What makes a technology transformative and how can it scale sustainably? In the first of our new series TechInformed profiles the people, ideas, technologies and firms that are disrupting the world of enterprise tech.
Our first subject is the memory safe programming language Rust, admired by both big tech and enterprises developers alike, thanks to the speed and efficiency with which it creates web assembly features where control over memory and performance is crucial.
Legend has it that one of the world’s fastest growing programming languages started with a faulty lift in a Vancouver apartment building.
Fed up with the out of order elevator in his block, Mozilla computer programmer Graydon Hoare, who lived in on 21st floor and had a lot of steps to climb, knew that the fault lay with the programming language.
The software inside devices such as elevators is often written in languages like C++ or C, which enable programmers to write code that runs very quickly and is quite compact.
However, these languages also make it easy for programmers to accidentally introduce memory bugs — errors that will cause a crash.
Memory mistakes can also open ‘back doors’ for hackers to slip in, once they realised a programme isn’t cleaning up its memory correctly: information that should have been wiped (passwords, financial info) can still be attainable given the right command, making it easy for hackers to steal.
So, Hoare opened his laptop and set to work on a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs.
Curiously named after a particularly robust plant fungi that Hoare observed was “overengineered for survival”, the Rust programme language has approximately 2.8 million users, with big tech firms such as Microsoft to Amazon viewing it as it as key to their future.
The code can now be found in chat platform Discord, Dropbox (which uses it to synchronise files to your computer) while content delivery network service giant Cloudflare is reported to use it to process more than 20% of all internet traffic.
It’s primarily used for building operating systems, kernels, device drivers and other low-level components.
Google Android estimates that using Rust has reduced vulnerabilities by about 70%: enabling all those developers who used to dedicate their time to working on bug fixes to now focus on productive new work rather than propping up old C++ code.
One of the programming language’s biggest cheerleaders has been the US government, which has been actively embracing memory safe programming languages like Rust to make its processes more secure.
Thanks to its web assembly and memory safety features, Rust has also made in-roads in the traditionally hard-to-penetrate automative sector and has been adopted by Volvo, Ford, General Motors, BMW, Bosch, Volkswagen, Toyota and many more.
Additionally, AUTOSAR, a global partnership of leading companies in the car and software industries, is investigating use cases; the Society of Automotive Engineers has also said that Rust’s safety and security features make it “a promising choice” for automotive and aerospace software systems.
Its debugging mechanisms are also making waves in finance – particularly in the crypto industry to build blockchain and Web3 solutions.
More recently quantitative finance developers have explored use cases attracted in part by the growing number of Rust tools that have been designed specifically for quantitative applications.
Rust’s popularity has continued to grow. It was originally incubated as part of Mozilla but was released more widely in 2015. In 2020, five major tech firms Microsoft, AWS, Google, Mozilla and Huawei, financed the formation of the nonprofit Rust Foundation to help maintain and manage its growth and structure.
According to the foundation’s CEO Rebecca Rumbul, its main objectives are to support volunteer coders and become the steward of the Rust programming language, “to ensure that it remains secure, sustainable and loved by as many people as possible.”
Another part of Rumbul’s role is to raise finance, she adds, when we meet in a busy press room at Open UK’s State of Open Con 24 this year. “People see me, and they run!”
Well, not everybody. Lars Bergstrom, director of Android Platform Tools and Libraries, and also chair of the Foundation’s board, announced a new Google grant of $1 million to improve Rust interoperability with C++ code in February. Microsoft also made a “no strings’ $1m donation to the Foundation this year.
Rumbul explains that the foundation operates as a nonprofit trade association. “Our corporate members pay different tiers and pay different amounts of money to sustain the language,” she says.
According to Rumbul, the foundation currently has five platinum members, a couple of gold members and 40 silver members, with the ambition to bring more into the fold, particularly from enterprises using Rust, to generate a diverse income stream.
As tech giants adopt the language, it’s fair to suggest that they’re gaining more influence, and whether that matters or not is an issue often discussed in the Rust community.
Rumbul claims that the way that membership has been structured allows for the community to have the overall say.
“They provide membership dues that keep us going but we also have director seats on the board reserved for our community as well so that we are not vulnerable to corporate capture,” she assures.
“And it doesn’t matter how many corporate members there are on the board if the community doesn’t agree with something they get the veto. It means there’s always a strong community voice in the running of the foundation,” she explains.
Supporting volunteers
Due to its open-source nature, for fifteen years the programming language relied upon the goodwill of volunteer maintainers. One of the main objectives of the foundation has been to alleviate maintainer burnout.
Founder Hoare stepped aside from the Rust project as its technical lead in 2013, reportedly after experiencing burnout – something many working as maintainers in open source who are also holding down salaried positions are mindful of.
The foundation uses a good proportion of the money it raises to support volunteer coders, offering $20,000 grants for programmers who want to work on some major feature of Rust, and “hardship” grants for contributors in short-term financial need.
It’s also funding the servers that host Rust’s code and is paying for a tech firm to be available to ensure that they run 24/7. Previously this work was done by two volunteers in their spare time.
“We also try and hire people into the ecosystem to work on the critical pieces of infrastructure that Rust simply couldn’t operate and be there for everyone. Infrastructure engineering, security engineering… these are not things that should fall on the shoulders of volunteers,” Rumbul adds.
While tech companies have traditionally understood the dynamics involved in open source, the further Rust users are from the coalface the less they understand this, explains Rumbul, but she hopes that the foundation can also act as an open-source mediator between industry and individual maintainers.
“We want enterprise to approach the foundation and not individual maintainers to tell us what they need, and we’ll see if we can arrange something. Is there a programme of sector-specific work here, for instance, can we sponsor it?”
As time goes by, she adds, and Rust becomes more embedded, there will be support companies that manage these things. “We’re slowly building up that ecosystem,” she adds.
University uptake
Another challenge has been that Rust is not that well established in academia, with ComSci students sometimes identifying their project may work better with Rust but having no means of learning the language.
“I’m hearing that not a lot of people are able to access Rust modules yet. This isn’t surprising as universities take a while to catch up, and we’re relying on individual professors to take an interest and seeing the potential and developing their own course material,” admits Rumbul.
To address this, she adds that the foundation is working with a project call Rust-Edu based out of Portland State University, which is working on course materials for open source.
European engagement
While the US government has been pushing the line that memory safe programming languages like Rust should be the default option, the UK government has not been as engaged, according to Rumbul.
“Whereas in US you have more public documents which say, ‘Yes we believe this is a good thing for the industry.’ I haven’t seen the same statements come from the UK.
“It would be great if the UK government did engage more because – as conferences like State of Open Con prove – there’s a huge open-source community here and we believe that OS is a critical digital piece of infrastructure that should be considered in the national good.”
She adds that the EU has been more receptive. While early drafts of the Cyber Resilience Act didn’t account for the dynamics involved in Open Source projects, she adds that the most recent draft (approved by the European Parliament last month) reflects the nuances of open source and tries harder not to put undue burden on individual OS software maintainers or foundations.
Subscribe to our Editor's weekly newsletter
Newsletter
Share
