0 Days Since Rust Drama
Recorded live on twitch, GET IN
https://twitch.tv/ThePrimeagen
Rust Internals article: https://internals.rust-lang.org/t/pre-rfc-sandboxed-deterministic-reproducible-efficient-wasm-compilation-of-proc-macros/19359?page=2
MY MAIN YT CHANNEL: Has well edited engineering videos
https://youtube.com/ThePrimeagen
Discord
https://discord.gg/ThePrimeagen
Have something for me to read or react to?: https://www.reddit.com/r/ThePrimeagenReact/
Hey I am sponsored by Turso, an edge database. I think they are pretty neet. Give them a try for free and if you want you can get a decent amount off (the free tier is the best (better than planetscale or any other))
https://turso.tech/deeznuts
Views:56910
Taqs:programming,computer,software,software engineer,software engineering,program,development,developing,developer,developers,web design,web developer,web development,programmer humor,humor,memes,software memes,engineer,engineering,Regex,regexs,regexes,netflix,vscode,vscode engineer,vscode plugins,Lenovo,customer service
コメント
コメント (74)
トラックバックは利用できません。
The irony of designing a language people actually want to use and being a sweaty nerd with a piss poor reading of society. This is a weird dynamic. Like dumb parents who dont understand the new generation and end up harming their kids long term.
im a react dev, i going to bet on golang instead of rust
This TJ guy is the master of useless circumlocution.
Honestly, while I get why it’d make people _mad,_ I think DTolney is in the right here, and certainly not being malicious. It’s his crate, he can do what he wants with it. Others can also fork it. It could’ve been handled better, sure. But I wouldn’t say he’s trying to “force cargo’s hand”, that’s ridiculous.
What’s a long compilation at a big company?
16:40 Rust is also pretty authoritarian. You /could/ use a fork of Serde, but then YOUR serde types are not compatible with the serde types of the other library.
You really have to decide. Do you want your own system, or do you want to use the system everyone else uses.
You could also fork every lib you use and make them use your serde fork.
It’s mostly because of the orphan rules. I love them, but sometimes I hate them.
I guess, that’s the main reason why people coordinate to use the same crates.
In most languages you would just implement serde for all the types you import, if they don’t already implement them.
In Rust, it’s pretty annoying, so you’d rather demand everyone to use the serialization library you use for your crate.
That forces everyone to use the same library. If you don’t use it, you are excluded by parts of the ecosystem. And I consider that some kind of authoritarianism.
It might be effective to coordinate on some specific systems, but it takes away some of your freedom.
You either have to obey, or you have to do your own thing almost completely.
You can’t just implement your serde fork for each type form other libraries.
You /could/ do it if you derive every library you use inside your serde fork itself, but that’s far from scalable. You’re never done.
12:20 It could derive something different. For example it could send all your program data to some server, whenever it’s serialized.
you should get a vertical tabs extension
Well he’s not going to be in proc-macro3
So glad some fools thought adding RUST to the Linux Kernel was a good idea.
There’s nothing better than collaboration videos between these two gentlemen.
Rust: solutionism the language.
Pre compiled binaries that control the whole ecosystem?
Yeah Get That Shit Out Of The Kernel
Honestly it feels legal had the last laugh in this debacle.
Also, people who commented with a thumb down emoji on the serde changes got blocked by the serde organization (see the “serde-blocked” repository).
The root cause is the fact that Rust has a poor standard library. Writing or using a serializer requires 3rd party dependencies, which is nuts. That should be part of the language or the standard library. Go and Zig never had such issues.
424 people blocked on github and twitter now..
Is TJ short for Tom Jenius
I have a question.
When did verbs become nouns?
What’s the meaning of “I am sorry or thank you”?
I used to respect you Prime, until I gradually realized you’re a hyperbolic, kinda neurotic clickbaiter. I’m still on the fence about unsubscribing since you still have plenty of pretty-interesting takes on articles. But I’m longing for the days of Prime 1.0 before the fame got to this guy’s head.
Dtolnay’s reaction (14:40) of (Im paraphrasing) ” If MY CHANGE does not work for you, SOMEONE ELSE should make it work” comes off as unfair. He made the change, and now everyone else has to run in circles and react to it.
In addition, the “(as I have done for … and … … which I contribute SIGNIFICANTLY to)” that directly follows, comes off as arrogant and self-congratulatory.
We show who we are not by our actions but by our reactions. IMO
While I agree that this switch to precompiled binaries is a 💩y thing to do, calling it “terroristic” goes a bit too far.
What this whole situation shows beautifully however is a problem that all package-based programming languages have. (Node, PHP, and Go have it too, to a certain degree). It is the fact that you now depend on 3rd parties and these 3rd parties get control over your projects.
In Return, you get to use the results of knowledge you don’t have.
All so, that you can keep up with the breakneck speed that everything moves with.
Dramas are needed to solve problems in Rust. Because Rust is the Drama Queen, RDQ for short.
At what point do you lose control over your own projects? The MIT license is like two paragraphs and the entire second one is ALL CAPS saying that you are not guaranteed these very things.
I’m so tired of not being able to relate to other developer’s struggles. Maybe I should stop using Go, I want to have something to complain about too.
So Python compiled interpreter is terroristic…..
17:26 can’t you alrealy specify in your cargo.toml to compile specific derive macro crates in release even in debug builds to speed up macro expension, you just have to test if the increased derive compilation itself in release is offsetting the gains?
I’ve been doing this in debug code with scrypt to significantly speed up scrypt execution in debug builds, because logins in debug took way too long lol
For those who are looking for it, the issue is resolved in 1.0.185, so versions 1.0.172-1.0.184 should be banned in security scanners.
When I was younger and something at work upset me, I’d write up an absolutely scathing email. I’d spend a lot of time getting the absolutely perfect wording. I’d work to make it as terse as possible, while still including every detail of what made me upset. And then I’d delete the email without sending it. Writing that first email would drain me of so much energy, that I’d then write a second email which would be more like
“Eh, I don’t understand why this was done. Seems to me we could have done something better than this”.
All the complaints about Rust’s compilation time… Why not build the Rust compiler in Rust?
This is an intentionally dumb question btw.
Flip actually cut the joke out!
Lispchads stay winning.
David Tolnay. He’s the hero Rust deserves, but not the one it needs right now. So we’ll hunt him. Because he can take it. Because he’s not our hero. He’s a silent guardian, a watchful protector. A dark knight.
I’m sure I’m missing something, but can someone explain to me how downloading and running a precompiled binary is so much of a risk factor but downloading source from the same place, compiling it in your machine and then running it isn’t? It’s not like you’re going to check the download code every single time, someone could still push a malicious version
you guys are great together–technical synergy as well as comedic riffing
seriously, i really really fail to see how this problem wouldn’t be solved with better compile cache.
does anyone care to explain why it doesn’t?
dtolnay is David Tolnay. Look it up
Due to the rust drama I’ve decided to learn zig instead.
I love how prime has a million shortcuts and custom key bindings, but clicks tabs in his browser when trying to find something 😀
I wonder when Rust community acknowledges that broad standard library is a good thing…
the argument about “letting us to run some external binary” is such bullshit… Everyone who uses any wrapper of any kind (OpenCV for example) gets a binary + some C-invoke code. It happens all the time. In dotnet C# we have Nuget instead of Cargo, and you download the IL – intermediate, compiled code, but that’s deteministic, so you can check the hash.
Time to drop this very appropriate Spongebob meme : https://www.youtube.com/watch?v=DDZIPkn4EEU
If you like simplicity, go with python.
If you want speed, choose c++
If you crave for drama…..
Rust isn’t going to make it. It’s peaked too early.
All this was such an asinine situation. I honestly don’t understand why the rust community isn’t trying to make their compiler much faster. Linking with cargo is a freaking mess and especially in the case of macros, build times just explode if you are not careful. There’s no excuse as to why the compiler needs to be this slow. It’s also really sad to me that a handful of people control most of the popular crates in the ecosystem and yet their contributions are not heavily documented.
i get the concern but calling this terroristic, as well as the point of dtolnay no longer being a FOSS maintainer, is just absolutely ridiculous. Accusing someone of terrorism because they shipped a bad change with security issues is absolutely overblown, and serde is still free and open source which makes it’s maintainer a FOSS maintainer
I don’t use rust (sadly), so I think I am misunderstanding something here.
I understand people’s concerns that using cargo to build a project using serde-derive download a binary instead of building the binary themselves from the source. And that building your project with out having to also build the serde binary is faster…
But when you compile a rust project, is it downloading each referenced crate’s source(or locally reading the pre-dowloaded source code) and building the binary?
Why can’t you download the source code of the crates you want to use in a project, build their binaries from the source once, cache those resulting binaries until you update the crate version or rust compiler, and then whenever you compile your project, it just uses those binaries instead of building them on the fly?
(This is how I assumed it would work and don’t know why it wouldn’t do it that way. But if it does work this way, I don’t see how dowloading the binary from the crate would be any faster except on the very first project compilation?)
AGAIN??? What’s this time?? too lazy to watch
I mean this is something that needs a bit of drama to get things moving in a better direction.
As a potential compromise, couldn’t you make the binary first build (sure first one is going to be slow), then cache it and reuse it in the future, and a way to have sections built in release mode, hell if we are running rust code, couldn’t we spawn a second copy of the rustc to do that already? Why isn’t that a potential solution to this issue here? In fact isn’t this is the idea behind ccache for c compilation, maybe partial binary caching is something rust should have generally?
Did something happened to rust again
That was a whole lot of reading for a video.
The twitch comment, “TJ see you again tomorrow on 0 days since rust drama” has me dying 😂😂😂😂😂😂
jhe-san format
This seems like one developer was trying to fix a major flaw in the Rust ecosystem and due to another flaw, there was only one way of doing it.
Is the risk factor really any higher than the pre-compiled DLLs/.so/whatever a lot of other languages use for third party libraries? I understand there will be edge cases but for most of us, is it really any worse than (N)Hibernate, bass.DLL, etc?
If I were dtolnay, I would probably yank every version of all my crates then peace out
Nix helps with precompiled binaries while preserving trust well, in my opinion.
12:13 actually it can run at runtime. Since the original purpose of these sort of libraries is to generate code, a malicious version of it could add a malware payload to every build as well.
Isn’t the solution to add an option to build proc_macros in release mode all the time?
Prime, I’d like to formally apologize for the sadistic things I’m about to say. I’ve known and watched your channels for a long time, I’ve learnt a lot of useful things from your channel. I’ve now been more responsible when writing my applications for 9 users daily, taking your algorithms course, and diving into new languages.
So I’ve learnt a lot, and in no mean do I intend to offend you or anyone reading this comment. If I do hurt some feelings however, I sincerely, from the lowest and darkest part of my heart (the limbic system) apologize and I promise I have no ill intention. I’d be willing to give in anyway, shape, or form, to provide and help those who may feel uncomfortable and uneased with what I’m going to say. I can also request therapy if you or anyone will need it. I’m sorry.
Anyone attempt at file reading in Deno is greeted with
package gooblety-gobelty-woke_weak_ass_liberal-js-react-ENGINEER—-ts-lover——is-odd-or_even_or_neither is requesting READ access to ‘C:/Users/wokey/Documents/Dropbox/Dropbox/projects/gobelti/.env’, press y to allow, A to allow all, n to exit, or run deno with the –allow-read flag.
teej bouncing up and down while talking about rust got me feeling some typa way
Rust community is so fucked up, unusable language. Get over it.
I have 2 doughters and both are girls 😁
I swear I never had a compile time issue. Just get an extreme Workstation. You have to live with that in Rust.
Rust seems cool, but there’s enough drama in the world, I don’t need a programming language with one.
i dont get why cargo cant just compile proc crates in release mode and save them somewhere
i mean there’s gotta be a reason to require a separate crate for proc macros right?
Pre-compiled is a great way to slip in nation state backdoors.
Isn’t there a way to compile the lib yourself and then reuse it on subsequent CI runs? How is it this much of a problem?
This shows the problem with having a deficient standard library. All these third party packages are providing core functionality, and end up depended on by the vast majority of projects. But the third party maintainer gets very little in return for all of this, and too often ends up overworked and unable to effectively maintain the critical library.
rust’s inclusivity invites all the twitter users
This channel has turned into the authoritative source on all rust drama. It is like TMZ but for nerd shaming….
Video with teej? No thx, I’m good…
0 days since TheDramaGenerator making clickbait drama.
I swear this is the 4th time I have seen this title.