world - we RECYCLE and we feel good
about it. This is the same with rust rewrites. We „rewrite everything in Rust” and we’ll feel good about not changing
anything fundamental in the way we do things.
By now you’re asking yourself „what is this kid talking about?” and you’re right to do so. Well, friends, allow me to educate you. Most of the issues that people list as „memory unsafe languages” issues are caused by the syndrome of bad fundamental choices, and the origin of most bad fundamental choices is the one issue that is perpetuated by the fundamental API that is used by all, including Rust. POSIX, as well as Win32, the fundamental operating system interfaces, perpetuate the single most costly mistake in the history of computing, which is the zero-terminated string. No matter what you do, no matter how you do it and how you pack your data, in the end you will require communicating to your operating system, and you do that by passing a zero-terminated string, in one form or another. Until this mistake is completely eliminated from the operating system interfaces as well as the fundamental libraries.
Rust doesn’t change this; it merely hides it. But one could argue that C++ also can hide this - sure, Rust does a better job at hiding this detail, but C++ is no different. This is why I prefer rewrite it in Pascal to rewrite it in rust. Pascal strings were fundamental types and always had the size of the string in them. There’s no need for this zero-terminated bullshit if you’re writing everything from the grounds up in Pascal. Unfortunately Pascal lost the race to becoming the dominant platform in the 80s, it’s a shame, but it is what it is.
And here’s the kicker, the one thing that you were here for and you paid good money to your internet provider to display on your computer screen.
Rust is not a memory-safe language
But the borrow checker! But the const by default! NO! You’re lying to me, Mr. Lazar, you’re the Bond villain in the story. How dare you?!
Now, listen up, as long as you can do stupid stuff in your language, your language is not memory safe; and as long as it’s common practice to do stupid stuff in your language, your language is not stupid-proof. As a primer on this one, I’ll use the current version of the String class documentation on the official site dedicated to Rust documentation. One of the first examples looks like this:
// some bytes, in a vector
let sparkle_heart = vec![240, 159, 146, 150];
// We know these bytes are valid, so we'll use `unwrap()`.
let sparkle_heart = String::from_utf8(sparkle_heart).unwrap();
assert_eq!("💖", sparkle_heart);
I absolutely love the „we know these bytes are valid”, and this looks pretty bad. It’s probably safe to do so, but if we go further down the line we see stuff like:
let s = unsafe { String::from_raw_parts(ptr, len, capacity) };
Now, I’m not saying that this is not nice. It’s nice to mark your unsafe code, almost as nice as telling what
exceptions your function will throw (and yes, this is a jab Java). But you get away with doing stupid shit when writing
unsafe in your code, and this basically says „we know that we can’t do it. We can’t write safe code”. You have to be
very naïve to think that a feature like unsafe will not be abused. Don’t get me wrong, I get it. You and your friends
will definitely not use unsafe statements needlessly. You’ll only use it in an easy to prove manner, you’re writing
good code, you’re writing safe code. But somewhere, down there, there is some unsafe statement that makes you write
code that you call safe. That’s the plastic that keeps being produced while you’re recycling. This is the main point of hypocrisy for this language. Your language, friend, is not safe. It’s anything but.
I will not even talk about the „Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust.
🦀” (in all honesty, I don’t really care enough about Rust to actually check this
in detail, but I’m sure that going through this project will be an interesting experience for all Rustaceans). I want to
talk only about the unsafe feature thingy, and the false sense of security that the unsafe statement generates. As
long as the truth is hidden to you, you can feel safe about it. And allow me to tell you that this is no different from
writing code in C++ - you can write very safe code in C++, and defensive programming was a thing since the mid 90s and
maybe before that. But your defensiveness can go until the libraries you use, and those libraries can mock your
defensiveness to hell and back. You cannot tell if your library is really safe, or just a big bomb waiting to explode.
You’re as safe as your system is, and let me tell you, but in your Rust executable there might be a ton of unsafety you
have no clue about. But you feel safe because you didn’t write that unsafe label yourself. Someone else did, and
someone else has to know better. Right? Right? Please tell me that it’s true!
Cargo culting
Perhaps the biggest thing that got everyone in the C++ community wet to the bone is cargo. OMG, it’s so nice to have
cargo compile everything and download everything and…
Friends, fuck cargo. There’s really nothing good about cargo other than the enormous speed at which the car you’re
driving can hit a wall. I mean, I get it. cargo is an enormous productivity tool. It’s so amazing, it allows you to
download code off the internet and be so damn productive, and have…
Friend. Don’t download code off the internet. Don’t copy/paste code off the internet, and don’t trust people from the internet. Why do you trust your fellow programmer from 5000 miles away? How is he different from you and how is he more competent than you? Why do you trust humanity so much (and how can you trust LLMs trained on data generated by humans)? Humans suck at writing code, and you should not trust stuff automatically.
And you can say that, you know, you can configure cargo to not bring stuff at random. To freeze dependencies. To freeze versions. But if you freeze versions you don’t get security updates. But if you don’t freeze versions you might get new dependencies. But, but, but.
This is not a new problem, it is an old problem that just got aggravated with delivering a shotgun for every foot in the
industry. Also, as explained above with the unsafe thing, just because a tool can be configured to be used the right
way it doesn’t mean that it will. Maybe Rajit in Pune will know how to configure and use cargo safely, but Jack in
Mountain View gives no fucks about that and decides to ignore Rajit’s instructions. Just because safety rails exist
doesn’t mean they get used, and just because you advertise certain abuses as a bad thing will not stop people from doing
bad things. And cargo forces you to trust people that opened a github account almost automatically.
I’m not saying not having something like cargo is better. However, most of this world was built on software that was
QAed by people that did distributions, that offered some guarantees. If you go and buy stuff from RedHat you might get
some support from them and you can expect that if a certain library is bad they will fix it in a few hours, days, or
weeks, depending on the gravity of the issue. What guarantees does cargo offer? Either that you’ll not get your issues
fixed unless you follow all the CVEs pertaining to all the dependencies that you fetch, if you choose to freeze your
dependencies, or that you’ll have random people on github offering the same guarantees that a distributor used to offer.
Is that feasible? Some people say it is. I see some real efforts made in this direction. Is it safe now? No. Will it be
safe soon? No, most likely never. But it will always feel safe-ish. Enough for you not to care about this too much.
Now let’s get back to bad-mouthing the community, because that’s how you don’t make friends around here.
Being delulu is not the solulu
So by now we learned that Rust is not a safer language, nor does it encourage safety practices, what is left? Elitism, smugness, and that unmistakable feeling of righteousness that comes with the territory. Most of the issues come from the numbers they keep showing „look, so many issues caused by unsafe languages”. Friend, your language doesn’t cause issues because 0.001% of the world uses code written in your language.
All communities have been infiltrated by Rust enthusiasts. I can’t see a good discussion on the C++ forums without Rust being mentioned as somehow treating all ailments of the language. I can’t read on updates to the C standard without some idiot clamoring that Rust does it better, and we should all convert to his religion. And I wish I could somehow ignore all the things that these idiots keep repeating.
I also hate the unofficial lobbying arm of this community, that published a lot of information with effervescence and offer the impression that the reason why we have faulty tech is memory safety, defined as „whatever Rust does”. And when things like „don’t use C and C++, use Rust” are touted from the White House press correspondent this is dangerous, especially since the whole world is built on 30% C code, 30% C++ and the rest anything but Rust.
The Rust people insist that they are the solution, but the truth is out there, and the truth says that Rust is just a fad. A very noisy fad, a definitely interesting fad, maybe one that will catch on, just like C did when other better languages, like FORTRAN and LISP, existed. But for the time being, we could use a little less volume until you learn how to play the orchestra, because all we hear is a cacophony of voices, and it’s tiresome.
Rust definitely has some technical merits, but I can say that it’s not used enough to tell if it’s a life-changing programming choice. It’s too early to tell. For the time being, it’s hard to collaborate with Rust people, for them it’s Rust or nothing else (but neovim and lua). You can’t use a Rust library if you’re writing code in Go, C++ or C (or maybe you can, but why would you?). I don’t know of any fundamental library written in Rust that is not a somewhat improved version of some other library that already exists in C++ or C or python. All I hear is just noise from delusional people touting the end of the world because I can write bad code in C++.
So, basically, Rust needs to shut the fuck up and stop lying about its capabilities. Rust is not a memory safe language, and does not embody safety practices. There’s a lot of work to be done, a lot of the world to be fixed, and I could do away with the noise they make to mask the lack of work. And that takes me to the final point. The people who are actually doing good work in Rust, and probably are too busy to start harassing other fundamental technological stacks because they’re not Rust. Those people, if they exist, are doing the work quietly, and I’m thankful for their effort. Just like I am for the billions of potentially unsafe C and C++ lines of code that allow me to post this article on the internet today.