The article is more about the behavior of members of the C++ committee than about the language. (It also has quite a few tangents.)

I understand what you’re saying, but I want to do whatever I can to promote the shift in attitudes that’s already happening across the industry.

And being late or never delivering out of fear of shipping buggy code is even worse.

From a business perspective, yes, usually true. But shipping buggy software can also harm your company’s reputation. I doubt that this has been researched enough yet to be quantifiable, but it’s easy to think of companies who were well known for shipping bugs (Microsoft, CD Projekt Red) and eventually suffered in one way or another for it. In both of those cases, you’re probably right; Windows was good enough in the 90s to dominate the desktop market, and Cyberpunk 2077 was enough of a technical marvel (for those who had the hardware to experience it) that it probably bolstered the studio’s reputation more than harmed it. But could Microsoft have weathered the transition to mobile OSes better if it hadn’t left so many consumers yearning for more reliable software? And is Microsoft not partly to blame for the general public just expecting computers to be generally flaky and unreliable?

Imagine if OSes in the 90s crashed as rarely as desktop OSes today. Imagine if desktop OSes today crashed as rarely as mobile OSes today. Imagine if mobile OSes crashed rarely enough that the average consumer never experienced it. Wouldn’t that be a better state of things overall?

I care about types not just because I like having stronger confidence in my own software, but because, as a user, bugs are really annoying, and yes, I’m confident that stronger type systems could have caught bugs I’ve seen in the wild as a user.

You are saying “yes” to a comment explaining why the Google AI response cannot possibly be correct, so what do you mean “and [it’s] correct”?

This article somehow links to both the Reference and the Ferrocene spec, but still concludes that an official non-Ferrocene spec is necessary.

Why doesn’t the Ferrocene spec accomplish what the author wants? He states:

In other words, without a clear and authoritative specification, Rust cannot be used to achieve EAL5.

What? Why can’t the Ferrocene spec (and compiler) be used? Do Ferrocene and TÜV SÜD not count as “some group of experts”?

(Regarding the author’s opening paragraphs, the Reference does make the same distinction about drop scopes for variables versus temporaries, though I can see why he finds the Ferrocene spec clearer. But that doesn’t demonstrate that the Reference is useless as a stand-in for a specification.)

That’s actually not how any language has ever been written, though it’s easy to get that impression from how much the C and C++ communities emphasize their formal specifications.

But in fact, both languages were in production use for over a decade before they had a formal spec. And languages with formal specifications are actually a tiny minority of programming languages.

There is indeed a caveat in the introduction to the Reference that there may be statements in it that are specific to rustc. However, the authors strive to keep statements about the implementation separate from statements about the language.

The main reason there’s not yet an “official” spec is that creating one takes enormous time and money, which are always limited resources. (Note that both C and C++ had no formal standard for over a decade after their initial release.) The Reference is “good enough” to make a formal spec not strictly necessary, and the existence of Ferrocene makes it even less necessary, since anyone who absolutely needs a spec can use Ferrocene.

You can say the Rust implementation is wrong if it doesn’t conform to the Reference. That is not the same as “you personally disagree with the behavior.”

Rust’s guarantees about the behavior of safe code are far stronger than anything C or C++ provides, with or without a formal spec.

Creation is easy, assuming the many-worlds interpretation of quantum mechanics!

Delete prior iterations of the loop in the same timeline? I’m not sure there’s anything in quantum mechanics to permit that…

In the universe where the list is sorted, it doesn’t actually matter how long the destruction takes!

Reminds me of quantum-bogosort: randomize the list; check if it is sorted. If it is, you’re done; otherwise, destroy this universe.

Or Stockholm Syndrome

You’re not wrong, but not everything needs to scale to 200+ servers (…arguably almost nothing does), and I’ve actually seen middle managers assume that a product needs that kind of scale when in fact the product was fundamentally not targeting a large enough market for that.

Similarly, not everything needs certifications, but of course if you do need them there’s absolutely no getting around it.

In case you’re still interested in this type of resource, here’s another one I just learned about: https://google.github.io/comprehensive-rust/

It’s by the Android team at Google, and while it doesn’t require knowledge of C++, it seems to be intended to bring devs up to speed on the concepts required for using Rust in Android and Chromium.

Wow, I definitely should have google that myself before asking, but thank you for explaining and calling out that data point.

I honestly think that shows that it was in fact a bad idea to assign TLDs to countries. Having a country code acronym with a popular tech meaning is essentially just luck of the draw, so they’ve basically just arbitrarily given a few small countries a valuable resource to sell. I guess that benefits those countries, but I doubt “quasi-random fundraising for small countries” was ever the intent.

But do they actually have autonomy, give that random companies can use .io and .ai? Or did the British Indian Ocean Territory and Anguilla approve all such uses of those domains?

Why top-level, though? Why not amazon.in.com?

Obviously this isn’t specific to Rust, but frankly it’s bizarre to me that ICANN chose to tie top-level domains to country codes in the first place. Languages might have made sense, but a major feature of the internet is that it’s less beholden to political boundaries than most of the physical world is.

Yep, learned it recently from a list of things that are, surprisingly, named after real people. Deb and Ian eventually got married but are now divorced.