It makes total sense that new C++ will contain a higher percentage of bugs than old C++, but after being an almost full time Rust dev for the last two years, you will not convince me that new Rust code has more bugs than old C++ code.

So far I have yet to come across a bug in any of my Rust code that made it into production. All issue reports from users are still related to the C++ code base that we haven’t managed to fully divorce from.

The only advantage to C++ interop is that managers want to see new code get deployed immediately and continuously. They don’t want to wait until the corporation’s billions (literally) of lines of code are all rewritten in a new language before they start to see the benefits of that transition.

I don’t doubt that in this case it’s both silly and unacceptable that their driver was having this catastrophic failure, and it was probably caused by systemic failure at the company, likely driven by hubris and/or cost-cutting measures.

Although I wouldn’t take it as a given that the system should be allowed to continue if the anti-virus doesn’t load properly more generally.

For an enterprise business system, it’s entirely plausible that if a crucial anti-virus driver can’t load properly then the system itself may be compromised by malware, or at the very least the system may be unacceptably vulnerable to malware if it’s allowed to finish booting. At that point the risk of harm that may come from allowing the system to continue booting could outweigh the cost of demanding manual intervention.

In this specific case, given the scale and fallout of the failure, it probably would’ve been preferable to let the system continue booting to a point where it could receive a new update, but all I’m saying is that I’m not surprised more generally that an OS just goes ahead and treats an anti-virus driver failure at BSOD worthy.

Rust makes sense though.

When talking about the driver level, you can’t always just proceed to the next thing when an error happens.

Imagine if you went in for open heart surgery but the doctor forgot to put in the new valve while he was in there. He can’t just stitch you up and tell you to get on with it, you’ll be bleeding away inside.

In this specific case we’re talking about security for business devices and critical infrastructure. If a security driver is compromised, in a lot of cases it may legitimately be better for the computer to not run at all, because a security compromise could mean it’s open season for hackers on your sensitive device. We’ve seen hospitals held random, we’ve seen customer data swiped from major businesses. A day of downtime is arguably better than those outcomes.

The real answer here is crowdstrike needs a more reliable CI/CD pipeline. A failure of this magnitude is inexcusable and represents a major systemic failure in their development process. But the OS crashing as a result of that systemic failure may actually be the most reasonable desirable outcome compared to any other possible outcome.

Thanks for your candid views on this.

To be clear, our interest in subsistence farming is not intended to do anything to solve the problems we’re facing as a society. It’s an attempt to figure out how we might try to survive locally after the global supply chains collapse. We’re particularly researching what crops might be viable in a landscape that has been reshaped by the changing climate. Additionally we’re studying everything we can about community organizing and systems of self-governance that promote collaboration over individual greed.

This might all sound defeatist to someone like yourself who is still committed to fighting the good fight, but we see it as a contingency plan that our community’s ability to survive may depend on in the future.

I really admire that you’re committed to recycling and waste reduction. Do you have any resources you’d recommend for me to learn more about what’s going on in that space and what’s being done to combat the acceleration of plastic and electronics waste?

I know it’s “not your job” to educate me, but everything I can find on the topic suggests that we don’t have a viable path to manage the accelerating growth of waste, and we don’t have very effective systems for recycling, so even recyclable waste is mostly just being dumped in landfills because it’s more “economical” to just keep churning out products from new materials. I’d be very happy for all of that to be wrong, so any credible source you can point me at to debunk that narrative would be very much appreciated.

Let me know which part was confusing to you

The part where you left out any viable path for any of the hypothetical solutions to be realized 🤷‍♂️ You of all people should know that a blueprint is worthless if there’s no process available to build what it describes.

Damn here I am thinking that this is one of the most important parts of civilization.

I mean yeah, I do agree that sanitation and water works are the crowning achievement of human civilization to this very day. But I’ve gotta say it doesn’t inspire confidence if the people running those systems think that concerns about sustainability are something to have a group chuckle about.

Just because the work you do is important doesn’t mean it’s beyond the scrutiny of ecological sustainability. All your good work won’t amount to much in the long run if we can’t find a path to reducing consumption and prolonging the viability of these systems. We don’t have infinite resources, and our ability to recycle is nowhere near what it needs to be to keep up with economic demand.

Tell you what, why not be the change you want to see in the world and stop flushing your toilet, stop using tap water, stop recycling anything, and don’t set your garbage out.

My partner and I are unironically taking the time to research subsistence farming and how to maintain very basic personal water collection and waste removal/reuse systems. We’re also learning about perma-computing so that hopefully we can preserve some of the knowledge that humans have accumulated into the future.

We see it as a foregone conclusion that human civilization as we know it will entirely collapse, probably sooner than anyone cares to admit, so we’re making contingency plans. People with your dismissive attitude are a big part of why we see it as a forgone conclusion. Because as far as we can tell you’re in the 95%+ majority of people on this planet, which means hardly anyone is putting effort into solving these existential problems that we’re facing. Problems which you have offered no viable solution to, despite your insistence otherwise.

That isn’t my job.

So then you didn’t “solve” the impossible problems.

I hope you and your colleagues have a good laugh about how the work you do is contributing to the march towards the end of human civilization as we know it.

I never suggested these problems are impossible to solve, but you haven’t solved them in your post because you haven’t laid out how to overcome the political and economic resistance to implementing any of this, and that’s where the biggest challenge is.

Although I think it’s naive to believe that nuclear power and renewable energy can allow us to keep consuming energy recklessly. Renewable energy technology still puts a significant strain on the environment, in terms of mining rare-earth elements, pollution produced during manufacturing, and material waste from devices that have reached end of life. Nuclear energy is rife with controversy… I used to be firmly in support of it, but I’ve grown skeptical, largely because of the ecological damage from the mining and construction processes, and we don’t have a clear story of what end of life looks like for a nuclear power plant. A plant can only be expected to operate for 40-60 years at which point it needs to be demolished and rebuilt, repeating the massive costs of material waste and construction all over again.

At the end of the day the only way for humanity to survive is for everyone to be reducing their consumption, but I honestly the think the vast majority of people today would rather die and take everyone else down with them than accept more responsible consumption habits.

I can’t tell if you’re suggesting that foundation models (which is the underpinning technology of LLMs) aren’t being used for the things that I said they’re being used for, but I can assure you they are, either in commercial R&D or in live commercial products.

The fact that they shouldn’t be used for these things is something we can certainly agree on, but the fact remains that they are.

Sources:

• Wayve is using foundation models for driving, and I am under the impression that their neural net extends all the way from sensor input to motor control: https://wayve.ai/thinking/introducing-gaia1/

• Research recommending the use of LLMs for giving financial advice: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4850039

• LLMs for therapy: https://blog.langchain.dev/mental-health-therapy-as-an-llm-state-machine/

So this all goes back to my point that some form of accountability is needed for how these tools get used. I haven’t examined the specific legislation proposal enough to give any firm opinion on it, but I think it’s a good thing that the conversation is happening in a serious way.

Literally nothing you’ve said gives any indication that you actually know the current state of foundation model research. I won’t claim it’s my research specialty, but I work directly with people whose full time job is research and tuning on foundation models, and everything I’m saying is being relayed from conversations that I have with them.

“Cannot ever possibly be used like that”… Like what specifically? To drive a car? That’s being done. To give financial advice? That’s being done. To console people who are suicidal or at risk of harming themselves? That’s being done. To make kill / no kill decisions in an active warzone? It’s being considered (if not already being done in secret).

This technology is being used in extremely consequential positions despite having very weak guarantees around safety. This should give any reasonable person pause. I’m not taking any firm stance on whether this specific regulation is the right approach, but if you think there should be no legal accountability for the outcomes of how this technology gets used then I guess you’re someone who thinks seatbelts should be optional in cars and it’s okay for airplanes to fall out of the sky due to neglect.

Non-deterministic algorithms such as Monte Carlo methods or simulated annealing can still be constrained to an acceptable state space. How to do this effectively for LLMs is a very open question, largely because the state space of the problems that they are applied to is incomprehensibly huge.

That’s not what an algorithms researcher means when we talk about “understanding”. Obviously we know the mechanism by which it operates, it’s not an unknown alien technology that dropped into our laps.

Understanding an algorithm means being able to predict the characteristics of its outputs based on the characteristics of its inputs. E.g. will it give an optimal solution to a problem that we pose? Will its response satisfy certain constraints or fall within certain bounds?

Figuring this stuff out for foundation models is an active area of research, and the absence of this predictability is an enormous safety concern for any use cases where the output can be consequential.

It cannot possibly develop agency.

I don’t believe I’ve suggested anywhere that I think it will, but I’ll play around with this concern anyway… There’s a lot of discussion going on about having models feed back on themselves to learn from their own output. I don’t find it all that hard to imagine that something we could reasonably consider self awareness could be formed by a very complex neural network that is able to consume and process its own outputs. And once self awareness starts to form, it’s not that hard for me to imagine a sense of agency following. I have no idea what the model might use that agency for, but I don’t think it’s all that far fetched to consider the possibility of it happening.

Sure, but this outcome is not at all surprising. There are plenty of smart AI people that have nuanced views of what kind of threat could be posed by recklessly unleashing tools that we don’t fully understand into the hands of people who are likely to do harmful things with them.

It’s not surprising that those valid nuanced concerns get translated into overly simplistic misrepresentations entangled with pop sci fi panic around rogue AI as they try to move into public discourse.

AI person reporting in. Without saying whether or not I personally believe that the current tools will lead to the end of humanity, I’ll point out a few possibilities that I find concerning about what’s going on:

• The hype around AI is being used to justify mass layoffs, where humans are being replaced by tools that do a questionable job and can’t really understand the things those humans could understand. Whether or not the AI can do as good of a job according to some statical measurement is less relevant than the fact that a human is less likely to make an extremely grave mistake and more likely to be able to recognize when that does happen. I’m concerned this will lead to cross-industry enshitification on an unprecedented scale.

• The foundation models consume a huge amount of energy. The more impressive you want it to be, the more energy it needs. As long as the data centers which run them are dependent on fossil fuels, they’ll be pumping a huge amount of carbon in the air just to do replace jobs that we didn’t need to have replaced.

• As these tools are used more and more, they’re going to end up “learning” from content created by themselves instead of something that’s closer to a ground truth. It’s hard to predict what kind of degradation of service will come from this, but the more we create systems that rely on these tools, the more harm it will do to us.

• Given the cost and nature of these tools, they’re likely to yield the most benefit to moneyed interests that want to automate the systems that maintain their power and wealth. E.g. generating large amounts of convincing disinformation to manipulate the public into supporting politicians or policies that benefit a small number of wealthy people in the short term while locking humanity into a path towards destruction.

And none of this accounts for possible future iterations of AI tools that may be far more capable than what exists today. That future technology will most likely be controlled by powerful people who are primarily interested in using it to bolster the systems that keep them in power, to the detriment of humanity as a whole.

Personally I’m far less concerned about a malicious AI intentionally doing harm to humanity than AI being used as a weapon by unscrupulous people.

Yeah the only way it would be that high is if it lumps C and C++ together. But at that point it may be an underestimate.

A better language wouldn’t have any need to use POSIX signals in this way.

I do think that specific point is catering too much to sloppy get-it-done-fast-and-don’t-think developers. It’s true that they are Rust’s most untapped demographic, and the language won’t reach the pinnacle of mainstream usage without getting buy-in from that group, but I really think they’ll be won over eventually by everything else the language and ecosystem offers, and .unwrap() won’t be such an unreasonable price for them to pay in the long run.

The ideas in the article are great, I’m just a little confused by some aspects of the author’s tone where it sounds like there’s an assumption that the Rust community isn’t interested in expanding the scope of the language to every conceivable use case domain and height.

For the 4 years that I’ve been paying attention the Rust language is advancing faster than I ever thought a language is able to, but more importantly that advancement has been sound and sensible. So far I haven’t seen a language feature make it into Rust stable and thought “Oh no that was a mistake”, even as features roll in at an incredible rate.

Compare that to the C++ ecosystem where I feel like almost every new language feature is arriving very slowly while also being poorly executed (not that I think the ISO committee is doing their job badly; I just think it’s effectively impossible to make new language features in C++ without gross problems so long as you demand backwards compatibility).

I fully expect everything in this very sensible list to make it into the language at a reasonable pace. I don’t object to the “bikeshedding” as much as the author here seems to because I’d appreciate if Rust can avoid painting itself into a corner with bad language design choices the way C++ has. If we’re talking about language ergonomics, I’d rather suffer some tedium now while waiting for a feature to be polished than be stuck in a corner forever in the future because a bad decision was made.

One example I can think of is I’m not convinced that his proposal around kwargs for function arguments is a good thing, at least not without some serious thinking. For example should it support the ability to reduce foo(a, b, x: x) to just foo(a, b, x) like what’s done for struct construction? If so then the optional arguments start to look too much like positional arguments and the syntax starts to get questionable to me. On the other hand if that simplification isn’t supported then that becomes inconsistent with other parts of the language. So this is something that I believe requires a lot of serious thought, and maybe the better answer is to have built-in macros for generating builder structs

That being said, the edition system of Rust could afford us some leeway on not being forever trapped with a bad language design choice, but I don’t think we want to rely too much on that.

Considering most JIT compilers for JavaScript are written in C++, I can’t conceive of a reason you couldn’t implement one in Rust.

Is part of your requirement that unsafe doesn’t get used anywhere in the dependency tree? If so you’d have to take away most of the Rust std library since many implementations in there have small strategic uses of unsafe under the hood.

In my entire software engineering career, which spans embedded systems to CAD applications, I’ve never encountered a case where GOTO is actually needed (but maybe some places where it can be used as a dirty shortcut to save you some lines of code).

As for arbitrary function pointers, if those function pointers are written in Rust then they’ll come with all the safety assurances afforded to Rust code. I suppose if you’re worried about the danger of running ussr-code with unsafe in it, you could probably have your JIT refuse to compile the unsafe keyword specifically.