Unsafe at Any Speed: Tradeoffs and Values in the Rust Ecosystem

I want to make a sign on the wall that denotes $x days since someone complained about Tokio + Reqwest being bloated and&#x2F;or making their own design decisions.<p>I also want to make a campaign to direct people to ureq <i>first</i> so we stop hearing about this every other month. Reqwest is very good and worth just using IMO, but if you really care about this, ureq is pretty battle tested and a fine option for &quot;just give me a fucking HTTP client&quot;.<p>(A selfish third point but ureq needs a happy eyeballs implementation, but that&#x27;s neither here nor there I guess)<p><i>Edit: I did read the article and yes, I am commenting something slightly tangential</i>

It is great when there is a standard that works well for everyone.<p>It is great when there is competition to that bloated monopoly everyone currently uses.<p>I don&#x27;t understand my own cognitive dissonance on this topic.

&gt; or even just skipping blank lines, hyper does things its own way.<p>Ugh. IMO a bit benefit of Rust is that you can’t do wild-west-YOLO buffer twiddling without “unsafe,” so people will write better code.<p>But it really looks like httparse missed the memo.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;seanmonstar&#x2F;httparse&#x2F;blob&#x2F;v1.8.0&#x2F;src&#x2F;iter.rs">https:&#x2F;&#x2F;github.com&#x2F;seanmonstar&#x2F;httparse&#x2F;blob&#x2F;v1.8.0&#x2F;src&#x2F;iter...</a><p>iter::Bytes looks like an awkward wrapper around slices with all the safety removed. So you can port nasty C-style code right over.<p>Seriously, it should not be hard to efficiently strip a prefix off a u8 slice in safe Rust. For example, split_first.

Rust indeed does have an embarrassing excess of diversity problem, made worse by the fact that async isn&#x27;t in the standard library (outside bare minimum stuff like Future) and async libraries can&#x27;t really be async runtime neutral. (This is going to improve with async traits.)<p>It&#x27;s probably an inevitable result of Rust having a thinner standard library than Go, Java, C#, or other heavier languages. It&#x27;s supposed to be systems language after all.<p>Another reason though is that Rust is a rich language with a very powerful type system, and rich powerful languages invite programmers to show off. One of the greatest things about Go is how boring it is. It doesn&#x27;t give you a lot of room to show off by writing clever code, so instead you have to show off by making a great application. But some of this is unavoidable if you want what Rust delivers: a near-zero-overhead systems language with hard safety and automatic memory management without GC. That&#x27;s dumping a heavy load on the type system, and Rust does deliver pretty well.<p>I try to exercise discipline when writing Rust and not show off by being more clever than I need to be. I do write some hand-whittled performance code here and there in high-performance applications, but I try really hard to avoid using unsafe. I&#x27;ve found that you usually can.

There’s a small message contained in that unnecessarily long post - that maybe a popular library used for HTTP in Rust could use less unsafe.<p>There was no need for this half mocking, half condescending tone. If the author wanted an explanation for a technical decision, they could open an issue and have a conversation like an adult. Instead we’re left with their speculation that leads nowhere. They cry about the existence of some unsafe code, but don’t actually put in the effort to figure out if it can lead to a real problem like unsoundness. And somehow the title implies that they’re saying something profound about the entire rust ecosystem when they just looked at one library. It’s just innuendo, as far as I could tell.<p>Here’s a post by the maintainer of hyper about what they accomplished in 2023 and what they hope to accomplish in 2024 - <a href="https:&#x2F;&#x2F;seanmonstar.com&#x2F;blog&#x2F;2023-in-review&#x2F;" rel="nofollow">https:&#x2F;&#x2F;seanmonstar.com&#x2F;blog&#x2F;2023-in-review&#x2F;</a><p>If this work interests you, or you depend on hyper in production like many companies do, then consider sponsoring them! Or maybe you could give back to the commons by submitting PRs that fix issues you’ve found. Or even a good bug report would be appreciated.<p>But not this kind of article. This article helps no one and does nothing constructive. We all benefit from the work that open source maintainers put in. They have it hard enough without having to read low effort posts trashing their work. Be better.

&gt; Simpler is better: Complex problems require complex solutions, but we should strive for simplicity in our software. Code is a liability—less code is less that could go wrong, and less to debug when things do go wrong!<p>This seems to confuse complexity with features. If a library has 100k lines of code but the parts you use are only 1k lines of code then why is that worse than a library with 1k lines of code?<p>&gt; I want a single HTTPS connection. I don’t need persistent sessions with connection pools and cookies. I don’t need an async runtime.2 I need a glass of scotch, a socket, and a few syscalls. In the same vein,<p>That&#x27;s true right until the moment you do need them and then you need to rewrite a lot of code. Especially great fun when the thing you&#x27;re connecting to assumes everyone has this feature and you spend hours or days debugging things.<p>Modular, popular and well structured libraries with all the features one might reasonably need are my preference. Minimalism in lines of code is as much a trap as a minimalism in benchmark performance.

&gt; Do huge swaths of Rust users value vanishingly small performance gains over memory safety, in a language that prides itself on being able to provide speed and safety?<p>I mean, yeah, probably? It was meant to appeal to people who were still writing things in C&#x2F;C++, who are by definition people with those values. For general-purpose use the language was always &quot;OCaml but with vanishingly small performance gains&quot;.