| ▲ | mtillman 7 hours ago |
| "It is written entirely in Rust, which greatly increases the overall quality and security of the shell." Is this true? I don't know Rust so I'm probably missing context. Obvious kudos to OP for writing a shell. |
|
| ▲ | zie 6 hours ago | parent | next [-] |
| You get memory safety. That's about it for Security. Quality is in the eye of the beholder. maybe it's quality code? Maybe it's junk, who knows. Rust isn't magic that forces code to be quality code or anything. That said, the code in the Redox system is generally good, so it's probably fine, but that's not because it's written in Rust, it's because of the developers. Any GC'd language(Python, JS, Ruby, etc) gives you the same memory safety guarantees that Rust gives you. Of course GC'd languages tend to go a fair bit slower(sometimes very drastically slower) than Rust. So really the memory safety bit of Rust is that the memory safety happens at develop and compile time, instead of at runtime, like a GC language does. So you get the speed of other "systems" languages, like C, C++, etc AND memory safety. |
| |
| ▲ | Philpax 6 hours ago | parent | next [-] | | > Rust isn't magic that forces code to be quality code or anything. It is not, but the language and ecosystem are generally very well-designed and encourage you to "do the right thing," as it were. Many of the APIs you'd use in your day-to-day are designed to make it much harder to hold them wrong. On balance, outside of Haskell, it's probably the implementation language that fills me with the most confidence for any given particular piece of software. | |
| ▲ | vlovich123 6 hours ago | parent | prev | next [-] | | While I generally agree, the latest Android report suggests that rust developers get fewer reverts and code reviews are faster. This could mean that better developers tend to adopt rust or it could mean that rust really is a language where quality is easier to attain. There’s some reason to believe that given how easy it is to integrate testing into the rust code base and in general the trait and class system is also a bit higher quality and it encourage better isolation and things like const by default and not allowing API that could misuse the data structure in some unsafe way. And it has a rich ecosystem that’s easy to integrate 3p dependencies so that you’re not solving the same problem repeatedly like you tend to do in c++ So there is some reason to believe Rust does actually encourage slightly higher quality code out of developers. | | |
| ▲ | ok123456 4 hours ago | parent [-] | | Or there are "reverts and code reviews are faster" because no one wants to actually read through the perl-level line-noise type annotations, and just lgtm. | | |
| ▲ | aw1621107 2 hours ago | parent | next [-] | | > Or there are "reverts and code reviews are faster" This seems like a slight misreading of the comment you're responding to. The claim is not that reverts are "faster", whatever that would mean; the claim is that the revert rate is lower. Also, how would skimping on reviews lead to a lower revert rate? If anything, I'd imagine the normal assumption would be precisely the opposite - that skimping on reviews should lead to a higher revert rate, which is contrary to what the Android team found. | |
| ▲ | oersted 4 hours ago | parent | prev [-] | | What type annotations? In Rust almost all the types are inferred outside of function and struct declarations. In terms of type verbosity (in the code) it is roughly on the same level as TypeScript and Python. | | |
| ▲ | ok123456 2 hours ago | parent [-] | | I'm precisely referring to function and struct definitions. It's 10x worse when you add in async. 20x if you add in macros. It's write only code, just like Perl but no where near as productive. Minor refactors become a game of Jenga. | | |
| ▲ | Philpax 2 hours ago | parent | next [-] | | This is not really a serious issue for any practicing Rust programmers. | | |
| ▲ | ok123456 2 hours ago | parent [-] | | They all have Stockholm syndrome then. | | |
| ▲ | Philpax 2 hours ago | parent [-] | | What's more likely: every single Rust programmer is wrong, or you're just not seeing the forest for the trees? | | |
| ▲ | zdragnar 2 hours ago | parent [-] | | Beauty is in the eye of the beholder, and so I don't mind saying rust is butt ugly. |
|
|
| |
| ▲ | adastra22 2 hours ago | parent | prev [-] | | That’s just, like, your opinion, man. |
|
|
|
| |
| ▲ | d6e 4 hours ago | parent | prev | next [-] | | You also get ADTs and it's harder to write race conditions | |
| ▲ | adastra22 2 hours ago | parent | prev | next [-] | | There is a lot more to rust than just memory safety. A lot of concurrency errors are prevented too, for example. | |
| ▲ | netbioserror 4 hours ago | parent | prev [-] | | Most of the performance penalty for the languages you mentioned is because they're dynamically typed and interpreted. The GC is a much smaller slice of the performance pie. In native-compiled languages (Nim, D, etc), the penalty for GC can be astoundingly low. With a reference counting GC, you're essentially emulating "perfect" use of C++ unique_ptr. Nim and D are very much performance-competitive with C++ in more data-oriented scenarios that don't have hard real-time constraints, and that's with D having a stop-the-world mark-and-sweep GC. The issue then becomes compatibility with other binary interfaces, especially C and C++ libraries. | | |
| ▲ | elcritch 4 hours ago | parent | next [-] | | Definitely true! Probably add Swift to that list as well. Apple has been pushing to use Swift in WebKit in addition to C++. Actually Nim2 and Swift both use automatic reference counting which is very similar to using C++’s SharedPointer or Rusts RC/ARC. If I couldn’t use Nim I’d go for Swift probably. Rust gives me a headache mostly. However Nim is fully open source and independent. Though Nim2 does default to RC + Cycle collector memory management mode. You can turn off the cycle collector with mm:arc or atomic reference counting with mm:atomicArc. Perfect for most system applications or embedded! IMHO, most large Rust project will likely use RC or ARC types or use lots of clone calls. So performance wise it’s not gonna be too different than Nim or Swift or even D really. | | |
| ▲ | timeon 3 hours ago | parent [-] | | > IMHO, most large Rust project will likely use RC or ARC types or use lots of clone calls. So performance wise it’s not gonna be too different than Nim or Swift or even D really. I do not think so. My personal experience is that you can go far in Rust without cloning/Rc/Arc while not opting for unsafe. It is good to have it as default and use Rc/Arc only when (and especially where) needed. | | |
| ▲ | elcritch 2 hours ago | parent [-] | | Being curious I ran some basic grepping and wc on the Ion Shell project. It has about 2.19% of function declarations that use Rc or Arc in the definition. That is pretty low. Naive grepping for `&` assuming most are borrows seems (excluding &&) to be 1135 lines. Clone occurs in 62 lines for a ratio of 5.4%. Though including RC and ARC with clones and that you get about 10.30% vs `&` or borrows borrows. That's assuming a rough surrogate Rc/Arc lines to usages of Rc/Arc's. For context doing a grep for `ref object` vs `object` in my companies Nim project and its deps gives a rate of 2.92% ref objects vs value objects. Nim will use pointers to value objects in many functions. Actually seems much lower than I'd would've guessed. Overall 2.19% of Rust funcs in Ion using Rc/Arc vs 2.92% of my Nim project types using refs vs object types. So not unreasonable to hold they have similar usage of reference counting vs value types. |
|
| |
| ▲ | zie 3 hours ago | parent | prev [-] | | Agreed, but I didn't want to get to far into the details. Thanks for sharing some more details though! |
|
|
|
| ▲ | ablob 6 hours ago | parent | prev | next [-] |
| It's true for new projects.
For rewrites (such as a shell) it can mean a lot of regressions.
The rust-replacements for coreutils are a good negative example.
The new programs do not reach feature-parity, added regressions, and in some cases also had security vulnerabilities. So for battle-proved software I wouldn't say so per-se (if your goal is to replace them). Nonetheless, if you add truly new rust-code to a new or existing codebase when it's without much of hassle with the interop it should hold. |
|
| ▲ | killme2008 7 hours ago | parent | prev | next [-] |
| Yeah, that’s true — Microsoft’s report (https://www.microsoft.com/en-us/msrc/blog/2019/07/why-rust-f...) says the same thing, and Google’s recent post on Rust in Android (https://security.googleblog.com/2025/11/rust-in-android-move...) backs it up too. We’ve been using Rust for about seven years now, and as long as you stay away from fancy unsafe tricks, you really can avoid most memory safety bugs. |
|
| ▲ | 6 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | handwarmers 5 hours ago | parent | prev [-] |
| Not necessarily. "Quality" and "Security" can be tricky subjects when it comes to a shell. Rust itself is pretty great, but its HN community is made of cringe and zealotry - don't let them dissuade you from trying the language :P |
