←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 1 comments | 12 Dec 25 12:35 UTC | HN request time: 0.403s | source
Show context
epolanski ◴[12 Dec 25 12:55 UTC] No.46243675[source]
If Rust helps with their pains and they like Rust this seems very sensible.

That's exactly why we have different languages and tools, because they adapt differently to different projects, teams and problems.

But as soon as you get into the silly "tool X is better period" arguments, then all the nuance of choosing the right tool for the job is lost.

replies(8): >>46243722 #>>46244465 #>>46244778 #>>46245023 #>>46245269 #>>46245325 #>>46246309 #>>46250138 #
dingdingdang ◴[12 Dec 25 13:02 UTC] No.46243722[source]
Sensible take, thank you. When HN get these "our project: from x to y language" frontpage stories I am always thinking that it would be far more exciting with "our project: 38.2% smaller code base by optimizing our dependency use", "our project: performance optimized by 16.4% by basic profiler use" or similar!
replies(4): >>46244428 #>>46244440 #>>46244501 #>>46244694 #
morkalork ◴[12 Dec 25 14:28 UTC] No.46244440[source]
Is the trade off here having more secure code in exchange for added complexity/difficulty? This is a real question, has the Tor code itself been exploited by bad actors before? All the incedences I've seen in the news were some other software running over tor that would be exploited to phone home or give up user data.
replies(1): >>46246041 #
uecker ◴[12 Dec 25 17:02 UTC] No.46246041[source]
It seems they worry about it, which I can understand. But now with Rust I worry about about new logic bugs, supply chain issues, and lack of proper security updates.
replies(1): >>46246797 #
steveklabnik ◴[12 Dec 25 18:07 UTC] No.46246797[source]
Well, given that this has been going on for years, you can already start to empirically evaluate that question.
replies(1): >>46246940 #
yjdiquhf ◴[12 Dec 25 18:18 UTC] No.46246940[source]
> (So far, it's a not-very-complete client. But watch this space!)
replies(1): >>46247052 #
steveklabnik ◴[12 Dec 25 18:27 UTC] No.46247052[source]
Yes, it's a beginning not the end.

Or, you could look at other projects who have been using Rust for many years, and consider these factors there too. The folks who have have generally concluded the opposite.

replies(3): >>46247083 #>>46248494 #>>46252883 #
1. steveklabnik ◴[12 Dec 25 20:40 UTC] No.46248629[source]
Do you think the sibling comment was flagged to "protect me" whatever that means, or is it because "Are you high on Prozac?" is not really a productive comment?

EDIT: And now that I've scrolled down, I see you've left this comment many times as random replies. I'm sure those will get flagged, but for spam reasons, not due to some grand conspiracy.