It looks like the maintainer of the base64 crate broke all code using the rust-bitcoin Core RPC client to run on .

Trivial crates like base64 have a single job: don't change.

The rust-bitcoincore-rpc crate uses the jsonrpc crate which depends on hyper v0.10.19. Which is affected by this issue.
So we will have to migrate those crates to a different HTTP stack. One of our criteria is manageable dependency trees.

@stevenroose oh, that makes sense. For some reason I thought it was the other way around, the base64 create depending on the bitcoin one :-)

@stevenroose 👏 :classiclol: I saw this coming yesterday when I noticed bitwarden_rs had multiple versions of base64 in its dependency tree

how hard is it to make a base64 library people?

The base64 crate "requires Rust v1.31 or higher". WTF. How can one not have base64 code that works on all versions...

@stevenroose because the language is trash and everyone defending it is a liar

That escalated quickly.. I have to disagree. I very much enjoy the language and it seems their promise of memory safety also still holds.

@feld @stevenroose Also comparing to Go… how can a language not have base64 in their standard library?
@lanodan @stevenroose @feld Because they want a "minimal" standard library to focus on what really matters and because its a lightweight embedded language :) Thats why rand isnt there either
@caseyp @lanodan @stevenroose don't try to convince me Rust is lightweight. It's almost 700MB
@feld @lanodan @stevenroose I'm just repeating their reasons sarcastically.................. its obviously bullshit lol

@feld @stevenroose @caseyp @lanodan

lightweight can mean a variety different things

- not introducing unnecessary overhead at runtime [x]

- having a minimal standard library so if something turns out to have been a bad idea ten years from now, there'll be no burden of maintenance [x]

- having a compiler that fits on a floppy disk [ ]

- having software run fast because the compiler was smart and complex enough to make optimizations on high-level code [x]

i checked those that apply to rust.

I see a lot of hate, but no real arguments against the language.. I'm confused. I've been using Rust full time for work in the last year and it's been a blast. Very much enjoying it and never have much trouble except for the occasional moron crate maintainer that makes a breaking change in a minor version update so we have to solve the mess.
@caseyp @feld @lanodan

@stevenroose @zalandocalrissian @caseyp @feld
Problem is: Rust is a one-implementation language, so if the implementation sucks (even from a non-programmer point of view) the language sucks with it.

There is a second compiler written in C++, but IIRC it only supports versions of Rust up to 1.22.
@feld @zalandocalrissian @caseyp

Also there is no reason to provide "arguments". I have explained many times to many people the issues with Rust in other places and irl. This has not been a thread about convincing anyone about anything, so there is no need for "arguments". Its a thread entirely unrelated to that venture.
@lanodan @feld @zalandocalrissian

I wasn't talking about this thread specifically. Just in general. I've been noticing negative opinions on Rust but I don't really understand why.
@feld @zalandocalrissian @lanodan

@stevenroose @caseyp @zalandocalrissian @lanodan for a modern compiled language that's supposed to be better than C can you tell me why there's an embarrassingly incomplete standard library?

Why is there openssl, rustls, nativetls, and hyper-tls crates? You're making big security promises with nodejs mistakes.

Has anyone in the community actually taken the time to understand proper SEMVER? Providing real ABI stability so people don't have to depend on specific versions of a base64 crate, for example?

Rust is writing checks with its mouth that its ass can't cash.

I am not impressed.

Also your packaging/crates REQUIRING git is a joke. git will be superseded someday. You've handcuffed yourself to some seriously dead weight.

@stevenroose @feld what crate are you talking about? crates.io/crates/base64
"The minimum required Rust version is 1.27.2."

@stevenroose Rust 1.31 fixed usability problems of modules, and the base64 crate chose to use the newer syntax internally.
The oldest Rust version that is officially supported by the Rust team is 1.37.0.

Well, that's a big part of the problem. How can a team developing a systems programming language abandon each release after a few months..

@stevenroose The idea is that the compiler is backwards-compatible and automatically updates, so you never have a reason to stay on an old version.
It's exactly the same thinking as the change from the Internet Explorer upgrade model to Chrome upgrade model.

@stevenroose It is of course a shocking difference compared to C's "C 1999 is still too new in 2019" approach.

There are two major features Rust wants to release (async and const generics), and may slow down after that.

@kornel The flipside is that when your codebase is v1.19-compliant, you get a heckton of warnings printed about all kinds of things being deprecated.
But well, backwards compatibility is of course awesome. But there are reasons to stay on an older release, though: github.com/marshallpierce/rust

@stevenroose Rust ecosystem doesn't support Debian, sorry. You will have *endless* pain if you try to use Debian's unsupported Rust versions. It's rustup-or-nothing.

@stevenroose At Cloudflare we use Debian, but make our own Rust .deb.

@stevenroose @kornel debian trying to be c's package manager: "oh yeah, we give you outdated software, but don't worry about security issues! when we hear of security issues in the upstream project, someone from our team will start editing critical parts of other people's c code until it compiles again, then we'll ship it to everybody. also, two thirds of our package names end with -dbg or -dev, because all software has header files and debug symbols, doesn't it?"

@stevenroose @kornel that's quite narrow minded, as javascript needs nodejs to run an end-user application. The rust packages are only needed for compiling! I think it's actually good to always use the latest upstream stable rust version for compiling binaries that will be shipped by e.g. debian. The end-user does not need a compiler to run software written in rust. Rustup is totally fine for development, as it makes version changing super easy and does not touch your system files.

@stevenroose It definitely tries to follow a successful model. Cargo is very similar to npm. Language's backwards compat + continued evolution is similar to EcmaScript. Rustc release trains are the same as browsers' shipping V8 & SpiderMonkey.

@feld @stevenroose apparently the crate stuff was inspired by Node package manager... I am still not sure wether it is a technical or a cultural issue, but it surely sucks
Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.