1.8 million developers soared in 24 months, Rust ushered in a highlight moment

[CSDN editor’s note] In the past 24 months, the development has been rapid, and the number of developers has increased from 600,000 to 2.2 million. In the past, C/C++, Java, etc. were the common languages ​​of large factories. Now Rust is gradually emerging, and companies such as Google and Amazon have begun to adopt Rust. As developers skyrocket and the community contributes more and more volunteers, will the future of Rust move closer to the most popular ranks?

Original link: https://ift.tt/MB4gG8b

This article is translated by CSDN, unauthorized reproduction is prohibited.

Translator | Zhang Yuming Editor | Tu Min

Produced | CSDN (ID: CSDNnews)

In the programming language world, Rust is ushering in its own highlight moment.

According to SlashData’s 2021 Developer Report, developers programming in Rust have tripled in the past 24 months to 2.2 million. In the industry, the Rust language is also supported by many leading CISOs (Chief Information Security Officers), and the acceptance of it by enterprises is also increasing. For example, Canonical, Chef, Cloudflare, Deliveroo and other companies are using Rust. (Just a few companies listed)

Born in 1972 and 1983, respectively, C and C++ are ubiquitous as the building blocks of much modern software. But building with C and C++ is also prone to memory safety issues, which can lead to serious security vulnerabilities downstream. In contrast, Rust is a language that handles memory management and other safety-critical tasks more safely . (In Rust, the compiler acts as a gatekeeper, refusing to compile some buggy code, including concurrency errors.)

Of course, for some coders who write neat code for the sake of beauty, this isn’t too much of a concern. An analysis last month by Google’s Project Zero security research team found that 67 percent of the 58 exploited zero-day vulnerabilities discovered in 2021 were memory corruption flaws. Memory safety issues often create network security issues. It is easy to find many examples in this regard. For example, about 70% of all CVEs at Microsoft are memory safety issues. And two-thirds of Linux kernel leaks also come from security concerns.

Roughly speaking, building with Rust is not prone to these problems, and Rust developers have formed a very strong developer community who care about performance, memory safety, etc.

Many and complicated things need to be handled by the Foundation

Rust, born in 2006, is Graydon Hoare’s side project at Mozilla. As an open source project, its maintainers work mostly autonomously as volunteers. The project has been operating autonomously since Rust 1.0 was launched in 2015 – the release has 53 contributors, mostly built by Brian Anderson and Patrick Walton with Hoare.

Until 2020, with the creation of the Rust Foundation, ending Rust without an independent organization to manage it. The establishment of the Rust Foundation was finally prompted by the overall layoff of the sponsor Mozilla Foundation, which caused many people in the community to worry about the future of Rust, and the challenges faced by the community gradually became more prominent. (Rust has a total of 6621 individual contributors, with an average of 300 contributing to recent releases.)

(Rust Foundation)

The Rust Foundation itself is small, a four-person nonprofit led by Dr. Rebecca Rumbul.

Dr Rebecca Rumbul is an experienced NGO director and a former council member of the Advertising Standards Authority, a trustee of the Hansard Society and the UK representative claimant for the Privacy Collective. Rebecca Rumbul, who became CEO of the Rust Foundation in November 2021, describes the job as “building a team where, frankly, I can do all the ‘boring’ things: handle everything about law, accounting, finance, trademarks and licensing things that people don’t want to do on their break, and provide as much infrastructure and support as possible in order to reduce the maintainer community from having too much concern about project management .”

In a blog earlier this year, she detailed her recent work, from securing Rust trademark use outside the U.S., to creating, managing, and organizing legal, financial, and community-supported projects sponsored by the Rust Foundation. and administrative work.

“We still have a lot of work to do on legal, security and compliance issues,” she noted in that blog post.

And added in his conversation with The Stack: “Rust was spun off from Mozilla, and Mozilla doesn’t really plan to manage it long-term. So a lot of the basic stuff also needs us to do, like trademarks or something very rare. Legal issues. We provide the infrastructure for the development of the project, so we need to be responsible for complying with the local laws where the project is implemented. We try to strengthen the process of cooperation within the foundation and with the project community, which includes even small things to deal with , such as making sure there is an established process for when someone leaves a work group, making sure there is the right infrastructure to support it, making sure that vacancies are identified in a timely manner, being able to replace someone with the right person if someone is on vacation, managing cloud computing initiatives, etc. Also There are a few issues on top of managing complex relationships. For example, the April Rust Foundation meeting minutes show feedback from other Sliver (sponsoring) member companies that certain contributors to the Rust community are representing their employers, Large corporations, namely foundation boards, that influence the development of Rust .”

One sponsor even argued that it would be difficult for member companies to influence Rust development. At the same time, the growing ranks of Rust maintainers continue to push Rust development — for example, the language, library, and compiler teams have all recently released their schedules, with the Rust language team targeting 2024 and the compiler team 2022 years, and the library team did not specify a specific time. (But if you look inside the library team’s schedule, you can feel the complex challenges)

Like many open source projects, many key contributors are volunteers, although the Rust Foundation has “platinum” sponsors such as Google, Huawei, Meta, Microsoft, and Mozilla, which don’t seem to have allocated large sums of money to support maintenance By. However, the Rust Foundation community autonomy project, which starts in 2022, has a budget of $625,000 and will provide four types of grants. as follows:

• Rust Foundation Scholarships: One-year scholarships worth $1,000/month (20 in total).;

• Project funding: Individual awards to support independent works of $1,000 to $20,000;

• Event Support Grants: Individual awards, ranging from $100 to $500, to support the development of the event;

• Hardship Award Grants: Individual awards ranging from $500 to $1,500.

Rust’s future

As enterprise interest in Rust continues to grow, how can Rust’s corporate sponsors and foundations better support Rust development? This was answered by Mara Bos, head of the Rust library team, in a conversation with The Stack.

Funding open source, companies can not only care about their own interests

“Rust grows on a lot of volunteers doing what they love and doing what they think is best for the project. Companies should do their best to support this, not just focus on their near-term goals for Rust. There are many companies that will Sponsor a lot of money to implement their specific new feature, but very few companies will do so without a specific mission. This means a lot of work, such as organization, review, exploration, general maintenance, refactoring and cleanup, documentation , Contributor Guidelines, etc., mostly still unpaid/unsponsored.”

(Mara Bos, head of the Rust library team)

Mara Bos refers to a recent article by Go maintainer Filippo Valsorda: “To successfully fund an open source project, a company needs to fund the maintainers, and for an amount equal to what they earn as a senior engineer.” Plus, Mara Bos added Dao: “This kind of work is very important to the project, arguably more important than creating new features. Because this kind of work is a lot of work, doing some basic work that is necessary to keep the project healthy. For me, no Conditioned sponsorships allow me to maximize the benefits of the project.”

On the question of corporate sponsors trying to influence the direction of the Rust language for their own benefit, Mara Bos said: “It’s not something I care about right now. Every Rust contributor has their own goals, which is why this project has been Handle many potentially conflicting goals. If everyone involved in the decision works for the same company that managed and planned for the project in the first place, then the project is part of the company, not that they are just If the employer tries to force them to do something that is not in the best interests of the Rust project, they will be a problem. There will be resistance. If a person’s next bonus or promotion is tied to whether or not the Rust project accepts their new feature, he may feel more pressure, which may lead to more pressure on the team making the decision. By the way By the way, Rust makes decisions by consensus, not by majority vote.”

“Even if a majority of the team agrees, it’s not enough for a decision to be implemented. It requires that no member of the decision team has any objections to a permanent change in order for a decision to be accepted. Therefore, it is important to influence those who have an impact on the project. The most favorable decision is not an easy one,” Mara Bos added in an email.

In addition to working at the foundation, others are also working in other areas. For example, the DevX initiative, led by Ernest Kissiedu and Beni Issembert (initially powered by Concordium), aims to “bridging the gap between businesses that benefit from (F)OSS tools and the underserved communities that build and maintain them. ”, who not only co-founded the Rust Cryptography Interest Group, but also supported the Rust Formal Verification Interest Group and sponsored five maintainers of the Rust project for seven months.

(Josh Triplett, co-lead of the Rust language team)

Josh Triplett, co-leader of the Rust language team (and also a DevX-sponsored advisor), is excited to see the variety of efforts here. “It doesn’t make sense that sponsorship has to go through any particular organization or entity,” he said. “Many companies have been leading the way in sponsoring Rust developers for a long time, such as Embark Studios, Ockam, Discord, etc. DevX is Trying to coordinate multiple companies so they can join forces to be able to do larger scale sponsorships. The Rust Foundation started their own sponsorship work, which is very important.”

In the face of skyrocketing developers, Rust’s development path needs to be more cautious

Triplett added: ” We’re making Rust more useful, bringing tools that were previously only used internally to the wider community, and driving the Rust community to expand and collaborate. We’ve been thinking about if Rust is going to expand beyond just Twice as many users, but a hundred times as many, and they all have their own use cases, goals, and backgrounds, so what does Rust need to evolve into. I think the roadmap for 2024 should start in that direction. Rust is taking a very cautious approach , we want to hear from people who say they feel supported in Rust because it’s stable and it’s not going to break.”

On whether he would like to see more from the community, Triplett said: “There is a continuous cycle between practice and unity: we try to solve a class of problems, and over time we build around common Solutions are unified as a basis for future work.”

“Right now, I’m looking forward to being in lockstep. For example, I’m excited about the work to standardize asynchronous features in the standard library, because people can write asynchronous code without worrying about which framework they should use. The next round of experiments I’m most looking forward to is Capability-based systems such as I/O security work, Rustix libraries, WASI and its module linking…”

Persistent license issues

Meanwhile, at the Rust Foundation, questions about licensing keep popping up. “Rust is primarily released under the terms of the MIT License and the Apache License (version 2.0), and in part under various BSD-like licenses.”

Mara Bos said: “Most contributors don’t think it’s a challenge. Rust (and almost the entire Rust ecosystem) uses a very permissive license… The way open source and capitalism are incompatible is not through licensing It’s a bigger cultural change. I don’t think Rust’s license will change, even if it’s not unbelievable. Maybe we just need some clarification on the license to make it more clear Find out which clauses actually apply to which parts.” But in fact, the Rust Foundation says they’ve had many calls from enterprise users asking for clarification.

As Rebecca Rumbul put it: “My priority right now is just, do a full audit. We recognize that lack of clarity is an issue, and we get several emails a week that mention, ‘Can you tell me, If we use Y, can we do X?’ We are very lucky to have good lawyers, so we can answer individual questions. But if Rust continues to grow at this rate, these questions will follow and become unmanageable. A long way to go. In fact, I think a lot of the maintainer community is involved in a kind of working group where their expertise can be applied, but it’s not clear to me what’s going to happen.

“But the Rust Foundation has no control over maintaining the community, we exist to try and curate the language, and to ensure its continued development and success. But we also have to make sure we align with the community’s needs and understand what they want What, and how they want to do it. Some open source projects are kind of stuck because the open source community has their own ideas and their own personal/competitive power structures. If I want to force people to do something, then I’m kind of doing it for business work, isn’t it?

The text and pictures in this article are from CSDN