My first ever Rust program!

Here, for posterity, is my first ever Rust program. It checks the key log on the Upspin Key Server.

extern crate sha2;
extern crate reqwest;

use std::io::Read;
use sha2::{Sha256, Digest};

fn main() {
    let mut resp = match reqwest::get("https://key.upspin.io/log") {
        Ok(resp) => resp,
        Err(e) => panic!(e),
    };
    assert!(resp.status().is_success());

    let mut content = String::new();
    match resp.read_to_string(&mut content) {
        Ok(_) => {}
        Err(e) => panic!(e),
    }

    let mut hasher = Sha256::default();

    let mut ct = 0;
    let mut last_hash = "".to_string();
    for line in content.lines() {
        if line.starts_with("SHA256:") {
            let mut fields = line.split(":");

            // skip first token
            match fields.next() {
                Some(_) => {}
                _ => {
                    println!("Bad SHA256 line: {}", line);
                    continue;
                }
            };

            last_hash = fields.next().unwrap().to_string();
            let expected = string_to_u8_array(&last_hash);
            let output = hasher.result();
            assert_eq!(output.as_slice(), expected.as_slice());
        } else {
            hasher = Sha256::default();
            hasher.input(line.as_bytes());
            let newline = "\n".as_bytes();
            hasher.input(newline);
            if last_hash != "" {
                hasher.input(last_hash.as_bytes());
            }
        }

        ct += 1;
        println!("Line {}", ct);
    }
}

use std::u8;
fn string_to_u8_array(hex: &String) -> Vec<u8> {

    // Make vector of bytes from octets
    let mut bytes = Vec::new();
    for i in 0..(hex.len() / 2) {
        let res = u8::from_str_radix(&hex[2 * i..2 * i + 2], 16);
        match res {
            Ok(v) => bytes.push(v),
            Err(e) => {
                println!("Problem with hex: {}", e);
                return bytes;
            }
        };
    }
    return bytes;
}

I found myself sprinkling mut’s and unpack()’s here and there like the mutation unpacking fairy, hoping something would work. I don’t think that how you are supposed to do it, but we’ll see.

People give Go a bad time about the size of it’s compiled files, so I expected this little Rust program to be much smaller. But not so:

$ ls -lh ../target/{debug,release}/upspin
-rwxrwxr-x 2 jra jra  23M Jul 21 15:12 ../target/debug/upspin
-rwxrwxr-x 2 jra jra 5.1M Jul 21 15:14 ../target/release/upspin

People also say, “Go is fat because it is statically linked”. Pure Rust code is also self contained in the program’s ELF file. But the 5.1 meg release image does not count several quite large shared libraries that it depends on:

$ ldd ../target/release/upspin
	linux-vdso.so.1 =>  (0x00007fff319c2000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f3d7a6cc000)
	libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f3d7a288000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3d7a083000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f3d79e7b000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f3d79c5e000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f3d79a47000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3d7967d000)
	/lib64/ld-linux-x86-64.so.2 (0x00005555d33b8000)

From a code safety point of view, I find it really troubling that even if we work so hard to make the compiler happy to prove our code is secure, we are still depending on libc and the platform’s OpenSSL. I remember the first time I started digging down into Go and realized that it wasn’t even linking libc, and it gave me a fantastic feeling of finally cutting the cord to the old, dangerous way of programming. With Rust (and hyper) we’re right back to depending on C again. Yuck.

Finally, the incredible speedup from debug to release images was surprising:

$ time ../target/debug/upspin > /dev/null

real	0m3.631s
user	0m0.888s
sys	0m0.020s
$ time ../target/release/upspin > /dev/null

real	0m2.961s
user	0m0.068s
sys	0m0.016s

Look at user, not real. Real is dominated by waiting on the far-end server. Real is more timing the TLS decryption, the parsing and the hashing.

Read it and weep

I searched for “how do I make an HTTP request in Rust?”. I’m a newbie, we do things like that. Don’t judge.

I found this. I still don’t know how, because the answer marked correct refers to a library that a comment from 2016 informs me is no longer supported. There’s also a helpful comment pointing me at cURL, which is written in C, which is the opposite of safe.

It does appear that the right answer, in 2017, is hyper.

I do not have warm fuzzies from this experience.

Update: Headache-inducing head slap from this (answer with 1 vote: “It is now 2017, and rustc-serialize is now deprecated as well…”), which happened 30 minutes after the above.

A Go programmer continues to learn Rust

I went looking for the equivalent of goimports and didn’t find it. Sad.

I wanted to use std::fmt to do the same thing as sprintf or fmt.Sprintf. I got stuck on “expected &str, found struct `std::string::String`”. I found a blog posting trying to explain it but I don’t understand enough yet to understand it. What I do understand is that it is highly suspicious that a language has two incompatible types for string. WTF, Rust? I’m trying to write a program here and you want me to sprinkle magic to_string()s in it? How about you STFU and let me be a human, and you be the computer doing the boring crap for me?

So back to basics, how about search for “rust format a string”. Top 3 hits are 3 different pages from the Rust reference manual, with 3 different import paths for apparently different ways to format strings? Well, just try one. Compiler says add a &. Fixed! So “give stuff to macros format!, get back a std::string::String, borrow a reference to it (which somehow magically does some type conversion between the 2 kinds of strings?), and give that to expect”. Right, got it.

I want to detect if nothing was read from io::stdin().read_line(). Hmm, how about `if guess.trim() == “”`? Bingo! Maybe this isn’t so hard after all!

Ugh, so many semi-colons. Bro, do you even semi-colon?

Aiee, the tutorial ran out and now I’m into a boring reference book. Let’s switch to this.

What’s #[]? Is that a macro? A compiler directive? A pre-processor directive? Tutorials that don’t give links to fundamental docs are annoying. I’m not a child…

Well, let’s go see what kind of crypto libraries are available. Hmm. Curious, the TLS connector for Hyper uses Rust Native TLS, which uses OpenSSL. Rust: fast, modern, and safe. Unless you are doing security critical work, then we hand that off to C programmers from 1990, because they never made any mistakes. Doh.

So, search for a pure Rust TLS, and I find rustls. Which uses ring for crypto. Which… wait for it… is made from Rust and C, with the C copied from OpenSSL.

Come on guys, this is not very impressive so far.

However, ring uses something called “untrusted” to parse attacker-controlled input more safely. That’s really interesting.

A Go programmer’s first day with Rust

Where is the tutorial? The first Google hit gives a redirect to a page explaining that I should read the book. The first page of the book explains that I should read the Second Edition unless I want to go deep, then I should later read the First Edition also (and presumably ignore the things that had been changed later in the Second Edition?)

OK, let’s do this thing! Get rust-mode installed in Emacs, and get it to call rustfmt on save, because Go taught me that the tab button is from 1960 and I don’t use it anymore.

Search for “why is rustc hanging while compiling rustfmt”. Find closed issue from someone who did the same thing. He says, “in the 6 minutes it took me to make this issue, it finally finished compiling”. I go back to my compilation window and find the same thing. Why is Rust’s compiler so slow?

OK, let’s do this thing! Wait, why is rustfmt making different format than the tutorial? Try some stuff, find out rustfmt wants me to upgrade my compiler to nightly, tell it, “No, my friend, that’s not going to happen. I rode that train with Go and it made me crazy.” Give up and accept that rustfmt is fighting the tutorial to teach me different formats for Rust. I miss gofmt.

Play with the example code in the tutorial, make syntax errors on purpose. The compiler error messages are… trying to be helpful, but as a result are too big to fit in my window. Rust developers must have bigger monitors than me. It is surprisingly difficult to say the minimal helpful thing. “I would have written a shorter error message, but I didn’t have time.”

Read about Results and how they encapsulate the return value. This is really elegant and pretty.

Tried making some code with and without mut and I think I’ve got it more or less. I understand why this is important, but I’m still pretty suspicious that it should be my job as a programmer to keep track of this. Wonder if there should be a rustfmt plugin where it adds in the mut’s that I’m not interested in keeping track of myself?

I would rate this 60 minute session of Rusting as about a 3 out of 10 on the “that was fun and I’d like to learn more of that” scale. Let’s see how the next hour goes…