Last week, in our weekly roundup of programming-related news on the web, we briefly highlighted an article published by Amazon Web Services (AWS) that touted the durability of the Rust programming language. Written by Shane Miller, President of the Rust Foundation, and Carl Lerche, Principal Engineer at AWS and creator of the Tokio Rust asynchronous execution environment, the article claimed that Rust beats many other languages ​​in terms of efficiency, AWS claiming it was “to invest in the durability of Rust, a language we believe should be used to build durable and secure solutions.”

While the article was certainly not the first to suggest that Rust could help address environmental concerns by providing a more efficient programming language, it was the references to Go, a language often touted as a competitor to Rust, that did. caused a bit of a disagreement this week, in the form of a Twitter feed by Go lead engineer Russ Cox.

I wasn’t going to say anything, but since ZDNet reposted the AWS blog post “Sustainability with Rust”, a short thread on why this post is misleading (at best) about Go. 1/

—Russ Cox (@_rsc) February 23, 2022

In the thread, Cox argues that two main sources of data for the article, a study from a few years ago and a blog post from early 2020 regarding Discord’s decision to switch from Go to Rust, offer insights. inaccurate outlook on Rust’s supposed performance superiority over Go. and efficiency.

The study, Cox writes, “has obvious problems,” because not only is it five years old, but it references an older version of Go running on now obsolete hardware. Additionally, Cox points out that the study uses the Computer Language Benchmarks Game as “a source of comparable programs, which is not at all true if you’re familiar with that site.”

“All this to say that the ‘really interesting study’ isn’t really interesting. In fact, it clearly should be viewed with a healthy dose of skepticism,” Cox writes.

Literally all the Rust people I talk to (myself included) don’t like having this study and this site brought up in this kind of discussion, despite painting Rust in a positive light. This is so unrepresentative if not downright misleading.

— Chris McDonald (@deepinthebuild) February 23, 2022

On the second point, the Discord blog post, Cox again points out that the data points involved refer to a now-old version of Go, which makes a difference for this argument, as well as what he calls a “incredibly misleading” summary. While he says the Discord blog post itself offers “an apples-to-apples comparison of a Go server and the equivalent Rust server”, he argues that the AWS post was instead a misrepresentation.

The real crux of Cox’s arguments comes in his last two tweets, which serve as a bit of a plea for peace.

“The AWS post makes honest and fair points about Rust, which makes it even more of a shame that they included these misleading statements about Go. They didn’t need to do that. Rust is good enough to stand on its own. itself,” Cox writes. “Personally, instead of reading blog posts that claim Go vs Rust is some sort of zero-sum game, I’d much rather focus on the ways Go and Rust complement each other and can work well together.”

Cox ends with a link to an article published on The New Stack that argues that Rust and Go are better together, rather than as competitors. Co-authored by members of the Rust and Go teams, the blog post claims that “While others may view Rust and Go as competitive programming languages, neither the Rust nor Go teams do. Quite the contrary, our teams have a deep respect for what others do and see the languages ​​as complementary with a shared vision of modernizing the state of software development industry-wide.

Agreed: pic.twitter.com/Qes0iHcV13

— Rémy Rakić (@lqd) February 23, 2022

This week in programming

• GitHub opens a vulnerability advisory database: While the idea of ​​open source security has become increasingly popular in recent years, the ability to contribute knowledge about vulnerabilities is something that has remained limited. However, GitHub has now opened its advisory database to community contributions. The Advisory Database, a database of CVEs and security advisories issued by GitHub regarding open source software, has been released in a new public repository, along with a user interface for making contributions. The database is licensed under Creative Commons and is maintained by a “dedicated team of full-time curators” who will review suggested improvements to existing CVEs. GitHub uses the Open Source Vulnerabilities (OSV) format for the database “in the spirit of fostering interoperability”, and the database will serve as the basis for vulnerabilities in npm, NuGet, and GitHub’s own Dependabot alerts. To contribute, users can navigate to the advisory they want to add information to and follow the “suggest improvements for this vulnerability” workflow, or submit a pull request directly.
• Prebuilt codespaces for large repositories are moving into beta: For organizations with large repositories, starting GitHub’s Codespaces can be a time-consuming activity. In response, the company launched a private preview of the ability to pre-build these codespaces. While they say feedback has been largely positive, they’ve also received “a ton of valuable feedback on setting up and managing pre-builds.” This week, the company extended the private preview to a public beta, alongside some changes made in response to that feedback. Pre-build code space speeds startup time for large and complex repositories, giving businesses “a ‘ready-to-use’ model where your source code, editor extensions, project dependencies , commands, and configurations have already been downloaded, installed, and applied so you don’t have to wait for these tasks to complete each time you create a new codespace. In addition to entering a public beta, GitHub has also added several updates, such as support for GitHub Actions workflows that will be managed by the Codespaces service, and pre-build configurations that are built on GitHub Actions VMs. for all organizations with GitHub Enterprise Cloud and Team plans, and the pre-builds documentation will help you get started.

An incomplete list of phrases to avoid with developers

– It’s easy to use
– It does exactly what you need
– It is highly scalable

— Adam DuVander (@adamd) February 24, 2022

• Porting Linux eBPF to Windows? It’s been almost a year now since Microsoft announced that it would bring eBPF to Windows. Recently they offered an update on their progress, and now they say they want to “meet the developers where they are” and so they offered a guide to getting Linux based eBPF programs to work with eBPF for Windows. As we have been following eBPF closely for a while, we thought it was worth pointing out. In the article, Microsoft offers its “learning and observations using an application that was fundamentally written for Linux” – the Cilium Layer-4 load balancer – as a “highly relevant use case in the real world”. Beyond that, they also offer a glimpse into the future of eBPF on Windows, writing that they “will continue to be application-centric with an emphasis on hooks and helpers” and that “maximizing eBPF source code compatibility will continue to be an important focus,” with the topic of how to accept signed eBPF programs currently under active discussion.
• Rust opens up on compiler ambitions, adding Rust-Analyzer: The Rust Compiler team has ambitions for 2022 that they have decided to share with the wider community, including general themes for the year, concrete initiatives they have resources to pursue, and aspirations for more. big ones she would tackle if she had more help (hint hint). So, for you Rustaceans, read the blog post and see if there’s anything you can help with. As they note, “Rust is not a business” and “the goals we have set for the project should be aligned with the goals of our current and future contributors; otherwise, they simply won’t be completed. Apart from that, the Rust team also announced that rust-analyzer has joined the Rust organization. The rust-analyzer project is a new implementation of the Language Server Protocol (LSP) for Rust, and its membership in the Rust organization “unlocks the technical work to make rust-analyzer the officially recommended language server for Rust in the near future. “. Rust-analyzer is currently available for VS Code, NeoVim, Vim, Emacs and more.

Background: the founders of JetBrains are Russian. They have offices in Moscow and St. Petersburg. Freedom of expression does not really exist in Russia. Openly condemning the actions of the Russian government could have serious repercussions for them, but they did it anyway.

For example, JetBrains. https://t.co/oAsmCDkx3U

— Dylan Beattie (@dylanbeattie) February 24, 2022