The Downfall of Actix Web

He isn't getting paid, yet most of the people attacking him were getting paid off of his work. It's pathetic.

@@rich1051414 Isn't that the problem of most open source free stuff. Dedicated people share their code, get nothing in return, while those who use that code make the money while demanding that every software be open source so they can use it to make even more money without having to pay for the tools they use.

Yea have to deal with egos of people who think they are smarter or sometimes they just like to get credit for getting their code merged. It is rough. He seems like a nice guy everyone else seems toxic.

that's how all big open source (community driven) projects work

so him being an asshole for a single comment is not ok; but Torvalds, the prime example of an asshole, can constantly do this crap. Double Standards.

Best comment.

I want to make this clear because people in this comment section keep getting this wrong. In Rust, code that says it is safe but isn't is incorrect code, you are violating the language's rules. That is not just a design decision the way it is in other languages. The problem was not that unsafe was used, nor that UB was possible. The problem was that the public API (even if internal) was marked safe when it wasn't safe at all. If that function had been marked unsafe, there would've never been a need for those PRs.

Agreed. People are replacing it with safe code because they can't think about writing bug-free unsafe code. It takes a lot of knowledge and then some courage to do it.

@@Treeniks just started learnng Rust and its definately great language which draws my attention, but there's just so much Zealots in the community, "you can't do that", "you're not supposed to do that", "thats wrong" - and this is what happens with actix-web.
programming language is just a tool to build something, if the compiler or the machine process allows you to do what you are doing, then who are you to say "that is wrong".
Rust is great, but a lot in the community is behaving like a CULT which you must SWALLOW what they want you to swallow.
at the end of the day, the code is compiled into MACHINE CODE and any DAMN language does not even matter even so for the people who'll be using what we are building.

mutable reference printer go brrrrrrr

I laughed so hard, I love those memes.

+1

Did you really learn

Did you really learn

Did you really learn

Did you really learn

rust community has more energy to fight these wars as we JS developers are already fatigued.

@@AmanNidhi please, one more dependency and I'll go to sleep, I promise)))

@@AmanNidhi Amen to that!

@@kennethdarlington please await and async about it one more time

I think Rust as a great language but the community is mostly composed of fanboys, Rust is the superior language, the design decision of all other languages are always wrong, the only language that gets things right is Rust, everything must be rewritten in Rust, even thing where it doesn't make any sense at all.
Quite frankly, the author should have said: fuck off, I will rewrite this in C++ and deal with it. Undefined behavior is not always bad...

@Ryo Sanada I honestly amazed by the fact you could separate between "mean people amongst a host of reasonable people".
either you're stupid wise, or you're guilty of it yourself. or maybe just naive.

@Ryo Sanada now I'm amazed that you think you're being reasonable :)

It's not entitled to expect defined behavior in something implemented in Rust. There's no point in using Rust if you're going to defeat its safety features. It's inappropriate to lash out at people who volunteer their time to eliminate unsafe behavior in a Rust project for an absolutely minimal performance impact. His ego got in the way of other people's security. Moving the project to his personal account was beyond unreasonable; it was deliberately breaking other people's code just to be a dick. The community was justified in responding with hatred.

@@JB52520 He could have never released the project in the first place or never made it open source.
Bitching at someone because the work they did - for free - that you are exploiting, because you don't like how it is implemented - to the point they evidently have a nervous breakdown because of it is OK... Why?
If you depend on someone else's work when that person had no obligation to let you use it in the first place, complaining when they get stressed out by endless demands from strangers who tell them you're doing it wrong is, frankly, petty and entitled.
If you don't like how a project works, don't use it.
Nobody forced you to.
Oh, but you chose this particular library because you liked what it did, but now you're bitching at it's creator about the very thing that makes it function the way it does being 'wrong?'
Ultimately this is the kind of stuff that risks killing the open source community.
Why open source something if you know doing so will get you endless grief?

@@JB52520 Protection from UB that is not shown to be able to occur (via, as the maintainer asked for, a unit test using the public API) is going to be a low-priority fix *at best* for any maintainer - as it should be. The first, overriding principle in software is that it does the job. Was actix broken? No. Might it have been? Sure, but the submitter didn't show a practical example, only a strawman.
Rust's safety guarantees are not intended to be the overriding concern. They are only a tool *not the goal*. And given actix's position vis-a-vis speed, the submitter should also have submitted a comparative benchmark showing the effect of the change - since the change wasn't otherwise fixing an extant *bug*, they should have at least shown that it didn't make things worse. Minimal changes are not null-changes, and an accumulation of seemingly insignificant inefficiencies can add up.
Could the maintainer have been more civil? Perhaps. But the submitter had no special rights here - the maintainer put orders of magnitude more work into the project, and deserves orders of magnitude more deference with regards to it. I would expect no less on any project.

Big point, he probably didn't have the best words to convey his mind happens with the best of us

You can be polite, even if you are a non native speaker.
Imagine open a PR and get slapped in the face, this what these replies sounded 🤣

@@enzo.albornoz I think for someone who speaks the language non-natively who has not been immersed in the surrounding cultures, their tone can quite often get misinterpreted as rude in my experience. I suspect that's what's happened here as well

as a non native speaker, i kinda feel the pain. i have trouble choosing the right word to express what i meant. internet being internet, everyone automatically assumes the worst.

👍🏻

@@zokalyx 👍

Just UnSafe ?

That wasn't the problem. The problem was that he used an `unsafe` block in a function, but the function was marked as `safe`. However,the function wasn't safe at all, exposing unsafe code behind a 'safe' interface is _not_ valid / acceptable for Rust. Safe rust code could segfault if they pulled a reference out of the object and then reset the object, as shown in the example. If he wanted to leave-it as-is, he needs to mark the function as unsafe so that callers need to wrap the call in unsafe.
The separation between inner-implementation details of the library, and the "user" of the library, makes sense if the library is written in C++, and the user is using it from Rust, because doing unsafe things in C++ is legal. But actix wasn't written in C++, it was written in Rust, so he too is a user of the Rust language and needs to use the language properly, which means wrapping unsafe code with unsafe blocks and exposing safe interfaces, which he didn't do. Otherwise it's just not Rust anymore. RedoxOS is written in Rust, that's the point, and it uses unsafe{} in rust properly, only marking functions as safe if the internal safe code cannot be abused.

@@npip99 I kind of agree: I think the function should have been marked as “unsafe”. Though I kind of understand why it wasn’t too. It was only unsafe if the “contract” of the function was broken. This contract wasn’t implemented in the language (unlike the contract of e.g. Rc), but I don’t think it needs to be when it comes implementation details.

@@npip99 Excuse me? This is what the official rust book says:
"To isolate unsafe code as much as possible, it’s best to enclose unsafe code within a safe abstraction and provide a safe API"
Maybe I didn't understand your point?

I think the issue here is the way the dev responded to this, just "no fuck off" and closed a potentially good solution. Just because you can use Unsafe{} doesn't mean it's completely okay to (or that you should) use it.
The dev should have discussed this further with the contributor instead of being a jerk.
EDIT: Okay i thought a little more about and I don't know, I don't agree with the "OSS is toxic" thing, I think if you are maintaining a oss project you should expect to have issues from anyone on the world, this is hindsight so idk

@@CHE6yp You are right. Even the standard library encapsulates unsafe rust inside safe rust and looks as safe rust to the user.

Last words of a burned out programmer....

if he sees linux kernel prs

😂

Yea @mitsuhiko is very well know in Python community. Creator of Flask microframework.

man this was gold. LMAO

Steins;gate?

@@dhanushc5744 John Titor from Steins;Gate is inspired by "real" John Titor who "traveled in time". Go to read about that.

He has seen the future and came back to PR the final version

@@exactzero Well, usually it is future dev that has to deal with past dev's shit, good to see a change for once.

I think he got the name from Steins; Gate anyways. Just a guess based on he having an anime pfp

Smart!

Unsafe is basically announcing "I know what I am doing, and if something breaks it is entirely my fault."

be like typescript, dont respond to PR at all

or they can just go "i don't approve this pr just because, feel free to fork it"

The second patch changed nothing about the library, it just made the internal code safer and easier to collaborate on.

Please god, don't fork a project used by lots of people unless there's a fucking amazing reason to do so, or it's just for your own use.
This particular issue was clearly no reason to fork the entire project.

Why would forking be bad for small changes?

@@Christobanistan eh

@@mateowang6570 if it's for your own use, there isn't really. The issue is if it starts to fragment the community, more choices isn't necessarily a good thing for users, particularly if there is no clear reason to choose one option over another. Also is work maintaining your new fork the best use of those resources or would that effort be better spent elsewhere (such as contributing to the original). That's not to say you should never do it but you really should have a good reason.

Agreed, that kind of behaviour just results in code being forked and maintained by someone else. That works - but nobody wants to have to pick between 5 different versions of a single codebase. Taking personal offense to contributions is unhealthy for the community.

the most notorious dependency crash ever. That kind of crash would not happen under Rust though, as cargo does not operate in that fashion.

@@simonfarre4907 could you explain more?

@SLKA a bit late, but bad versions of cargo crates are yanked. You can't get yanked versions into new projects, but if you have project with yanked version it remains there in working condition.

You are wrong. Internal code means, no body can mess with the code, so there is no way that UB can be produced with the code. Actually the PR UB demo code was created by a brain-dead and supported by other brain deads. Unfortunately they didn't even understand the meaning of the comment, 'I must be braindead'. Such a shame.

@@NowHereUs exactly

@@NowHereUs internal code can also be referred as "unreadable code that I hope that works" 🤣

@@enzo.albornoz It was readable. It was just a private piece of code with no public interface. Did you not notice the name 'DateServiceInner'.

Thankx I was discouraged actually

Those people would give up halfway through either way. If a title of a video turns you off something you want... You don't really want it.

Try to open a PR to Ben about it /s

reworded i think more like "example plz, i'm brain dead" (have no idea about the thing, can be non-offensive phrase in some language)

I thought that meant only if he was brain dead he would use that PRIVATE CODE that way.

also, fragmentation/ variants is a welcome thing most of the time, not all solution will work out the long term, having multiple variants means the better solution will prevail over time or an external change (new compiler features, etc) will make the the split unnecessary. we had such split that later date were merged like how it happened on node.js and io.js split and merged later on.

I can't stand those kinds of videos: they encourage new programmers to contribute to a project just for the sake of contributing to a project. If you want to contribute to OSS, that's great - contribute to a program that you actively use and understand. Strolling around someone else's codebase looking for things to fix or add is just going to cause friction like the pull requests in this video.

ice cold take: there's nothing wrong with correcting doc typos. it makes things more searchable, helps with people who use screen readers, helps nonnative readers of the language, helps anyone with visual processing disorders, and gets people at least used to the process of how PRs work
I'm not gonna comment much on refactoring because that's case-by-case - i think it's something that inexperienced devs do more often BUT there are definitely times when refactoring improves readability and maintainability.

I wholeheartedly agree that fixing unsafes is petty. Real programmers should be fixing bugs after users experience them, and cause damage, not before

​@@polimetakrylanmetylu2483 agreed, the change is on "private" part of the module and nobody will use it like example without deliberately placing such case on the actix codebase itself.
it's like complaining about an unsafe door on top of locomotive that people can climb out with a ladder (that shouldn't be inside when the train is running) going up and smash their head to one of the narrowest tunnel that the train will go through only when the main railway and the secondary railway is on maintenance which is super rare. and the proposed fix is removing the warning sign on the door and weld the door. and the old maintainer does not agree because the door have a legit use on maintenance or smth.

Sometimes problem solved is lag. But yea random refractors (that will possibly only add lag) make no sence.

This is major conflict between web only programmers and traditional native programmers.
TL;DR I find too many programmers are used to writing in managed environments without ever having to learn to manage memory themselves and it leads to inexperienced devs expecting a tool sort out all of their issues and expect modern hardware to be the answer to poor optimisation. -- Bit of rant below
I'm actually a rather young developer, originally self taught up to the point I went to university, thankfully at that time we still had a lot of old school professors who wrote in older languages and a solid understanding of how things work at the very lowest levels. One of there ways of teaching us to write good code from the get go was to make us learn assembly and write programs in assembly, it was never about learning assembly but it was to instill in us how to write code that was functional, well written, how things work at the lowest levels and to make sure we properly understood memory management and concepts around it.
I see far too many self taught programmers taught from online courses that are more often than not made by people who've never learnt to program out of a managed environment with a huge toolchain that will make sure you code is almost always going to have behaviour that's expected or will even fix bad code for you. I personally don't think this is a good way to learn to program, yes the tools are useful and once you've got the experience and skill to write decent code without assistance you can use these tools but you should never rely on them.
Programming is something you only get better at with experience and with trial and error, when you're being handholded through the process and relying heavily on manage environments to make sure you don't do anything wrong you're not learning anything other than to write that one specific thing in the safest way possible that the setup guides you towards, it does not provide you with ways to experiment with more error prone code (unsafe code is not unsafe, it just means it has a higher chance for things go wrong if you're not careful) to make something that runs faster or has more flexibility.

Those are the ppl who follow tutorials and think that they are programmers without ever trying to build their own project.

@@catmaxi2599 im in college doing c++ and i pray i don't end up in a job doing Java

@@KeraLab C++ expects you to know what you're doing. Neophytes need not apply.

Exactly. Bro, these new languages have ruined people's brain.
People think they can write anything and compiler should do the rest. People don't have brains anymore.

Just stuck in 2005

If you don't use unsafe it won't. Your statement is only valid when you use it. The main advantage of using Rust is to be fast and safe.

I am a 2-year old, if the Soap smells like strawberries, I am gonna taste it...

over 52 year old... ?

Rust is still awesome. Actix lives on and is now safer to use.
On top of that, there's other web frameworks like Rocket, Gotham, Warp, Tide, etc.

@@WorstDeveloper - I agree, I'm going over Actix, Rocket, and Diesel now. It's really fast. The type checking and compiling reminds me of TypeScript. Hopefully Ben will make videos on Rust. ;-)

The public APIs were not dangerous. The bugs would have only happened if someone deliberatly used the code incorectly. I wonder if the speed decreased or stayed the same with those refractors.

Also for comparison - that issue was one of the many unsafe related issues that author opened on various repos as a part of work on his article. All those projects responded in some reasonable way, whether they did something about it or not, except for actix, where the maintener went straight away into defensive mode without any meaningful response.

So what? There is UB but UB is not always bad. It could be that you will never encounter that UB with a sane use of the library, and in contrast resolving the UB will probably mean a performance penalty. Rust unsafe is also a way to optimize code, if you know what you are doing. I use unsafe a lot because I know what I'm doing, damn I wrote code in C and C++ for 30 years and nobody questioned about the fact that is super dangerous I should not do that, and now in Rust is a problem? I know how to write code and thus I use unsafe when using it does make sense, even at the expense of some UB derived by an incorrect usage of my code.

@@alerighi You're right. I am not arguing against that. As I said, the problem was maintainer's attitude, not unsafe code (or UB).

@@panstromek I dont think maintainers attitude was a big problem but the communication. I understood what he was trying to say and I see that majority of the programming community wont understand it because the way he wrote it. If he would had spent more effort in explaining his thinking it would not have exploded the way it did

There was definitely dog piling on the maintainer. People seem to hate actix with a passion. The amount of people declaring 'i will not use actix!' seems bizarre considering how much software I personally do not use, on the daily.
The first bit was helpful the dogpile not so much.

The irony of choosing a language because you want guaranteed safety. Then taking a dependency you don't have control over

@@illusion466 lol

if they had a PR that means they forked it. so they HAVE the code. this complaint makes no sense lmfao.

lol, is rust like a religion? the 1st commandment of rust...

@@Jossnaz You'll never find another community that preaches the conventions of the language more than Rust.

@@Wzymedia well I cannot judge. But having preachy people all over the place sounds kind of horrible to me. But I dont know the real situation. You know, using unsafe code to have a fast service doesnt seem necessarily wrong to me and I wouldnt call it cheating either. "Use this server with a lot of unsafe code and you get fast performance" sounds absolutely fine to me.

@@Jossnaz if you look at the PRs for the fixes of 'unsafe' you'll see it would be rather easy for any of these "fixers" to fork the project and fix it, but no, it was far too easier for them to stay one side and critize the maintainer.

That's a stupid commandment, really. I think Rust being split into "safe" Rust and "unsafe" Rust is one of its biggest strengths.
However, to be honest, I saw this one coming from a mile away. The second you make a decision where you sacrifice performance for safety or vice versa, you'll have people tear you apart because half of them ain't gonna agree with what you did. And the "unsafe" keyword only makes this decision stand out like a sore thumb in your source code.

it looks really good. Rocket is upsetting to me so I'm trying to find a better framework (I came from node/js and I liked koajs/svelte not react/angular stuff). I also wish they'd put tokio into base rust already

@@GrandpaRanOverRudolf Interesting, in node/js we use joajs as well, and it's very clean.
Btw, on the Rust side, I am moving to Axum. It is very well designed, not too high, not too low, and well componentized. Working on a video tutorial as we speak.

Didn't they also prove there was undefined behavior outside of using internal functions though?

In response to your first point: in rust, it is impossible for library consumers to call internal functions. They cannot bring then into scope. Same goes for types, macros etc. All you get is what's been explicitly marked as public.

Eh... Rust is mostly meant to not have all the shenanigans that are common in C code.
Which in C, the libc and stdlib libraries are actually a vector to break into a computer. Particularly through the printf syntax that can be used to break stacks and run arbitrary code. It requires a lot of ground work and study--and breaking in this way _will_ show up in log files... and most computers will have daemons running that can be all, "yeah... something is doing some FUN with libc/stdlib"...
... but Rust is meant to be a bit of software that can run without a daemon making certain other software is playing safe with it.
So even if a routine is internal and not public--that doesn't mean it cannot be used as an attack vector.
Hell, tar(1) has had (very specific patch level) versions that you could get root access to a system via timing a racing condition properly when the extracted files are being given permissions on the file system they are being written on. An exploit that--nobody really knows how to do--except making two people in the world... but Tar still got patched regarding that. Mostly to keep it that way.
So... I understand why Rust would want to have these lofty goals... and I do think these goals are really lofty and Rust hasn't gotten them... but it is nice to see what happens when they are attempted. I just wish Rust's community would stop acting like they've gotten there already.

@@NimhLabs you're absolutely right that an unsafe internal function could be used as an attack vector, but in order for an attacker to reach it, the consumer code also needs to be broken to the point of allowing a user to call an arbitrary function pointer. As long as the consumer only writes safe rust, and we assume no exploits are present in Actix like the author wants us to, it won't be any more an attack vector than any other piece of code on your device.
That said, I hope I'll never need so much web server performance that I need to blindly trust code written with the Actix philosophy.

@@iwikal Are you suggesting that Security Through Obscurity is completely fine?
Also... with exploits similar Shellshock happening maybe about twice a decade, the issue isn't so much the consumer writing code.
That being said, I don't think Rust has completely gotten to where it wants to think it is with its Safe code philosophies... but I admire that they are making an attempt. The Rustlang community seems to be full of people who smell their own farts.

You are going to suffer. Why do you inflict this on yourselves?

And, have you suffered? Banning people for not being constructive is pointing a gun to your feet.

Is there any link describing the issue?

@@temirzhanyussupov6997 here you go: qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

Temirzhan Yussupov blog.npmjs.org/post/141577284765/kik-left-pad-and-npm -> one from the npm blog

This reminds nothing of that though. Because NPM/node's package management does not work like Rust's Cargo does. You literally could not achieve the same situation under Cargo. which is why people love Cargo. Because not only is the system versioned incredibly well, the compiler toolchain is also versioned - so let's say a project dies, and stops working under newer versions of rust, breaking compatibilities or whatever, the toolchain itself can easily be used where those things are compatible. This is not the case with Node and NPM either.

Thanks for adding more context.

But if Rust is all about safety how it allowed to compile an unsafe code without marking it with 'unsafe' keyword in the first place? Isn't this defeating the purpose of unsafe making it optional keyword?

@@ke5uq1we8h The compiler does require unsafe code to be marked unsafe, and it was. It was using unsafe *blocks* inside of functions, and not marking the *functions* themselves with the unsafe keyword. So callers of the function wouldn't know it was unsafe under the covers. Rust doesn't require every caller to be marked unsafe because a code block somewhere in the program is unsafe, that would be silly. It only requires callers to be marked unsafe if they call a function marked unsafe, that's why people were asking for the functions to be marked unsafe and not just code blocks inside.

@@MonkeeSage So, unsafe block of code inside a function doesn't render that function unsafe, but calling an unsafe function - does. That is, an unsafe function will drags its unsafety all the way up the chain of calls until an unsafe block of code, which effectively stops the notion of unsafe code from spreading. In my opinion, Actix developer fully meets the language rules by concealing unsafe code inside a block according to said language rules.

@Layl Bongers Your comment shows a clear lack of understanding of how unsafe code works in Rust. Take a look at th-cam.com/users/JonGjengset - specifically "Porting Java's ConcurrentHashMap to Rust" - a 3 part series @MonkeeSage is bang on the money.

most likely

@@bawad awesome man, you are the best

The unintended behaviour did not happen when using the public APIs. It happened if someone forked the code and did something bizzare in private code (and also tied it up to public API)

then why does the compiler let you do it?

@@LC-hd5dc I don't get your question, why does the compiler let you do what?

C++ and rust agree that a program is not well formed if UB can occur at runtime (safe, unsafe regardless). But you are making a stronger claim: that it is not just convention but a language guarantee that safe code could never possibly cause UB no matter how it is written (and you need this to be not only convention but a language guarantee in order to say that this is a "bug by Rust's definition and should be fixed 100% of the time, no exceptions"). Is there actually a rust language spec saying a program is not well formed if, after possibly replacing the program with a different one differing only in the safe sections, this new program can cause UB at runtime?
To my knowledge, the only existing spec for rust is rustc, which does not prohibit such programs. That leaves this norm as merely a (strong!) convention for writing rust. There are conventions for writing many languages, but failing to follow those conventions is usually not considered a bug. The program possibly misbehaving is a bug. In any case I agree that open source libraries should follow the strong conventions of the language, but I think you are overstating their transgression.

@@austinconner2479 It's been a while since I wrote that comment, but if you write safe code only (i.e. don't use any unsafe blocks) then Rust guarantees you that no UB can happen. If rustc still causes UB, that is considered a bug and an issue needs to be opened. It's the same for the STL. Rust's whole design revolves around that idea, so it is much more than just a convention. You are right though, technically rustc is currently Rust's spec. But again, safe code causing UB is considered a bug in rustc's terms. Other than that, there is a Rust Reference book and although it is explicitly not a language spec, it's the closest that we have currently.
The Rust Reference book states about unsafe blocks: "When a programmer has sufficient conviction that a sequence of potentially unsafe operations is actually safe, they can encapsulate that sequence (taken as a whole) within an unsafe block. The compiler will consider uses of such code safe, in the surrounding context" which I interpret something like this: When you write an unsafe block, you are signing a sort of contract with the compiler that your unsafe block will not cause any UB in it or the surrounding safe code. If you violate that contract, rustc is allowed to do whatever it wants.
Of course rustc won't prevent you from causing UB in safe code through unsafe blocks, the point of the unsafe keyword is that the compiler cannot check if what happens in it is actually safe. But rustc still expects you to uphold that contract.
My wording might've been a bit extreme in my original post, however an unsafe block that causes UB in other safe code should absolutely every single time be considered a bug. It is certainly much more than just a convention and the Rust community will tell you so, as what happened with Actix Web.

As a rule of thumb, assuming you know what you're doing, don't let user interact with unsafe block and you're good.

dude was burnt out i think it was too late

Yes, he should have done that. He is perfectly right to use unsafe everywhere he wants. It's his project. In the other hand, if you decide to do it so, you also must accept the criticisms, and accept other people saying "don't use unsafe" when you can avoid it. In the end, you control your project.

@@1karaden True, I guess what I'm trying to say is he was perfectly within his rights, but he could've handled it better.

Yeah he was, but it would be better to detail his reasons in a contributor guideline so that people don't end up writing PRs that keeps being rejected for some unknown reason.

No conscientious developer intentionally releases unsafe code for the sake of winning some perceived benchmark competition. That said, if your use of the code is mission-critical and the maintainer couldn't care less about your mission, you should by all means fork it. You are ultimately responsible for what goes live in your production environment.

@@diggydude5229 In rust "unsafe" only means "unverifiable at compile time". It can and usually is completely safe well defined code, if it is written by someone who knows how Rust works. Unsafe rust is a hell of a lot safer than anything written in C / C++.
Also some people are using "unsound" ambiguously. It isn't undefined behavior like they are trying to imply. It is like accessing the kth element of an n-length array. It is totally defined whether this is correct or not, but if you do it wrong then it will be incorrect.

@@diggydude5229 noob

@@cruelplatypus67 Great input, kid.

Except, I don't think he did know what he was doing. Benchmarks of actix make it look like there are memory leaks.

It's not even a good definition, in fact it's a really bad one. A segfault is much different than UB; UB gives no guarantees on crashing or not crashing, which in a sense is much, much worse than just segfaulting for instace. So I definitely hear ya on that one.

@@zk4144 "one of the most famous rust web frameworks" is still small because "rust web frameworks" is a small field to begin with

There's two kinds of safety violations, "I shot myself in the foot" and "it's someone else's problem". You don't fret over every library in C either do you, you generally assume that curl or something is reasonably written and tested and does what it says on the tin. It's someone else's problem.
If you don't want to shoot yourself in the foot, Rust is a reasonable choice. But to achieve less friction and better integration, less overhead, less effort, you can be inclined to use Rust native libraries. How they remain safe, whether by language features or by other means is "someone else's problem".

yeah, that would be a dumb move, but if it's a popular repo there might be at least a few people who would do that, or maybe for using unstable versions?

Please don't say that. If any non-programmer ever reads it, our reputation as nerds will sink even further!

@@Christobanistan hahaha true 😂 nice 1 tho. 💯

For the Rust compiler, this is UB, and once you have two mut references, the compiler can do whatever it wants with your code. In other compilers, it might not be, but Rust assumes that this doesn’t happen, and optimizes based on it.

@@Ninjacatburger Especially if you are using standard library types, which in all fairness to the PR author, the creator was.

I think he's already big

Lol so true