Most active commenters
  • ericyd(3)

←back to thread

OpenVMM – A New VMM for Windows and Linux, Written in Rust

(github.com)
171 points g0xA52A2A | 24 comments | 17 Oct 24 05:42 UTC | HN request time: 0.559s | source | bottom
1. ericyd ◴[17 Oct 24 13:05 UTC] No.41869293[source]
Thank God this VMM is written in Rust, otherwise I would be very skeptical. I don't care about features or purpose or technical advantages, give me Rust or give me death.
replies(4): >>41869380 #>>41869386 #>>41871253 #>>41873298 #
2. jeroenhd ◴[17 Oct 24 13:16 UTC] No.41869380[source]
When it comes to low-level, security sensitive software like this, I actually do value the software being written in a relatively safe language.

Could Rust, could be C# for all I care.

replies(2): >>41870723 #>>41871618 #
3. mcflubbins ◴[17 Oct 24 13:17 UTC] No.41869386[source]
For real, I find it so odd to tack on "written in Rust" to every new project that's announced that uses Rust. (As someone who uses Rust in their day job)
replies(6): >>41869445 #>>41869678 #>>41869752 #>>41869857 #>>41870126 #>>41874582 #
4. RamRodification ◴[17 Oct 24 13:24 UTC] No.41869445[source]
As someone who does no programming at all, I can say that it kinda works.

It makes me think "Ok they have made a VMM again, but this time in that somehow safer programming language Rust. They probably know what they're doing so it will be just as good as the old one, only safer!".

I know enough to know that this is not necessarily true, but when I see these posts I always hope that it's true (and rely on people with the proper knowledge and experience to verify if it is or isn't).

Then I go to the comments and there is often a discussion about how a rewrite will probably be less secure because it will introduce new bugs. But then maybe those will be fixed and eventually it will just be a more secure version.

5. poincaredisk ◴[17 Oct 24 13:52 UTC] No.41869678[source]
I consider a language mature, when it's developers stop feeling the need to list "written in X" in the features section of the repository/main page.
replies(1): >>41869781 #
6. systems ◴[17 Oct 24 13:59 UTC] No.41869752[source]
because languages matter more than people like to admit

yes you can write OOP in C , but please don't

and you can write fp code in Java .. this one I am not so sure about, but I would say its still better to just use scala or clojure if you must JVM, and use just use ocaml and drop the no-tail-call-optimization-jvm

the point is .. languages matter

7. orangeboats ◴[17 Oct 24 14:03 UTC] No.41869781{3}[source]
That'd be a poor criteria. C++ is now an immature language:

Show HN: Comprehensive inter-process communication (IPC) toolkit in modern C++ (2024) https://news.ycombinator.com/item?id=40028118

replies(1): >>41871049 #
8. kayo_20211030 ◴[17 Oct 24 14:11 UTC] No.41869857[source]
You're right. It does smack a little bit of insecurity (phycological, not in the CS sense). But, "blah blah blah `written by AI`" transmits a different signal than "blah blah blah `written in Rust`", at least for now.
9. aniviacat ◴[17 Oct 24 14:41 UTC] No.41870126[source]
"Written in Rust" to me implied that they're willing to go with a modern tech stack.

When I see that a project is written in Rust I assume that beyond the language, their other technology/library/framework choices also tend torwards what is modern and unstable, rather than what is conventional and solid.

That information is relevant to shaping one's view of a project. I think it makes sense to mention that you're using a modern stack.

(Though Rust is already close to moving into the conventional/solid category.)

replies(3): >>41870513 #>>41870616 #>>41870846 #
10. Ar-Curunir ◴[17 Oct 24 15:23 UTC] No.41870513{3}[source]
Traditionally this would have been written in something like C, which, while conventional, is hardly solid in security-sensitive contexts like this one.
11. tourmalinetaco ◴[17 Oct 24 15:33 UTC] No.41870616{3}[source]
I also tend to think “will lack long term support”, as I’ve seen many Rust projects where the OG devs move on to other projects. It’s fine to do that of course, but when I see “X but written in Rust” I read it as “I made this as an exercise” and not “I am making a full attempt to replace this other project”.
replies(1): >>41871114 #
12. sitkack ◴[17 Oct 24 15:43 UTC] No.41870723[source]
Rust's safety properties are vastly better than C#, memory safety is the barrier to entry.
replies(1): >>41871631 #
13. estebank ◴[17 Oct 24 15:55 UTC] No.41870846{3}[source]
Why is there a conflation between "modern" and "unstable", and "conventional" and "solid"? I've seen plenty of conventional things that are not solid, and plenty of modern things that were far from unstable. Or maybe I have a different threshold for what modern is.

Beyond your parenthetical, what about Rust is unstable for you today? It would be interesting to me to hear that in order to see if the things that come to mind when hearing that are the same that you meant.

replies(1): >>41880891 #
14. wrs ◴[17 Oct 24 16:16 UTC] No.41871049{4}[source]
Considering the continual revisions in C++ of fundamental things like pointers and strings, arguably this is not incorrect…
15. lupusreal ◴[17 Oct 24 16:24 UTC] No.41871114{4}[source]
That's my read too. The "Written in X" suffix to project announcements makes them sound like stunts done for attention or clout, regardless of the language used. It reads like a headline "Man travels across America, with a unicycle."
16. Sytten ◴[17 Oct 24 16:41 UTC] No.41871253[source]
Those comments really are getting old. Each HN post with rust in the title seem to have that snarky comment that get a bunch of upvotes.

I get that some people are annoyed, but can we stay on topic. As technologist we should strive to written better software, rust is a good tool for low-level components, that's it.

replies(1): >>41874447 #
17. hulitu ◴[17 Oct 24 17:22 UTC] No.41871618[source]
> When it comes to low-level, security sensitive software like this, I actually do value the software being written in a relatively safe language.

When it comes to low-level, security sensitive software like this, I actually do value the software being tested extensively. Bugs are bugs even if they are written in C, Rust, Ada, Elixir, Lisp or whatever language you like.

replies(1): >>41872870 #
18. hulitu ◴[17 Oct 24 17:22 UTC] No.41871631{3}[source]
(i've heard) unless you use unsafe. /s
19. touisteur ◴[17 Oct 24 19:20 UTC] No.41872870{3}[source]
Next level of this thread is with formal proof (e.g. SPARK). Left to the reader to complete the paragraph.
20. knowitnone ◴[17 Oct 24 20:13 UTC] No.41873298[source]
You might not care for Rust but other people do. There is this concept called selling point where one highlight something of significance that helps one stand out from the rest. But you do you and if you find yourself running any program written in Rust, you would be a hypocrite.
replies(1): >>41874474 #
21. ericyd ◴[17 Oct 24 22:28 UTC] No.41874447[source]
My frustration comes from seeing posts with no obvious merit other than the language they are written in. If that's the most compelling feature of your software then I don't care too see it on the homepage. Writing compelling headlines is hard, but it's part of marketing. My comment could probably have been more thoughtful, but I'd like to encourage people to submit better headlines which highlight their software's differentiating features.
22. ericyd ◴[17 Oct 24 22:31 UTC] No.41874474[source]
I absolutely do use software written in rust and I do so because of its superior feature set or user experience. The fact that it's written in rust has so relevance to my interest in new software. If the defining feature is something that rust is known for like memory safety then say that in the headline instead.
23. lsllc ◴[17 Oct 24 22:45 UTC] No.41874582[source]
I sort of see "written in Rust" as a feature. I guess they could say "memory safe implementation" but I suspect they'd also say "written in Ada" if it was in fact written in Ada as an example of another safe language.
24. zifpanachr23 ◴[18 Oct 24 16:24 UTC] No.41880891{4}[source]
First of all, there's no spec, no stable ABI, etc etc etc. And the language is constantly adding new features and complexities.

In practical terms and in this case it probably doesn't matter, but that is what people are talking about when they say it's both modern and unstable. It's not entirely unreasonable.

Note that "unstable" doesn't necessarily mean "broken". It just means that the ecosystem is likely to have changed massively looking back at code written today from some theoretical vantage point 5 years in the future.