Power

The programming language that wants to rescue the world from dangerous code

Rust, a language developed by Mozilla with enthusiastic backers across the software community, wants to save developers from making their biggest mistakes

One of the Rust logos

Rust is increasingly gaining momentum, as a new generation of companies start to rewrite their critical infrastructure for the cloud computing era.

Image: Mozilla/Protocol

The world's best software developers have a not-so-well-kept secret: Most of the crucial back-end systems that power the world rest on a precarious foundation of software held together with the digital equivalent of popsicle sticks and chewing gum. But they're also excited about an emerging programming language that promises something better.

For the fourth consecutive year, Rust topped Stack Overflow's 2020 survey of the "most loved" programming languages in software development, and there are some easy-to-understand reasons why. Rust was designed to prevent developers from making memory-handling mistakes that can lead to damaging (and prevalent) security flaws, and it also helps those developers figure out why their software isn't working.

That's why the language is increasingly gaining momentum, as a new generation of companies start to rewrite their critical infrastructure for the cloud computing era. AWS used Rust to build Firecracker, an open-source serverless computing platform that runs the company's strategically important Lambda and Fargate services. Dropbox rewrote some of its core systems software in Rust as part of the process of rolling out its own hardware infrastructure. And at Mozilla, where Rust was originally developed, the language was used to build the core browsing engine at the heart of Firefox.

Those companies are all hoping to avoid the security mistakes of the past. Rust may have its own issues — it's particularly difficult to learn, for instance — but it's "the industry's best chance for addressing this issue head-on," said Ryan Levick, principal cloud developer advocate at Microsoft, in a recent talk.

Lessons from the past

Over the last few decades, a huge percentage of the low-level systems software that controls the world's computers has been written in a language called C++, which was first released in 1985 and became a big part of Microsoft's product strategy. C++ is a powerful and efficient language that introduced the object-oriented programming concepts, now present in so many languages, to the seminal C language. But it has one glaring drawback.

It is very, very easy for programmers using C++ to make memory-handling mistakes. And according to Levick, over the last 15 years or so, around 70% of the security vulnerabilities in Microsoft products that required a CVE disclosure were memory-related.

Those mistakes allow malicious attackers to flood memory registers with data, creating a "buffer overflow" security problem that can overwrite data in memory registers adjacent to one program, and allow attackers to run code without the user's knowledge or consent. "C++, at its core, is not a safe language," Levick said in his talk.

By design, Rust prevents developers from making those mistakes.

"For years and years, Microsoft has been trying to get its C++ developers to use best practices and write more secure code," said Nell Shamrell-Harrington, senior staff research engineer at Mozilla and one of the people working directly on the advancement of the language. "In Rust, that security is built into the code itself."

Rust also helps developers debug their code by providing hints and pointers when their software isn't working, rather than just throwing out a vague error message, Shamrell-Harrington said. In some cases it will pinpoint the exact line of code that needs fixing, she said, saving developers a ton of time and anxiety.

The downside? Rust has a steep learning curve. "I would not recommend anybody use it as their first language, and maybe their second," Shamrell-Harrington said. Newcomers to Rust find it fairly easy to learn the basics, she said, but struggle when trying to move into the intermediate stage.

The numbers bear that out: Only 3.2% of developers surveyed by Stack Overflow actually use Rust on a regular basis. Twice as many people are still using Assembly, a low-level machine language that dates back to the 1940s. In fact, one of Shamrell-Harrington's jobs is to help produce content for the developer community that will bridge the knowledge gap and make it a more widely used language.

The one of many?

Rust is by no means the only modern programming language that provides memory safety for its users. Longtime stalwart Java offers some memory-handling protections. And Swift, Apple's iOS-friendly application development language, also puts strict boundaries around memory handling.

But they're high-level languages, which trade efficiency to gain ease of use. In comparison, Rust was designed for writing the sorts of lower-level systems software that runs the internet, offering performance at the same level provided by C++ and well beyond the capabilities of languages such as Java and Swift.

Perhaps Rust's main rival is Go, developed at Google, which is also used for system-level development and emphasizes memory safety. It's currently used more widely than Rust and is also considered easier to learn — but has less cachet among developers according to Stack Overflow's survey and lacks some of Rust's features.

As more and more business activity flows through software delivered over the internet, secure software has never been more important. If the best way to prevent 70% of serious security vulnerabilities is to adopt a programming language that makes it impossible to introduce memory-related security flaws, expect to see a lot more Rust in the future.

Protocol | Fintech

How European fintech startup N26 is preparing for U.S. regulations

"There's a lot more scrutiny being placed on fintech. We are definitely mindful of it."

In an interview with Protocol, Stephanie Balint, N26's U.S. general manager, discussed the company's approach to regulations in the U.S.

Photo: N26

N26's monster $900 million funding round announced Monday underlined the German startup's momentum in the digital banking market.

Stephanie Balint, N26's U.S. general manager, said the funding will be used for expansion and also to improve "our core offering to make this the most reliable bank that our customers can trust," she told Protocol.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

The way we work has fundamentally changed. COVID-19 upended business dealings and office work processes, putting into hyperdrive a move towards digital collaboration platforms that allow teams to streamline processes and communicate from anywhere. According to the International Data Corporation, the revenue for worldwide collaboration applications increased 32.9 percent from 2019 to 2020, reaching $22.6 billion; it's expected to become a $50.7 billion industry by 2025.

"While consumers and early adopter businesses had widely embraced collaborative applications prior to the pandemic, the market saw five years' worth of new users in the first six months of 2020," said Wayne Kurtzman, research director of social and collaboration at IDC. "This has cemented collaboration, at least to some extent, for every business, large and small."

Keep Reading Show less
Kate Silver

Kate Silver is an award-winning reporter and editor with 15-plus years of journalism experience. Based in Chicago, she specializes in feature and business reporting. Kate's reporting has appeared in the Washington Post, The Chicago Tribune, The Atlantic's CityLab, Atlas Obscura, The Telegraph and many other outlets.

Apple’s new MacBooks are the future — and the past

After years of reinventing the wheel, Apple's back to just building really good ones.

Apple brought back the ports.

Photo: Apple

The 2015 Pro was, by most accounts, one of the best laptops Apple ever made. It was fast and functional, and it had a great screen, a MagSafe charger, plenty of ports, a great keyboard and solid battery life. If you walked around practically any office in Silicon Valley, you'd see Pros everywhere.

Many of those users have been holding on to their increasingly old and dusty 2015 Pros, too, because right about when that computer came out was when Apple seemed to lose its way in the laptop market. It released the 12-inch MacBook, an incredibly thin and light computer that made a bunch of changes — a new keyboard and trackpad design chief among them — that eventually made their way around the rest of the MacBook lineup. Then came the Touch Bar, Apple's attempt to build an entirely new user interface into a laptop.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Image: Christopher T. Fong/Protocol

Imagine a company where there are no meetings — just time for deep, focused work punctuated by short conversations on Slack and project updates on Trello.

Now imagine a company where the no-meeting ethos is so ingrained that it's possible to work there for 10 years without ever speaking face-to-face with a single coworker, and for your boss to not even recognize the sound of your voice.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Workplace

#AppleToo activist says Apple fired her for deleting apps from her devices

Janneke Parrish says she was dismissed after deleting Robinhood, Pokemon Go and Google Drive from her work devices during an investigation inside the company.

The Apple Too movement is trying to organize Apple workers into a collective movement.
Photo: Bloomberg via Getty

Unlike most other companies, Apple asks that its employees use their work phones like personal ones — and for five years, Apple program manager Janneke Parrish did as she was told. But last week, when Apple asked Parrish for her devices in an internal investigation, she was afraid Apple would see her personal and private information. She disobeyed orders and deleted apps like Robinhood, Pokemon Go and Google Drive. Then Apple fired her.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email: akramer@protocol.com), where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Latest Stories