So the argument is that yes Rust would have helped mitigate this specific bug, but bugs exist in all languages so therefore it doesn't matter the language.
I see the logic, but I don't think anyone is saying using Rust would make it bug free, people are just correctly pointing out Rust would have helped this bug, or in other words there is the potential for less bugs with Rust.
> The above are all things that could (and sould!) be done to reduce the chances of a misbehavior happening, but we must accept that the code bug was just the specific trigger this time around and a different trigger could have had similarly nefarious consequences. The root cause behind the outage lies in the process to get the configuration change shipped to the world.
> Now, SRE 101 (or DevOps or whatever you want to call it) says that configuration changes must be staged for slow and controlled deployment, and validated at every step. Those changes should first be validated in a very small scale before being pushed to the world later on, and every push should be incremental.
Unfortunately, the article is sort of burying the lede until half-way through until it makes some decent points.
We should be using safer languages, but also 1) how is it possible that CrowdStrike can push a content update globally to all clients with no option for their customers to delay it for testing and 2) why doesn't CrowdStrike have internal testing before deployment?
> people are just correctly pointing out Rust would have helped this bug
So would a unit test or a fuzzer. But it's obvious this does not solve the actual problem, only a particular instance of it. It should be as obvious that mentioning Rust doesn't too. Kernel module in Rust may not have buffer overflow bugs (even that is not 100% certain, but let's assume for a minute) but it doesn't mean it's safe - or even significantly less unsafe.
> Poole lasted just five years at Google, which CNBC notes is usually just long enough for any employee's shares attached to hiring to vest
They make it sound like he barely managed to get any stock. That's like saying, "person worked at X for 1 year, just long enough to get 1 year's salary." Well, yeah, but if they left in 11 months they'd get 11 months salary. It's not like if Poole left at 1 year or 4 years or anything in between he would have left with anything different proportionally to his tenure.
Also it doesn't really match with reality, since they'd usually get refresh grants and have a rolling four year window at all times.
The article sounds like the reporter heard a soundbyte about google's typical four year vesting period, and then did zero actual research into what that means.
I don't know--I've heard a lot of people here noting the "4 year cliff" at most tech companies, not just Google. Not all companies give refreshes, and of those that do, it's usually not enough to make up for the initial grant going away.
I left my last job pretty much on the day of my 4 year anniversary because I'd otherwise be taking a 25% comp hit in year 5. It's definitely a thing.
When you initially start at Google, say, you get an RSU grant that vests over 4 years. So for 4 years you are getting your salary and on some schedule also getting stock. The stock can be a quite large portion of your total compensation (as in, comparable to the base salary).
After 4 years, unless you got refresher grants, your compensation is just your salary, so you effectively make less money than during the first 4 years. At that point the incentive is to move to some other company and start the 4-year clock again...
Ok got it! So I guess the only way for Google to keep the best performers is to eliminate this cliff by giving RSU and/or offering a significant pay increase.
On the other hand, that kind of job is stable, pays well enough, and doesn't demand much outside of 9-5. For people with families, that's a lot more appealing than you'd think.
True, but this is a company where when I logged on the other day there was an article about a guy retiring after 52 years as a delivery driver. Yes, that's right, fifty two years at one company, although I imagine he did small package delivery and feeder work (trailer loads). So not just one position, but pretty close.
Meanwhile, I've been at the same company for longer than a couple of my coworkers have been alive (though I've changed jobs twice in that time) so "only five years" sounds comparatively short to me.
My wife has been at her current company (large like freescale, flexctronics, jabil) for 8 solid years , and she is still going strong.
Meanwhile I've been at 4 startups, from seed to Series B . I just get bored so easy.. after 3 or so years I NEED a change. Or maybe is because startups dont care about w/l balance and drain you until you quit.
This is not a hot take - genuinely curious as someone who had been at a few startups: do you think the fintech side of startups embodies the burn and churn strategy moreso than other sectors?
I’ve been using Mimestream since the very early betas, and have grown to absolutely love it for its simplicity and performance. The developers are very responsive, and are iterating quite quickly to tighten up the client before stable release.
I will absolute purchase a license when it’s out of beta.
If you are on BigSur and would like enable DoH for a variety of providers I would check out https://encrypted-dns.party there is pre-made profiles for many. All open source.
For me the biggest quality of life improvement has been moving to a less populated area with clean air, clean water and access to good organic food, forget what country that is in, that only matters in which the local government either degrades or improves upon those basic things.
This is why I probably won't move to Asia, it's just too polluted. Or why I won't move back to a big city.
I see the logic, but I don't think anyone is saying using Rust would make it bug free, people are just correctly pointing out Rust would have helped this bug, or in other words there is the potential for less bugs with Rust.
So yes, and.