Readit News logoReadit News
vkjv commented on Ask HN: What are you using Rust for in production?    · Posted by u/Elof
vkjv · 7 years ago
We are using it to write Express (node.js) middleware via Neon (https://github.com/neon-bindings/neon). This has a few key benefits:

* Progressively introduce Rust instead of replacing entire applications (Rust really shines in this area)

* Leverage node's strong HTTP and routing story while waiting for this to stabilize in Rust

* Leverage existing tooling for APM, config management, etc.

For example, one middleware verifies the request body with a signature from a header. Another one parses the body from a `Buffer` to JSON, transforms, and serializes as protobuf.

Deleted Comment

vkjv commented on Mundane: Rust cryptography library backed by BoringSSL   github.com/google/mundane... · Posted by u/briansmith
QuinnWilton · 7 years ago
The repo includes a DESIGN.md file that describes the design motivations for the library, and it's definitely worth reading. It goes through a few really powerful techniques for writing misuse-resistant APIs, and I think some of its advice is applicable to good software engineering in general.

https://github.com/google/mundane/blob/master/DESIGN.md

In particular, their use of the type system to expose opaque types that only allow meaningful operations on them is something that I've seen used to great effect in other statically typed languages, like Haskell.

vkjv · 7 years ago
The `miscreant` library also does this: https://github.com/miscreant/miscreant. It's really effective. For example, any method that requires a one time pad takes ownership. This allows the borrow checker to validate that you don't accidentally use an OTP more than once.
vkjv commented on Rust can be difficult to learn and frustrating, but it's also very exciting   influxdata.com/blog/rust-... · Posted by u/pauldix
weberc2 · 7 years ago
I’m shocked that Rust only gave you a 2X improvement over Python (I’ve rewritten a handful of Python services to Go and typically see 100-1000X improvement). What is the bottleneck? Was scaling horizontally an option?
vkjv · 7 years ago
Interestingly, I was able to get an amazing speed improvement without going completely to Rust.

I didn't want to port APM code as well, so I kept node.js/express for routing. Very simple middleware that immediately passed the request and body buffer to Rust for handling. Rust returned a buffer back to express for sending the response.

It's easily able to hit 100k RPM on a single instance before hitting a CPU bottleneck in the Rust code (validating an RSA signature). It only needs to handle 90k RPM total.

vkjv commented on 3factor apps: a pattern for fast iteration, resilience and high scalability   3factor.app/... · Posted by u/tirumaraiselvan
orev · 7 years ago
“3factor” strikes me as a bad name. In IT, 2-factor universally refers to login security/multi-factor login. “3factor” sounds like you’re adding another security method to the login screen.
vkjv · 7 years ago
It's a play on "The Twelve-Factor App" https://12factor.net.

https://3factor.app/#comparison-to-12factornet

vkjv commented on OOP Is Dead, Long Live OOP   gamedev.net/blogs/entry/2... · Posted by u/starbugs
loup-vaillant · 7 years ago
Give it up. Mocks are mostly useless.

If you want testable code, the first step is to separate computations from effects. Most of your program should be immutable. Ideally you'd have a mostly functional core, used by an imperative shell.

Now to test a function, you just give it inputs, and check the outputs. Simple as that.

Oh you're worried that your function might use some other function, and you still want to test it in isolation? I said give it up. Instead, test that other function first, and when you're confident it's bug free (at least for the relevant use cases), then test your first function.

And in the rare cases where you still need to inject dependencies, remember that most languages support some form of currying.

vkjv · 7 years ago
This. I'll also add that in the world of things like Docker and [Insert]CI you don't need to mock most external dependencies like databases.
vkjv commented on How I Faked My Way to the Top of Paris Fashion Week [video]   youtube.com/watch?v=jolbY... · Posted by u/tlrobinson
ryandrake · 7 years ago
Ive always truly believed that gullibility was one of humanity’s biggest, most exploitable weaknesses, if not the biggest. You can fake your way into almost anything with confidence and basic acting. I’m reminded of the folk wisdom about simply holding a clipboard and acting like you belong can get you into private areas of 90% of companies. All the fraud people fall for, all the scams, obvious phishing, you’d think we’d start educating people to be more skeptical/cynical but it keeps happening.

When I was much, much younger back in the 90s and obsessed with video games, I faked my way into one of the major industry gatherings which I won’t name, simply by pretending to be a “games journalist” and acting the part. A pack of fun looking business cards, a fake web site, and a cheap silk shirt was all it took. It’s incedible what people believe if you don’t break the air of sincerity. This was a harmless prank, but I can see how tempting it is to use this power for evil, and it’s evidenced by the fact that so much fraud continues to be successful.

How, besides education, do we turn off this trust-by-default gene? It’s really an evolutionary dead end.

vkjv · 7 years ago
It's interesting that this went _beyond_ a prank. Almost the definition of "fake it until you make it."
vkjv commented on What's a senior engineer's job?   jvns.ca/blog/senior-engin... · Posted by u/akshaykumar90
vkjv · 7 years ago
> "...review design docs"

In my opinion, one of the most important and most difficult parts of the job. Architecture and design shouldn't be limited to senior engineers--it won't be in practice, anyway. Doing so is a sure fire way to stilt the growth of your team.

But, reviewing designs is hard. It requires recapturing much of the context that the engineer gathered in a very short period of time. I also find it sometimes difficult to separate, "this is a fatal design flaw" from "this isn't how I would do it." I really like the suggestion of providing feedback via additional information.

Mistakes are a very important part of learning. I try to make sure everyone has the opportunity to make their own instead of making mine.

vkjv commented on Rust: rename 'unsafe' to 'trusted.' (2014)   github.com/rust-lang/rfcs... · Posted by u/protomikron
steveklabnik · 7 years ago
I agree :p

I don’t think it’s that big of a deal, though people do sometimes still misunderstand. Every language has warts. This isn’t a huge one.

vkjv · 7 years ago
I like the use of "unsafe" for something that you don't want to reach for first. Those who are new get a very clear warning and those who aren't have had the opportunity to understand the nuances.

React uses the term "danger" to express a similar concept. You are trusting this value to already have been sanitized / escaped.

https://reactjs.org/docs/dom-elements.html#dangerouslysetinn...

¯\_(ツ)_/¯ I don't actually feel that strongly about a keyword that is used sparingly.

Aside: Thanks for everything you do for Rust and the community!

vkjv commented on Another Victim of the Magecart Assault Emerges: Newegg   riskiq.com/blog/labs/mage... · Posted by u/GraemeL
vkjv · 7 years ago
Unfortunately, PCI does not put very many restrictions on the parent website. If credit card elements are in an iFrame, the parent site is excluded from most requirements because the iFrame is "secure."

Of course, if you own the parent site you can replace the iFrame with anything you want.

vkjv · 7 years ago
FWIW, I just checked and they don't use an iFrame approach. This means their entire checkout page must be in scope for SAQ-D.
v

u/vkjv

KarmaCake day792January 16, 2014View Original