Source Code: Your daily look at what matters in tech.

enterpriseenterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
Power

The programming language that wants to rescue the world from dangerous code

Rust, a language developed by Mozilla with enthusiastic backers across the software community, wants to save developers from making their biggest mistakes

One of the Rust logos

Rust is increasingly gaining momentum, as a new generation of companies start to rewrite their critical infrastructure for the cloud computing era.

Image: Mozilla/Protocol

The world's best software developers have a not-so-well-kept secret: Most of the crucial back-end systems that power the world rest on a precarious foundation of software held together with the digital equivalent of popsicle sticks and chewing gum. But they're also excited about an emerging programming language that promises something better.

For the fourth consecutive year, Rust topped Stack Overflow's 2020 survey of the "most loved" programming languages in software development, and there are some easy-to-understand reasons why. Rust was designed to prevent developers from making memory-handling mistakes that can lead to damaging (and prevalent) security flaws, and it also helps those developers figure out why their software isn't working.

That's why the language is increasingly gaining momentum, as a new generation of companies start to rewrite their critical infrastructure for the cloud computing era. AWS used Rust to build Firecracker, an open-source serverless computing platform that runs the company's strategically important Lambda and Fargate services. Dropbox rewrote some of its core systems software in Rust as part of the process of rolling out its own hardware infrastructure. And at Mozilla, where Rust was originally developed, the language was used to build the core browsing engine at the heart of Firefox.

Those companies are all hoping to avoid the security mistakes of the past. Rust may have its own issues — it's particularly difficult to learn, for instance — but it's "the industry's best chance for addressing this issue head-on," said Ryan Levick, principal cloud developer advocate at Microsoft, in a recent talk.

Lessons from the past

Over the last few decades, a huge percentage of the low-level systems software that controls the world's computers has been written in a language called C++, which was first released in 1985 and became a big part of Microsoft's product strategy. C++ is a powerful and efficient language that introduced the object-oriented programming concepts, now present in so many languages, to the seminal C language. But it has one glaring drawback.

It is very, very easy for programmers using C++ to make memory-handling mistakes. And according to Levick, over the last 15 years or so, around 70% of the security vulnerabilities in Microsoft products that required a CVE disclosure were memory-related.

Those mistakes allow malicious attackers to flood memory registers with data, creating a "buffer overflow" security problem that can overwrite data in memory registers adjacent to one program, and allow attackers to run code without the user's knowledge or consent. "C++, at its core, is not a safe language," Levick said in his talk.

By design, Rust prevents developers from making those mistakes.

"For years and years, Microsoft has been trying to get its C++ developers to use best practices and write more secure code," said Nell Shamrell-Harrington, senior staff research engineer at Mozilla and one of the people working directly on the advancement of the language. "In Rust, that security is built into the code itself."

Rust also helps developers debug their code by providing hints and pointers when their software isn't working, rather than just throwing out a vague error message, Shamrell-Harrington said. In some cases it will pinpoint the exact line of code that needs fixing, she said, saving developers a ton of time and anxiety.

The downside? Rust has a steep learning curve. "I would not recommend anybody use it as their first language, and maybe their second," Shamrell-Harrington said. Newcomers to Rust find it fairly easy to learn the basics, she said, but struggle when trying to move into the intermediate stage.

The numbers bear that out: Only 3.2% of developers surveyed by Stack Overflow actually use Rust on a regular basis. Twice as many people are still using Assembly, a low-level machine language that dates back to the 1940s. In fact, one of Shamrell-Harrington's jobs is to help produce content for the developer community that will bridge the knowledge gap and make it a more widely used language.

The one of many?

Rust is by no means the only modern programming language that provides memory safety for its users. Longtime stalwart Java offers some memory-handling protections. And Swift, Apple's iOS-friendly application development language, also puts strict boundaries around memory handling.

But they're high-level languages, which trade efficiency to gain ease of use. In comparison, Rust was designed for writing the sorts of lower-level systems software that runs the internet, offering performance at the same level provided by C++ and well beyond the capabilities of languages such as Java and Swift.

Perhaps Rust's main rival is Go, developed at Google, which is also used for system-level development and emphasizes memory safety. It's currently used more widely than Rust and is also considered easier to learn — but has less cachet among developers according to Stack Overflow's survey and lacks some of Rust's features.

As more and more business activity flows through software delivered over the internet, secure software has never been more important. If the best way to prevent 70% of serious security vulnerabilities is to adopt a programming language that makes it impossible to introduce memory-related security flaws, expect to see a lot more Rust in the future.

Protocol | China

China’s edtech crackdown isn’t what you think. Here’s why.

It's part of an attempt to fix education inequality and address a looming demographic crisis.

In the past decade, China's private tutoring market has expanded rapidly as it's been digitized and bolstered by capital.

Photo: Getty Images

Beijing's strike against the private tutoring and ed tech industry has rattled the market and led observers to try to answer one big question: What is Beijing trying to achieve?

Sweeping policy guidelines issued by the Central Committee of the Chinese Communist Party on July 24 and the State Council now mandate that existing private tutoring companies register as nonprofit organizations. Extracurricular tutoring companies will be banned from going public. Online tutoring agencies will be subject to regulatory approval.

Keep Reading Show less
Shen Lu

Shen Lu is a reporter with Protocol | China. She has spent six years covering China from inside and outside its borders. Previously, she was a fellow at Asia Society's ChinaFile and a Beijing-based producer for CNN. Her writing has appeared in Foreign Policy, The New York Times and POLITICO, among other publications. Shen Lu is a founding member of Chinese Storytellers, a community serving and elevating Chinese professionals in the global media industry.

After a year and a half of living and working through a pandemic, it's no surprise that employees are sending out stress signals at record rates. According to a 2021 study by Indeed, 52% of employees today say they feel burnt out. Over half of employees report working longer hours, and a quarter say they're unable to unplug from work.

The continued swell of reported burnout is a concerning trend for employers everywhere. Not only does it harm mental health and well-being, but it can also impact absenteeism, employee retention and — between the drain on morale and high turnover — your company culture.

Crisis management is one thing, but how do you permanently lower the temperature so your teams can recover sustainably? Companies around the world are now taking larger steps to curb burnout, with industry leaders like LinkedIn, Hootsuite and Bumble shutting down their offices for a full week to allow all employees extra time off. The CEO of Okta, worried about burnout, asked all employees to email him their vacation plans in 2021.

Keep Reading Show less
Stella Garber
Stella Garber is Trello's Head of Marketing. Stella has led Marketing at Trello for the last seven years from early stage startup all the way through its acquisition by Atlassian in 2017 and beyond. Stella was an early champion of remote work, having led remote teams for the last decade plus.

It’s soul-destroying and it uses DRM, therefore Peloton is tech

"I mean, the pedals go around if you turn off all the tech, but Peloton isn't selling a pedaling product."

Is this tech? Or is it just a bike with a screen?

Image: Peloton and Protocol

One of the breakout hits from the pandemic, besides Taylor Swift's "Folklore," has been Peloton. With upwards of 5.4 million members as of March and nearly $1.3 billion in revenue that quarter, a lot of people are turning in their gym memberships for a bike or a treadmill and a slick-looking app.

But here at Protocol, it's that slick-looking app, plus all the tech that goes into it, that matters. And that's where things got really heated during our chat this week. Is Peloton tech? Or is it just a bike with a giant tablet on it? Can all bikes be tech with a little elbow grease?

Keep Reading Show less
Karyne Levy

Karyne Levy ( @karynelevy) is the West Coast editor at Protocol. Before joining Protocol, Karyne was a senior producer at Scribd, helping to create the original content program. Prior to that she was an assigning editor at NerdWallet, a senior tech editor at Business Insider, and the assistant managing editor at CNET, where she also hosted Rumor Has It for CNET TV. She lives outside San Francisco with her wife, son and lots of pets.

Protocol | Workplace

In Silicon Valley, it’s February 2020 all over again

"We'll reopen when it's right, but right now the world is changing too much."

Tech companies are handling the delta variant in differing ways.

Photo: alvarez/Getty Images

It's still 2021, right? Because frankly, it's starting to feel like March 2020 all over again.

Google, Apple, Uber and Lyft have now all told employees they won't have to come back to the office before October as COVID-19 case counts continue to tick back up. Facebook, Google and Uber are now requiring workers to get vaccinated before coming to the office, and Twitter — also requiring vaccines — went so far as to shut down its reopened offices on Wednesday, and put future office reopenings on hold.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.
Protocol | China

Livestreaming ecommerce next battleground for China’s nationalists

Vendors for Nike and even Chinese brands were harassed for not donating enough to Henan.

Nationalists were trolling in the comment sections of livestream sessions selling products by Li-Ning, Adidas and other brands.

Collage: Weibo, Bilibili

The No. 1 rule of sales: Don't praise your competitor's product. Rule No. 2: When you are put to a loyalty test by nationalist trolls, forget the first rule.

While China continues to respond to the catastrophic flooding that has killed 99 and displaced 1.4 million people in the central province of Henan, a large group of trolls was busy doing something else: harassing ordinary sportswear sellers on China's livestream ecommerce platforms. Why? Because they determined that the brands being sold had donated too little, or too late, to the people impacted by floods.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
Latest Stories