Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We don't know how the C program would have coped. It could equally have ignored the extra config once it reached its maximum, which would cause new problems but not necessarily cause an outage. It could've returned an error and safely shut down the whole program (which would result in the same problem as Rust panicking).

What we do know is Cloudflare wrote a new program in Rust, and never tested their Rust program with too many config items.

You can't say "Rust did its job" and blame the programmer, any more than I can say "C did its job" when a programmer tells it to write to the 257th index of a 256 byte array, or "Java did its job" when some deeply buried function throws a RuntimeException, or "Python did its job" when it crashes a service that has been running for years because for the first time someone created a file whose name wasn't valid UTF-8.

Footguns are universal. Every language has them, including Rust.

You have to own the total solution, no matter which language you pick. Switching languages does not absolve you of this. TANSTAAFL.





> You can't say "Rust did its job" and blame the programmer,

You absolutely can. This is someone just calling panic in an error branch. Rust didn’t overrun the memory which would have been a real possibility here in C.

The whole point is that C could have failed in the exact same way but it would have taken extra effort to even get it to detect the issue an exit. For an error the programmer didn’t intend to handle like in this case, it likely would have just segfaulted because they wouldn’t bother to bounds check.

> TANSTAAFL

The way C could have failed here is a superset of how Rust would. Rust absolutely gives you free lunch, you just have to eat it.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: