Stories
Slash Boxes
Comments

SoylentNews is people

I Am Done with Open Source': Developer of Rust Actix Web Framework Quits, Appoints New Maintainer

posted by Fnord666 on Thursday January 23 2020, @05:23PM   Printer-friendly
from the take-my-repo-and-go-home dept.

Arthur T Knackerbracket has found the following story:

The maintainer of the Actix web framework, written in Rust, has quit the project after complaining of a toxic web community - although over 100 Actix users have since signed a letter of support for him.

Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim.

The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code. In Rust, there is the concept of safe and unsafe. Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

Actix is top of the Techempower benchmarks on some tests

Original Submission

 
This discussion has been archived. No new comments can be posted.
I Am Done with Open Source': Developer of Rust Actix Web Framework Quits, Appoints New Maintainer | Log In/Create an Account | Top | 55 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by barbara hudson on Thursday January 23 2020, @11:40PM (4 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Thursday January 23 2020, @11:40PM (#947677) Journal
    It's the web - like the old Corvair, unsafe at any speed. You want safer, you need to go lower level. When I wrote common gateway interface code in c, I would count the incoming bytes in real time. Exceed the byte count by even 1 byte, you got redirected to one of a select list of disgusting sites. Could have monitored it down to the number of bytes per variable, but back in those days the favourite trick was to go for a buffer overrun. This made it impossible, but you don't see people implementing it because they're too lazy. They'll let a scripting language load a crap ton of data because they figure security is something the web server and scripting language should handle.

    Fun fact - pho also allowed you to open the socket and read the bytes directly, parsing them in real time, to make sure nobody tried to do a buffer overflow, but again nobody does it, then bitches over buffer over/underruns.

    There's nothing inherently wrong or unsafe with c if you are willing to put the work in. Too bad most devs don't even know what's possible, never mind how.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by coolgopher on Friday January 24 2020, @12:49AM (3 children)

    by coolgopher (1157) on Friday January 24 2020, @12:49AM (#947711)

    CGI sounds classier when spelled out.

    • (Score: 3, Insightful) by barbara hudson on Friday January 24 2020, @01:49AM (2 children)

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Friday January 24 2020, @01:49AM (#947749) Journal

      CGI sounds classier when spelled out.

      But then people will confuse it with computer-generated images. Now maybe some of them will go "WTF is Common Gateway Interface [wikipedia.org]" and consider the possibilities thereof? And how you don't need any special web framework or scripting language - just code that can read from stdin and write to stdout.

      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

      • (Score: 2) by coolgopher on Friday January 24 2020, @02:13AM (1 child)

        by coolgopher (1157) on Friday January 24 2020, @02:13AM (#947761)

        Yeah but as soon as the kids see the spec is from 93 they'll tune out...

        How's support for cgi these days anyway? I'm still keeping an apache2 around that handles my cgi needs, though most other bits are handled by nginx.

        • (Score: 2) by barbara hudson on Friday January 24 2020, @02:31AM

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Friday January 24 2020, @02:31AM (#947772) Journal
          Still works. So does any software that can open a port and listen in on it. You can write your own multithreaded server. I did it in c of my former employer, but you can do it in pretty much any languages that supports threads (though your performance will be shitty by comparison).
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.