My Software North Star
Posted by kristoff_it 6 days ago
Comments
Comment by flooow 3 days ago
In the near term, Bun choosing to switch from Zig to Rust specifically to fix all the memory errors seems to have done the Zig community some psychological damage.
But more significantly, in the medium term it looks likely that AI coding is going to overtake the industry before Zig gets properly established. And it is going to be very hard to justify choosing Zig for your sloppy-but-functional AI-written code - why open yourself up to memory unsafety on top of everything else? Further, the Zig community appears to value a hand-crafted, 'artisanal' approach to software development, which is the very antithesis of vibecoding.
I have no particular interest in Zig as a language but definitely feel some empathy here. The industry is changing in ways that many of us are struggling to process.
Comment by kristoff_it 3 days ago
In some ways it always has been, the community was 'born' in the middle of the pandemic, then for a long time there was a constant influx of Rust zealots coming into threads about Zig to remark how immoral it is to use Zig, and now LLM shovel sellers are telling everybody that the only way forward is to become efficient at consuming tokens.
But it's actually not that bad.
The Zig community is growing pretty well, useful software is being written in Zig, and the advantages that Zig brings are still valid whether you hand-code or use LLMs (e.g. cross-compilation of C/C++ code).
Comment by bsza 2 days ago
The question is why would you fare any better if you don't use it. I don't know how it will play out, but this much I know: I will never pay for AI music, because I can replicate it for free. I'm still buying music from real musicians (in fact tons more than ever before), because I can't. Similarly, I have contributed to many FOSS projects (both financially and in PRs), but will not (knowingly) do the same for the ones that are vibecoded. Whether that will amount to anything or is just a fart in the wind, we'll see.
Comment by pyth0 2 days ago
Comment by bsza 2 days ago
(Aside wrt being more effective with something than without: this is anecdotal, but my paragliding instructor once said that modern wings are often designed to correct for various pilot errors. He advised against buying those because he had seen people make worse mistakes after getting accustomed to them. In his own words: "you become dumber under a smart wing". Sharing because I think this applies to many things in life.)
[1] https://pmc.ncbi.nlm.nih.gov/articles/PMC3639428/
[2] https://pmc.ncbi.nlm.nih.gov/articles/PMC2670101/
[3] https://www.sciencedirect.com/science/article/pii/S074756322...
[4] https://www.dailycal.org/news/campus/academics/failing-grade...
Comment by ian_holt 2 days ago
Applies a lot in life, eh. The old expression re muscles "if you don't use it, you lose it" applies a lot to coding or even in just normal day to day systems maintenance. Asking an AI agent, do to simple task just because "an agent is quicker or more effective" will quite often end up costing more in the long run do to one not remembering "how" to do something
Comment by remexre 2 days ago
Vibecoding $x gives you pretty much the understanding of "someone else did $x," which seems unsurprising to me. There's a lot of usecases for code where "someone else did $x" is a perfectly fine way to accomplish $x! There are also many cases where "someone else did $x" is not a substitute for "I did $x."
"I want a tmux theme that fits with my existing zsh and neovim themes." Is it useful to me to learn how tmux themes work? Eh, marginally maybe? I'm personally kinda hoping I'm not using tmux in 10 years, so probably not.
"I'm writing code for work, where a bad correctness bug would be very expensive." If I'm pulling in someone else's code, I /better/ be auditing that code.
Like, this seems like the obvious framing and a useful heuristic? Maybe the problem is the subject of "vibecoded" is usually "I vibecoded this with Claude," not "Claude vibecoded this with me?" IDK
Comment by yoyomaindydjsj 2 days ago
Comment by dnautics 3 days ago
zig is reasonably established. the llms write pretty good zig. see project linked below which is almost entirely llm-written
> And it is going to be very hard to justify choosing Zig for your sloppy-but-functional AI-written code
why? because one project that was shipping fast made a dog's breakfast of it?
> why open yourself up to memory unsafety on top of everything else?
this can be addressed by third parties in the reasonable near-term. for example:
https://github.com/ityonemo/clr
the zig team says that in the future stabilizing the IR and providing an API will happen.
fwiw in the process of building this project the llms have never once written a memory safety error in the "lib" section (in the src section there was a lot of tripping over segfaults since memory mapping datatypes accessed by a dylib can get hairy)
Comment by rirze 2 days ago
I doubt this from my personal experience. Every week after a release, I see tweets complaining how AI wrote some depreciated code because Zig is making breaking changes every release. (They are valid in doing so, it's just not AI friendly yet)
Comment by dnautics 2 days ago
i did a 0.15 -> 0.16 port of this library and most of it the LLM did
Comment by rirze 1 day ago
Doesn't help the training sets that Zig changes frequently though.
Comment by dnautics 1 day ago
Comment by Zakis1 3 days ago
And as always, the response you'll hear is: but AI sucks/hallucinates/could never replace me etc... Just look at the progress LLM'S have made in the past few years, and extrapolate that to the next 10 or 20 years. I don't see how Zig makes sense if this is the trajectory the industry is going.
Comment by raincole 2 days ago
First of all, past trend doesn't predict the future.
And if it did, then the answer would be nothing will matter in 20 years. Not just "no programming language," but nothing.
Comment by zaphirplane 2 days ago
Comment by Ygg2 2 days ago
No one can predict the future least of all humble extrapolation line.
Comment by zaphirplane 1 day ago
Comment by Ygg2 1 day ago
We don't have prior experiences that can tell us with certainty that LLMs will or will not replace humans entirely.
Projecting that LLMs will become a singularity is the same as saying processor's clock speed will double every year. They do double, they don't.
Sun will always rise in the east until it engulfs us.
Comment by epolanski 2 days ago
Rust is a great language with some great killer features.
It does not need consistent propaganda preaching how it's a better choice than "insert other language".
Every system programmer is aware of Rust and it's pros. Doesn't mean it's a language that fits the use case, project, constraints and even preferences. It's not just about generating code, it's also about reading it and maintaining it.
Thus some people just prefer alternatives, be it C, C3, Odin, Zig, Jai or whatever else there is.
You said it yourself, it's selling point is "nicer C", so it's for people that don't want to write Rust or C++ but a nicer C.
Comment by bwfan123 2 days ago
Indeed. There is an irrational urge in some folks to become language-missionaries. Usually such folks have gained expertise in that specific language and want to protect and expand their turf. There is a wide-range of software usecases requiring a variety of tools and no one language fits all.
Amusing side-note. xai was all-in on rust for their ai-stack back in 2023. But now, spacex controlled xai is apparently coding ai in C - perhaps with the attitude that if a language is good enough to control rockets it is good for ai.
Comment by AnimalMuppet 2 days ago
But what they miss is that other people think differently than them. Other people will feel let out of prison by a different language.
Comment by pdimitar 2 days ago
There are multiple ways to think about how to write software, and that number really is not as high as various language proponents want us to believe. They aim at 50-100 but I'd say we got maximum 20, if not 6-7.
Point being: stuff is starting to converge IMO. It's not endless exciting diversity. "How to write software" (and adjacently: what PL to use) is just a boring multi-dimensional math problem at its root.
Comment by epolanski 2 days ago
Comment by flohofwoe 2 days ago
And specifically, why would Rust be a better choice than C or Zig when the LLMs get good enough to just write memory safe code in unsafe languages (they are already pretty good at finding memory safety bugs).
IMHO for code generation, different things start to matter (like fast build times, while 'convenient highlevel abstractions' become less important).
Comment by zozbot234 2 days ago
Comment by kristoff_it 2 days ago
If you learn how to use arena allocators and in general use modern techniques, you don't need global reasoning to write correct memory management code pretty much never.
If your code is a RAII and abstraction maze, then yes, you will probably need global reasoning, but that's not the case with Zig.
Comment by kibwen 2 days ago
Comment by J_Shelby_J 2 days ago
Comment by saagarjha 1 day ago
Comment by trumpdong 2 days ago
Comment by tasuki 2 days ago
There is, and always will be, a huge difference between "because a LLM said so" and "here is a proof this is memory safe".
Comment by throwaway613746 2 days ago
Comment by KronisLV 3 days ago
Meanwhile, some projects are doing the opposite, like going from Rust to Zig, here's an example from a podcast I recently listened to: https://www.youtube.com/watch?v=XSXGf3oN2yU
Here's the project in question: https://github.com/roc-lang/roc
I think Bun just got a lot of visibility because of the speed and scope of the migration, which both shook things up and I guess was good PR cause that made a lot of headlines.
Comment by flooow 3 days ago
Comment by flohofwoe 2 days ago
Comment by KronisLV 2 days ago
Comment by tasuki 2 days ago
Comment by codethief 1 day ago
Thanks for the link! Unfortunately, contrary to what the title suggests, that video seems to be more about AI than about the migration? (Sigh…) I did, however, find the following document where they explain why they migrated to Zig. It makes for a nice read: https://gist.github.com/rtfeldman/77fb430ee57b42f5f2ca973a39...
Comment by throwaway613746 2 days ago
Comment by epolanski 3 days ago
2. You can write memory safe code in C (Redis, SQLite, OpenBSD, Git, etc), let alone in Zig which provides more tools to write memory safe code.
3. AI can write very good Zig already. This isn't 2024 anymore where "the LLM has seen lots of this language so will write better in this language" scenario existed. Will make you an example: I have worked in a very esoteric typescript fork called TS plus (providing among others fluent style apis for pipe-able functions) and even Opus 4.1 did well. Recently I have forked the Elm language and the LLM had no problem dealing with it, despite significant differences to the original Elm.
4. Zig's community uses Zig because it likes Zig and its tooling and doesn't like the constraints of other languages. Simple as that.
Comment by flooow 3 days ago
https://xcancel.com/jarredsumner/status/2055796104302858694#...
> I’m just tired of dealing with crashes and memory leaks & want language features to help prevent things
(Edit: this reply seemed less flippant before the parent edited their reply)
Comment by kristoff_it 3 days ago
Comment by BariumBlue 2 days ago
Comment by dapperdrake 2 days ago
Comment by jeremyjh 2 days ago
Do you think that this is a list of software that have never had memory bugs? It really is not practically possible to completely avoid a large class of memory bugs in C in just about any kind of very large commercial or open source codebase.
Redis
CVE-2025-49844 ("RediShell"): use-after-free in bundled Lua parser https://github.com/redis/redis/security/advisories/GHSA-4789...
CVE-2022-24834: heap overflow in Lua cjson/cmsgpack https://github.com/redis/redis/security/advisories/GHSA-p8x2...
CVE-2021-32761: OOB read / integer overflow in BIT commands https://security-tracker.debian.org/tracker/CVE-2021-32761
CVE-2023-41056: heap overflow on buffer resizing https://github.com/redis/redis/releases/tag/7.0.15
CVE-2021-32765: integer overflow to heap overflow in hiredis https://github.com/redis/redis/security/advisories/GHSA-833w...
Sqlite
CVE-2020-11656: use-after-free in ALTER TABLE https://bugzilla.redhat.com/show_bug.cgi?id=1824185
CVE-2022-35737: array-bounds overflow in printf engine https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability...
CVE-2023-7104: heap overflow in session extension https://sqlite.org/forum/forumpost/5bcbf4571c
CVE-2020-9327: NULL pointer dereference in isAuxiliaryVtabOperator https://nvd.nist.gov/vuln/detail/CVE-2020-9327
CVE-2019-9936: heap over-read in FTS5 https://nvd.nist.gov/vuln/detail/CVE-2019-9936
OpenBSD
CVE-2023-25136: pre-auth double-free in OpenSSH sshd https://seclists.org/oss-sec/2023/q1/92
CVE-2022-27882: heap overflow in slaacd https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-...
errata 70/003: kernel memory leak closing unix sockets https://www.openbsd.org/errata70.html
errata 74/018: buffer over-read in sndiod https://www.openbsd.org/errata74.html
errata 78/013: use-after-free in httpd chunked encoding https://www.openbsd.org/errata78.html
Git
CVE-2022-41903: OOB write in pretty.c format_and_pad_commit() https://github.com/git/git/security/advisories/GHSA-475x-2q3...
CVE-2022-23521: OOB write/read in .gitattributes parsing https://nvd.nist.gov/vuln/detail/cve-2022-23521
CVE-2022-39260: heap overflow in git shell split_cmdline() https://github.com/git/git/security/advisories/GHSA-rjr6-wcq...
CVE-2016-2315: heap overflow in path_name() https://bugs.launchpad.net/bugs/cve/2016-2315
CVE-2016-2324: integer overflow to heap overflow (nested trees) https://nvd.nist.gov/vuln/detail/CVE-2016-2324
Comment by epolanski 2 days ago
Comment by saagarjha 1 day ago
Comment by jeremyjh 2 days ago
It is also not possible to always write correct code in ANY language, but languages that eliminate entire categories of errors do see a reduction in those error rates.
But yes, there is always someone saying "just don't make mistakes, bro". Thank you, we hadn't thought of that.
Comment by oytis 2 days ago
Comment by zozbot234 2 days ago
Comment by kibwen 2 days ago
Comment by zozbot234 2 days ago
The point of unsafe Rust is to "leave no room for a lower-level language". When writing lower-level facilities it's not uncommon at all to have to resort to unsafe. In practice, relying on the idiomatic standard library support within an unsafe block that might be breaking Safe Rust invariants is almost a sure way of shooting oneself in the foot as soon as the library function is doing anything more complicated than taking a pure value as input and returning a value as output.
Comment by oytis 2 days ago
Comment by applfanboysbgon 2 days ago
Comment by oytis 2 days ago
Comment by applfanboysbgon 2 days ago
Literally just D? I'm not really aware of other serious efforts to modernise C/C++. Other than Rust, the world became completely fixated on GC languages that were inherently meant for higher-level purposes. Full-fledged attempts at memory unsafe languages in this century have been few and far between.
Comment by mfru 1 day ago
So much so that I am at the moment doing the ziglings exercises and learning it over Rust (which I gave up on some time in the past, because it didn't spark "joy" for me; so far Zig does).
Sure, for now it is just a hobby programming lang to me, but it might become more than that.
Comment by marcosdumay 2 days ago
You either care about non-functional aspects of your code, or you don't. Running your code through the shredder that destroys everything you don't test while insisting on writing it on a language that specifies non-functional properties... I don't have any other word, it's stupid.
Comment by data-ottawa 2 days ago
Not all vibe coding is top down "Claude build X", it can be very specific implementation guidelines and criteria.
Comment by liampulles 1 day ago
Whether Zig will become dominant in that space remains to be seen.
Comment by nsvd2 1 day ago
Comment by liampulles 20 hours ago
Comment by BobbyTables2 2 days ago
Comment by tempodox 3 days ago
Comment by alkonaut 3 days ago
After many years in the business I have come to a more pragmatic view. There is no meaningful way of distinguishing features from bugs. It doesn't matter that work tracking software usually does.
Once you realize that the lack of a feature is the same as the presence of a bug then "fixing all bugs" also means "adding all the features", then you also accept that you will never be done.
If you have a bug to fix to weigh against a feature to add, which do you pick? The only correct answer is "The one that provides most value". And again we see that it's very possible - even likely - that fixing the last bug will _never_ be as important as adding more features.
I know this is probably not what the author meant. First of all "having a process" doesn't mean completing the process. Second of all, you can categorize bugs as being of a specific kind (The linked article under [fixing all bugs] actually only talks about failing asserts).
Comment by coldtea 2 days ago
This doesn't make sense at all.
Your email software mangles my email. Or your media player randomly skips. That's a bug. No big philosophy needs to be hidden behind it. That your media player doesn't have the shuffle feature is not a bug. It's just an item on a wishlist.
>If you have a bug to fix to weigh against a feature to add, which do you pick?
Depends on the seriousness of the bug. If your disk backup software corrupts backups, I'd fix that, I wouldn't go add schedulled backups or encryption first.
If what you meant to say is that bugs and features are both items to prioritize when deciding work, sure. But they're not the same thing and are not hard to tell apart, so the metaphor doesn't work.
Comment by gobdovan 2 days ago
Also, mandatory Sussman reference [0], where he talks about correctness not being that important and gives Google as example, that just needs to be close enough and not disastrously incorrect + interesting stuff around engineers confusing brittleness with correctness.
Comment by coldtea 2 days ago
Sure you can. Correctness doesn't mean "follows a spec", it means "It does what the developer intended it to do without problems".
I mean that casually and within reason, it's not supposed to be a formal statement checkable by proof checker. z
I don't need a spec to know that e.g. my email client has a bug if it crashes when I try to make something bold. The presense of the "Bold" formatting button means it should support it, spec or no spec.
Comment by gobdovan 2 days ago
Comment by appplication 2 days ago
It’s an interesting insight but I’m also not sure it’s valuable in practice. Sort of like “we’re just bags of chemicals that tricked rocks into thinking”.
Comment by coldtea 2 days ago
Then they could just say that, not that in general "a feature is the same as a bug" without qualification.
Comment by alkonaut 2 days ago
Especially with dramatic processes like ”always fix all bugs before implementing any feature”.
Comment by generic92034 2 days ago
Comment by Levitz 2 days ago
I appreciate the exercise of taking a step back and looking at the abstractions built, really I do, sometimes people take a liking to certain bugs, sometimes people despise features as if they were bugs, but this feels a bit of a Loki's wager situation: https://en.wikipedia.org/wiki/Loki's_wager
At the very end of things, bugs and features are just things the software "does", but I reckon it's worth it to sit back and think about the intentional and non-intentional result of the application of a design.
Comment by AnimalMuppet 2 days ago
You want to say that they're not the same kind of work? True. And yet, when you're allocating work, that doesn't particularly matter.
Comment by coldtea 2 days ago
Well, they did claim something more though though: "the lack of a feature is the same as the presence of a bug then "fixing all bugs" also means "adding all the features".
Well, no. Take TeX as an example. It does what it does. Bug are bugs, and they can fix them. Lack of features are not bugs. They can absolutely close to fixing all bugs. And some small programs can be 100% bug free (or close), without considering any rando's future request (which can expand to the thousands unrelated asks you never planned it do) as "a bug".
Comment by AnimalMuppet 2 days ago
Comment by guilhas 2 days ago
Comment by OtomotO 2 days ago
A bug means that there is a feature, but it's not behaving as was specified. (Or expected, or as it used to ... but clearly a difference to something, not to nothing)
It doesn't matter whether to the end user that's indistinguishable. It is for us, the professionals.
It's the same as with any other profession and domain-knowledge. If my heater doesn't work but it used to work, that's a bug, a regression. If it doesn't integrate with my smart home, that's not a bug. It was never a feature to begin with.
> If you have a bug to fix to weigh against a feature to add, which do you pick? The only correct answer is "The one that provides most value".
I agree.
> And again we see that it's very possible - even likely - that fixing the last bug will _never_ be as important as adding more features.
Depends entirely on the project and the revenue stream. I've open sourced code which I consider done. It does what it should do and I won't any more features to it.
I will however fix bugs within the existing functionalities.
Comment by 0815beck 2 days ago
Comment by alkonaut 2 days ago
For example a customer reports a bug, your program can't print. Oh, you say, we never even had that feature! Please post again, as a feature request.
Customer mumbles and requests the same thing as a feature request, not a bug report. They never understood what the difference was though. They couldn't print. Program bad.
Now you implement the printing feature. There is an infinity of things to handle there. You add the 99.9% case which is basically regular printers, perhaps normal paper sizes. You however don't throw in things like document splitting (sending different pages to different devices based on capability). You have to stop somewhere. None of this is specified, however. None of the limitations are communicated to users. But you added the feature - in some sense. Then a customer with a 1970's pen plotter files a bug report that your new feature doesn't work on his device. Will you fix his bug? He's the only one on the planet with the problem. Is it a bug or a new feature? To him it's _clearly_ a bug. To you it would _clearly_ be a new feature to support pen plotting. You could argue the semantics of whether this is a bug or a feature until the sun goes down and it doesn't really matter. Either the fixed bug/added feature has enough value to be done, or it doesn't.
A key takeaway here: this isn't merely something that appears in the perspective of the user vs the developer. The argument about whether you actually have a "Bug" because you stopped short of implementing every kind of printing known to man is one you could have with your PM too. He likely didn't even consider that. But does that make it not a bug?
Comment by tikhonj 2 days ago
"You don't support printing", "pressing the print button doesn't print", "pressing the print button crashes the computer" and "pressing the print button lets an attacker get root access to the system" are all different and it makes sense to distinguish them. (The first is a missing feature, the second and third are different kinds of bugs, the last is a special kind of bug we call a security vulnerability.)
That distinction might not be useful to end-users, but it's useful for the people building the system! If you want to care about quality, committing to a strategy like "we will not add features before we fix known bugs" is totally clear, reasonable and effective. There might be some frontier of issues where it's hard to make a distinction, but that just means there are subtle edge-cases, not that the whole concept is undefined. A lot of perfectly cromulent concepts have edge-cases! You can just decide those on a case-by-case basis; if it's actually so close as to be legitimately confusing—it's not just feigned ignorance or political posturing—which side you choose probably doesn't have much of an effect.
This does depend on having a reasonably clear idea of what you're building, but that "reasonably clear idea" does not have to be anywhere near the detail of a "full spec", much less anything formalized. To me, that seems like a baseline you'd need to build quality software at all, and hardly an unreasonable thing to expect. And if most teams can't manage, well, it's just another explanation for why most software is crap.
Comment by dopple 2 days ago
Your argument hinges on all parties agreeing on what "wrong" means. Take a step back and consider that parties do not agree on a common definition of "wrong." Does "wrong" mean a gap between the spec and the implementation or a gap between a reasonable user's expectation and the implementation? If one party assert that it is clearly the former and the other party asserts it is clearly the latter, does that make the situation more clear or less clear?
Comment by camdenreslink 2 days ago
Comment by pixl97 2 days ago
And what about the + symbol?
Comment by camdenreslink 2 days ago
Comment by tikhonj 2 days ago
Besides, in your example, either kind of gap could be a bug or a missing feature. It's a totally orthogonal question.
Comment by coldtea 2 days ago
No, it just hinges on common sense. "All parties" are never gonna agree on everything.
There will always be customers that demand whatever and treats its lack as a bug. Doesn't make it a bug anymore than me asking for a free glass of wine with my meal and not being given any is "injustice" - when the restaurant never promised any.
Comment by throwaway27448 2 days ago
Comment by coldtea 2 days ago
Any software has a spec. It might not be publicly written, but you have in mind what you build and which features it supports. And software that's sold has lists of features, presentation pages, and trials for people to see its features.
If some random user can't tell a bug from a feature, that's on them.
Comment by pixl97 2 days ago
* Supports FooBaz
Now means, supports what feature set of FooBaz, what particular versions of FooBaz, does it support the fork FooBar that have the market quickly migrated to, what about the bugs in FooBaz that only show up when using your program.
Users are dumber than you think, and when they pay you a lot it's never on them.
Comment by thaumasiotes 2 days ago
Note that the 'spec' you're referring to isn't the same thing as the 'spec' in your pulled quote. The Java spec tells us that the expression
var >> 40
var / 256
To identify that bug, you need another spec that can find fault with the official spec. Only the official spec is written down.
Here are some other common and widely-recognized bugs-in-the-spec:
- The conventional sign of the electric charge of protons and electrons has been reversed.
- Mathematical function applications are written before their argument, when they should be written after.
Comment by alkonaut 2 days ago
Comment by sakjur 2 days ago
As a sidenote, I dislike it when a vendor makes me care whether something is a bug report, feature request, or support query prior to filing it. I'm willing to make an assessment on whether the query is of a public or private (if I'm unwilling to publish publicly, sensitive customer info, potential for vuln et c.) nature but beyond that I don't want to spend any time arguing about classification.
Comment by xboxnolifes 2 days ago
Comment by onion2k 2 days ago
It's a correct statement, but when you're talking about memory safe languages it's true that memory safety helps you avoid writing code that doesn't do what you were expecting, so I'd still suggest memory safety matters for reducing the number of bugs.
Comment by witx 1 day ago
You're twisting very hard the definitions here. A bug is a behaviour different than the one intended, it is not tied to code whatsoever. You can have bugs "in the code" that happen because of faulty hardware, or a solar flare.
Unless you work in an industry where solar flares should be taken into consideration, the code and requirement can match and you still have the (protential) bug
Comment by jihadjihad 2 days ago
- trying to do X, getting software error: bug
- wishing the software did Y, even though it’s not implemented: bug
Comment by alkonaut 2 days ago
And you never have a complete specification of what to do.
Comment by coldtea 2 days ago
Well, the end user's perspective is buggy.
And a developer doesn't have to give the same semantics as the user, anymore than a medical equipment manufactured needs to consider its products based on what each random patient wants and what misconceptions or urban legends they believe.
Comment by giancarlostoro 2 days ago
Especially when you implement it exactly as directed by a project manager. Everyone forgets why it was done the way it was done, and then the same project manager asks for it to be "fixed" despite it being the way they wanted it in your original ticket.
Comment by demorro 2 days ago
I have worked in companies where "X is not complete" would be logged as a bug. Even beyond that, non-completeness often leads to behaviors, especially as users bed in around non-complete interfaces, that are obviously bugs, crashes and the like.
If software represents a theory, any expansion in that theory (new features) will tend to lead to non-completeness, which will tend to lead to bugs. This is almost a mathematical certainty.
Engineering around this implies restating your theory, and thus performing partial or total rewrites of your software, quite regularly. It's not as crazy an idea as it sounds, I'm sure there are architectural patterns that make this manageable.
Comment by thrance 2 days ago
Comment by alkonaut 2 days ago
The answer to that is sadly "yes".
> prioritizing so-called "quick wins" only quickly wins the codebase more tech debt, that puts the project on a sure path to development hell.
That's why we pay senior developers lots of money. Their gut feeling (or past scars) about what actually gives value across different horizons.
Comment by jeremyjh 2 days ago
Of course, some systems have to ship at all costs or there won't be a second or third year, so judgement is still required.
But a lot of experienced people still underweight the costs of having lots of "low impact" defects.
Comment by somat 2 days ago
-- C. A. R. Hoare
Comment by BiraIgnacio 2 days ago
I've come to realize it's all about perspective. Something from the engineering stand point may not be a bug because there's nothing to fix. But the user might be having a bad experience because of that so it must be a bug.
In the end, the user's perspective might be the less-wrong one.
Comment by BariumBlue 2 days ago
From a user perspective, a bug is when behavior deviates from reasonable expected behavior.
From a dev perspective, a bug is when the code actions mismatches the mental model (aka spec if it exists, else a reasonable mental model of the system).
A bug becomes a feature when it becomes expected behavior.
Comment by dxdm 2 days ago
There's always a gray area of what's intended by the spec, but a program can absolutely and blatantly deviate from the letter of the spec, and they often do.
This distinction seems worthwhile to me, because it means that something someone already relies on does not work (anymore), even though reasonable people would agree that, according to the spec, it should.
Comment by alkonaut 2 days ago
Comment by dxdm 2 days ago
I first read your original comment in a much more absolute way (there is no distinction at all, and it never makes any sense anyway), which is quite easy to disagree with.
Comment by ozgrakkurt 3 days ago
Comment by kristoff_it 3 days ago
Comment by ivanjermakov 2 days ago
In enterprise usefulness is not the end goal either. Software can be very useful, but if no one is going to pay for it, it holds very little value for the business.
Comment by thot_experiment 2 days ago
Comment by BirAdam 2 days ago
The implication is that you should always strive to release software that isn’t overly buggy, isn’t slow, and is general a pleasure to use.
Comment by vladde 2 days ago
for me, the end user's experience goes above all.
Comment by ramon156 2 days ago
> I do not hear the end user, therefore it does not exist
Not literally, but that's what it feels like.
It's probably safer, but in the long run you're not building any trust.
Comment by boxed 2 days ago
Comment by zuzululu 3 days ago
Comment by randypewick 6 days ago
I mean, if they really care about software correctness, I wonder why take a very discutibile position and say that "safety doesn't matter if you don't use the correct process". Yeah, I mean, having some guardrails is better than none, right? If they really cared about correctness, they would really strive to put all the possible guardrails in place, wouldn't they? Maybe they are bitter because their fav language is not as popular as the other?
But there are so many languages, I wonder why picking on Rust specifically.
Comment by mobelkh 3 days ago
Comment by Zakis1 3 days ago
Comment by BirAdam 2 days ago
Comment by kibwen 2 days ago
Comment by raincole 3 days ago
Comment by Ygg2 2 days ago
There is a lot to dislike about this paragraph:
It doesn’t matter that the language you use is memory-safe, if you didn’t design for correctness or have no process that will eventually lead you to fixing all bugs.
And no, asserts don't fix all bugs, they just guarantee some of your invariants are held at best, used in test at worst.
Comment by n42 2 days ago
Comment by Ygg2 2 days ago
It's a bit like saying, "Yeah, our system is safe, but if there are two threads racing or use after free somewhere, then all bets are off."
Comment by n42 2 days ago
you seem to think there is one path to memory safety. there is not. unsurprisingly, some programmers may need different tools when working with a different set of requirements.
Comment by Ygg2 2 days ago
Or at least you have to add memory safety as another extra step on your road to correct by design.
I'm aware of paths to memory safety, but they boil down to: pervasive GC, annoying compiler, and praying you got it right.
If you write your proof in GC language than translate it to C, that's just a mix of pervasive GC and praying.
Comment by darkwater 3 days ago
https://joshlf.com/posts/memory-safety-life-and-death/
Under a "it doesn't matter it's memory-safe if..."
Comment by jiggawatts 3 days ago
It's like saying it doesn't matter if surgery is done another antiseptic conditions if the patient isn't also given a course of antibiotics during recovery.
It's not an argument against safe practices, it's an argument for amending one kind of safety with others.
Comment by abecedarius 2 days ago
Comment by randypewick 2 days ago
In general, the article is ok-ish: it makes sense to think about the correctness (whatever that means... correct according to whom?), about the bugs (according to what specs?), the users (according to what use cases?). This is ill-defined and I don't like this framing. But even assuming I like the concept, why would the author say those things about rust specifically? This seems a bit like picking to me. Kind of not very honest, maybe?
I don't know or follow the author, just stumbled on this page because a colleague mentioned it, I don't know if there is a history of anti-rust'er or something, I just found something weird and sus.
Comment by bigyabai 3 days ago
> nobody can trick me into mistaking lesser stars for my true destination
The author seems to be in some level of denial around compile-time safety checks. They're right that runtime safety errors are an issue, but it feels wrong to discount compile time checkers when it can save a lot of yak shaving.
Comment by mcdonje 3 days ago
>It doesn’t matter that the language you use is memory-safe, if you didn’t design for correctness or have no process that will eventually lead you to fixing all bugs.
It's also worth noting that they linked a post about how memory safety is literally a matter of life and death, so it seems like their point is that memory safety is one class of bug, and a compiler guarantee about it doesn't equate to a guarantee of correct, bugless, unexploitable code.
Like, the linked author brought up that Khashoggi's wife's phone was hacked. Maybe that was due to a memory bug or some other kind of bug. Maybe the next journalist who gets hacked is a victim of a memory bug or some other kind of bug. But that linked post didn't take a holistic view of correctness, but went straight to, "Rust is safe. Rust saves lives." There's a logical error there that's being pointed out.
If you really want to save lives, you need to eliminate exploits. Not just do a victory lap because your compiler ostensibly eliminates one class of them. The compiler doesn't catch all bugs. The compiler isn't the only tool for catching bugs.
That's my reading of it, anyway. I think he has a point, and the Rust people do as well. I think it's wrong to portray him as bitter.
Comment by kristoff_it 3 days ago
If Rust helps you get all the way to correctness, then great, but that blog post was insane.
Comment by bigyabai 2 days ago
I acknowledged that in my prior comment. This person is letting perfect be the enemy of good, and I guarantee you that they aren't running their binaries through Valgrind and Ghidra to check the runtime safety after it's built.
Exploits like Heartbleed get shipped because people abdicate their responsibility to write safe software. Shackling developers to dynamic analysis tools is not any better of a solution than using a memory-safe language to start. Rust is shaving a calf to avoid the whole yak.
Comment by zuzululu 3 days ago
Comment by raincole 3 days ago
Comment by zuzululu 3 days ago
Comment by jackhalford 3 days ago
Recent events AFAIU: - bun (bought by big AI) switching to Rust - zig team banning AI pull requests (because they want to review humans) - The cloud industry buying all coding tooling companies (uv, vite, bun) but zig being unbuyable
If anybody from the zig core team is reading this: thank you and carry on the good work.
Comment by zuzululu 3 days ago
so far I'm not really getting zig and I see they banned AI ? seems like that is just going to attract anti-AI user base...not sure if that was a wise decision.
also not really sure why anyone would migrate from Rust to Zig, it seems much less mature and unsure of the ROI there.
Comment by kristoff_it 3 days ago
I posted this link at the same time when I posted it to Lobsters (https://lobste.rs/s/g6lkw1/my_software_north_star) 3 days ago, but it didn't get on the front page. Seeing that the submission time has been reset, I imagine it was given a second chance by HN curators (it's a known process), but that doesn't mean free upvotes, it's just that some people resonate with the thinking.
Comment by gghh 3 days ago
In his role, devising as set of general guidelines to use as compass when things (inevitably! and often!) get very very muddy and Right v. Wrong is hard to tell apart -- both objectively, and also from the point of view of being a community leader with ton of vested interest -- is essentially one half of his job. Other half is abide to said guidelines.
So @kristoff_it last week sat down, came up with three simple rules short enough he can print on a business card (or hang on his office wall or whatever), and posted them here to test if they make sense to the wider community.
TLDR: yes can seem bland / generic but within context it makes sense to me author needed to distill his ethics in a nutshell.
Comment by ares623 3 days ago
EDIT: doesn't really answer your question. Just reminds me of a good ol' flamewar.
Comment by randypewick 2 days ago
Comment by worik 3 days ago
What makes you think that?
> I wonder why picking on Rust specifically.
I did not see that. What did I miss?
Comment by randypewick 2 days ago
Comment by nilirl 3 days ago
What kind of 'useful'? Normative? Empirical? Prescriptive? Pragmatic?
'Useful' is a very subjective north star.
Comment by hnthrow0287345 2 days ago
Someone says it's useful to them. If you get a consensus where >50% find it useful, then it's probably useful.
Comment by nilirl 2 days ago
By that same measure: correctness, maintainability, and efficiency are not that useful.
I wasn't saying usefulness is not important, I'm saying this post conveniently crammed the hardest problem of writing software into a fuzzy adjective.