Rust is not currently ranked highly on programming language popularity indices like PYPL and TIOBE, but it is a rising star in the software development world.
Growing out of a personal project started by Graydon Hoare in 2006, Rust is a programming language that focuses on performance, and guaranteeing memory- and thread-safety.
This not only helps catch many types of bugs when code is being compiled into a program or software library, but it also reduces the risk of critical security vulnerabilities which frequently rely on memory handling bugs.
Rust has operated under the umbrella of Mozilla Research and is currently establishing its own foundation.
Facebook also started hiring Rust compiler and library engineers last year.
Discord, a communications platform popular with gamers, said in a blog post published early last year that it uses Rust in its client application for its video encoding pipeline, as well as on its server side.
The company said that it switched from using Google’s Go programming language to Rust due to performance problems it found in its “Read States” component. Read States in Discord keeps track of the channels and messages you have read.
Retrenchments at Mozilla, uncertainty
Discord’s blog post came just months before Mozilla retrenched around 250 people from the company. These lay-offs affected various teams within Mozilla, including those working on Firefox and Rust.
“Our pre-COVID plan for 2020 included a great deal of change already: building a better internet by creating new kinds of value in Firefox; investing in innovation and creating new products; and adjusting our finances to ensure stability over the long term,” Mozilla CEO Mitchell Baker wrote at the time.
“Economic conditions resulting from the global pandemic have significantly impacted our revenue. As a result, our pre-COVID plan was no longer workable.”
Following the retrenchments, the Rust core team and Mozilla announced plans to create a Rust foundation.
The foundation will take ownership of the trademarks and domain names associated with Rust, Cargo, and crates.io, and will also take financial responsibility for the costs they incur.
While the lay-offs at Mozilla stirred speculation and caused some uncertainty regarding the future of Rust, the big tech companies of Silicon Valley continued to support the language.
One of Rust’s core team members, Nicholas Matsakis, posted at the end of last year that he was leaving Mozilla to start a new job as tech lead of the new Rust team at Amazon.
Amazon has stated that Rust helps its web services teams write highly performant, safe infrastructure-level networking and other systems software.
“Amazon’s first notable product built with Rust, Firecracker, launched publicly in 2018 and provides the open source virtualization technology that powers AWS Lambda and other serverless offerings,” the company said.
“We also use Rust to deliver services such as Amazon Simple Storage Service, Amazon Elastic Compute Cloud, Amazon CloudFront, Amazon Route 53, and more.”
Using Rust to rewrite critical security module for Apache webserver software
The Internet Security Research Group (ISRG), which looks after projects like the free and open Let’s Encrypt security certificate authority, recently announced that it was embarking on a project to rewrite an important security module for the widely used Apache webserver (httpd) in Rust.
“One of the biggest issues with httpd is the fact that it’s written in C, which is not a memory-safe language. Memory safety issues dominate its list of security vulnerabilities,” ISRG stated.
“Rewriting httpd from scratch or moving its users to a memory-safe alternative would be incredibly difficult, but fortunately we can tackle httpd’s memory safety problem incrementally.”
It will begin with a new Transport Layer Security (TLS) module for httpd called mod_tls.
Transport Layer Security is the protocol that encrypts web traffic between your browser and the web server. It is often represented as the lock icon in your URL bar when you connect to a site that supports encryption.
“The new module will use the excellent Rustls library for TLS instead of OpenSSL,” said the ISRG. “We hope that someday mod_tls will replace mod_ssl as the default in httpd.”
ISRG said that it has contracted Stefan Eissing of Greenbytes, who also contributes to the httpd project, to do the work on mod_tls with funding provided by Google.
“We currently live in a world where deploying a few million lines of C code on a network edge to handle requests is standard practice, despite all of the evidence we have that such behaviour is unsafe,” ISRG stated.
“Our industry needs to get to a place where deploying code that isn’t memory safe to handle network traffic is widely understood to be dangerous and irresponsible. People need memory safe software that suits their needs to be available to them though, and that’s why we’re getting to work.”
As of February 2021, Rust was ranked 16th on PYPL, which bases its index on Google Trends data looking at how much tutorials for a language was searched.
On the TIOBE index for February 2021, Rust is ranked 30th (down from 26th in January). The ratings are based on the number of skilled engineers world-wide, courses, and third-party vendors.