Would it? From what I remember, a lot of rust's build time comes from
building its own LLVM. Can we reuse our base LLVM for Rust-in-base?


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

It used to be the case that the Rust port could not use an LLVM port,
but had to use its own copy, but it seems that as of
https://cgit.freebsd.org/ports/commit/?id=098de5bc2195 it is possible
again.

However, I think this discussion is going in the wrong direction: why
keep attempting to build all these huge toolchain components in our base
system at all? Our bmake is reasonably powerful, but upstream build
systems for both LLVM and Rust require lots of dependencies that we can
never all import. And mimicking those upstream builds in our base system
is getting more and more complicated all the time.

Therefore, I think it is better to put more effort in supporting
external toolchain components, and even going so far as to remove some
of those toolchains from base. Including LLVM, at some point. Let new
toolchain components for base live in ports, please.

-Dimitry



--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I don’t want to do a what-aboutism, but if all we’re looking for is a good and
secure system programming language, the alternatives are nicer.

There’s Modula-3, which, unlike Rust, supported FreeBSD as Tier 1, I’m sure the
compiler is smaller, although hasn’t been updated in a while.

On that thought, Wirth’s passing reminded me of Oberon-2, which does have a
port on FreeBSD, lang/voc. It can also “attach” to the C functions. Last year I
integrated libxo, libucl and libjail with Oberon-2/VOC and it all worked fine.
The compile times are also impressive.[1][2]

However, if all we’re looking for is to be fancy and follow the industry, Rust
doesn’t seem bad overall. The main issue is the toolchain. 2x compile time
would be awful. Optional targets would be nice, but then people will start
writing X/Y/Z in Rust, and before you know jail(8) would start requiring a
large external compiler.

Again, to be clear, I would like to hear the “why” more than the “how”.

1: https://github.com/antranigv/voclibucl
2: https://github.com/antranigv/voclibxo

Cheers,

—
Antranig Vartanian
https://antranigv.am/
PGP Key ID: 0x2D59F21C
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Rust has followed vanilla LLVM since 8.0 and they have supported the
external LLVM path since then. However, they use the shared library, LIT
and a few other extras, all of which we don't build or include in base.
They also have narrow LLVM version support windows, with only LLVM 15
and later supported on Rust 1.74 and later. Further, release cycles are
about every month, which maybe unless we stick strictly to Editions
(language standards like C11, C++17, et al), sound like a problem for
-RELEASEs.

--
Charlie Li
...nope, still don't have an exit line.

While a good list, it's just a list. Rust is interesting but without
experience in the FreeBSD context we won't know if it materially improves
things. The why of Rust is currently somewhere between hype and reality.
Those that love it, love it. Those that don't, don't see how this fad is
different from all the other fads. That's part of why it's hard to sell:
the rust toolchain is difficult and different; it can do things
automatically with crates that are insecure and unrepeatable; etc. With
that, though comes a lot of benefits in safety of the language in more ways
than just security. What is needed to convince people it's not just a fad
is to bring some things into the tree that aren't critical to the tree, per
se, but that can let people opt in to see just how bad the downside is in a
buildworld context and just what the upsides are in practice. If it really
is a good fit, it will sell itself...

So this isn't about what could be rust: a lot can be. But what's the point
of rewriting things that haven't had security bugs that rust prevents? The
benefits of using rust have to be documented and demonstrated rather than
just hyped, asserted and sold.

That's why I suggested we start with better tests in rust. That's the
petfect way to make sure we get the external tool chain working. We get the
integration right. We fight with whatever pain there is and fix it as
needed. We learn if it actually fits in and if we can keep up the
infrastructure or if that's not something we can do. Once that works, we
can rewrite other things as the need or desire arises.

So no, we aren't going to rush headlong into fullscale rust replacement of
all the things. However I'll note Linux hasn't done that either. They are
taking a one step at a time approach. Step one is build integration with an
external toolchain, imho. Until we have that, 0 Rust will be in the system.
We already can do ports... but if you want it more central the first steps
will be in making it possible to build rust binaries at all in a repeatable
way.

Warner


Stuff that could only be written in Rust if it were in base

These are all good questions that need good answers, though necessarily to
get started.

But the other question that occured to me after my last posting was "What
about build integration?"
How much of the rust automation do we take in vs how much do we drive from
a future bsd.rust.mk.
I can sketch out bsd.rust.mk (to pick an arbitrary name, we'd likely need
one for what we traditionally
think of as libraries (which may or may not map 1:1 onto crates: we could
have c callable libraries
written in rust in the future, for example) and one for binaries.
Initially, though, if we go with the
'make rust tests possible' then we'd likely need the appropriate packages
installed for whatever
dependencies we'd have in the tests. This would give us a taste for what
we'd need to do for
base, I'd think. Once we had that notion, I can easily see there needing to
be some sort of
rust bindings for ATF/kyua as one of the first libraries / crates that
would test that aspect of
the build system. That all would be up to the people writing the tests in
rust, I'd imagine.

While I could jot out the basics of this integration (so one could just add
the rust
tools to a subdir or subdirs, include the bsd.rust.mk or whatever and then
it would build
if rust is enabled, and would emit a warning it was skipped because rust
was disabled).
We'd find out if this is workable or not and iterate from there. But that
would also require
active participation from the rust advocates to make it a reality: I can
put together the
build infrastructure for the disabled case, but likely can't on my own do
the rust enabled
case. I'd be happy to work with someone to do that, but I'm not going to be
able to do
that myself: my need for rust is slight, my knowledge of rust is weak, etc.
Working with
someone (or ideally several someones), though it could become reality. So
please contact
me if you'd like to work on this.

Warner

Yes, that's a large part of it. Rust libraries are usually statically
linked (though they don't have to be). For example, in the output above,
notice that gstat-rs does not link to ncurses. That's because the
equivalent library is statically linked in instead. Also, rust programs by
default include goodies like stack unwinding on panic, which takes extra
code too. But that can be turned off if you really want to save space.
-Alan

That is probably quite tough a measure but I understand and like your
point. I also would also love to read the kool kids explain why the blunt
assertion that "<something> can't be implemented unless written in rust" is
true as this seems to be contrary to all I know about computer science. (They
probably never heard of haskell.)

That asside, as much as I would like to see erlang and zig in base
(yes, I like type systems), I would never advocate for them to be considered.
I find these languages as well as rust so different in their environments,
runtime and ecosystems, that their integration would require a so heavy
shoehorning that it would probably result in a value less than the sum of them
all.

One of the strong values of FreeBSD is its stability. For fun I
recently booted a 4BSD-something on a VAX emulator and immediately felt at
ease, because of this stability. I perceive rust, despite some of its
technical merits, as unable to provide that kind of stability. This language
is a fast and (still) unstable moving target, so fast that once integrated it
will immediately be obsolete on release. The integrated version would probably
only be usable to compile base, countless other packaged versions would be
required to compile ports---I'm also thinking about llvm here. That is bound
to be a maintenance nightmare, for the FreeBSD teams and for the users alike.

After reading the pros and cons posted on the mailing list, merging
them with my own experience, I think rust should be avoided at all costs from
being integrated into base, no part of base should ever be written in rust.
However, if rust needs something for a proper usage from ports such as kernel
interfaces, linking facilities, etc., we should provide it from base.
--
%!PS -- Bertrand Petit
/D{def}def/E{exch}D/G{get}D/I{2 div}D/U{dup}D/L{roll}D/Y{setgray}D/N{newpath}D
/O{N 0 0 moveto}D/P{pop}D/T{translate}D currentpagedevice/PageSize G U 0 G/w E
D 1 G /h E D w I h I T 0 Y 1 setlinewidth 0 1 2 { P 120 rotate 2 4 w U mul h U
mul add sqrt I 50 add {N 50 0 3 2 L 0 360 arc stroke}for}for/s{O true charpath
pathbbox exch 4 -1 L E sub I 3 1 L sub I} D /l(bp)D 0.94 Y /Helvetica findfont
22 scalefont setfont l s P(x)s exch P T O l show showpage


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Apparently I’m participating in this thread already. I’m getting over a nasty cold and my head is full of cotton wool, so apologies in advance if this is more rambling than normal:

I hope it’s no surprise to anyone that I am in favour of languages that give stronger guarantees to programmers and let you think more abut the problems. I can’t imagine going back to writing anything non-trivial in a language without RAII or a rich set of generic collections.

To give a bit of personal background: In my previous role, I was one of the coauthors of the internal strategy document that argued for safe languages at Microsoft. Our rough recommendation was:

- No new C code. There are *always* better options.
- C++ code should follow the Core Guidelines and use static analysis. New C++ code is acceptable in projects that are already C/C++ and need to incrementally improve.
- Rust in new projects that need a systems programming language.
- Managed languages anywhere where a systems language is not needed (i.e. most places).

Between modern C++ with static analysers and Rust, there was a small safety delta. The recommendation was primarily based on a human-factors decision: it’s far easier to prevent people from committing code that doesn’t compile than it is to prevent them from committing code that raises static analysis warnings. If a project isn’t doing pre-merge static analysis, it’s basically impossible. Between using modern C++ (even just smart pointers and ranges) and C, there is an enormous safety delta.

The unstable Rust ecosystem was less of an issue for Microsoft because they had a large compiler team and were happy to maintain security back-ports of any critical crates. The same software supply chain things applied for Rust as everything else: no random pulling from Cargo, dependencies need to be cloned internally and run through a load of compliance things. That’s probably the only sensible way of interacting with the Rust ecosystem.

For userspace, I’d love to see FreeBSD more actively support the cap-std project in Rust, which makes it incredibly easy to write Rust programs that play nicely with Capsicum.

It’s unclear to me that now is the right time to support Rust in the base system, because there’s still a lot of churn. Facebook has effectively forked Rust because their (huge) Rust codebase doesn’t build with newer compilers. If you’re Microsoft or Facebook, maintaining an old Rust compiler for a few years and back-porting things to work with that language snapshot is a cost that may be worth paying. I don’t think the FreeBSD project has the resources to do so. A limited set of dependencies may work.


There are a few caveats about Rust:

First, it’s quite hard to find competent Rust developers. Here are the OpenHub stats on new F/OSS code being written in Rust, C, and C++:

https://openhub.net/languages/compare?language_name%5B%5D=c&language_name%5B%5D=cpp&language_name%5B%5D=rust&language_name%5B%5D=-1&language_name%5B%5D=-1&measure=loc_changed

C++ has been slowly trending up, and C down, for the last decade. Rust is trending up a lot, but it’s starting from zero and there’s still a lot more C or C++ code being written than Rust. It’s now easier to hire systems programmers to write C++ than C, and easier to hire either than to hire good Rust programmers. This tradeoff may be very different for an open source project because there are a lot of *very* enthusiastic Rust developers and attracting a dozen or two of them to contribute would be a huge win. People tend to be less enthusiastic about C or C++.

Most of the new kernels written in the last 20 years have been C++, most of the new kernels written in the last four years have been Rust. Make of that what you will.

Neither Rust nor C++ guarantee safety. C++ can always escape to bare pointers (it’s code smell, but it’s sometimes unavoidable). Rust has unsafe and requires it for any data structure that isn’t a tree (either directly or via some existing code such as the RC / ARC traits). One of our concerns was the degree to which the different uses of unsafe in various Rust crates compose. There was a paper a couple of years ago that found a lot of vulnerabilities from this composition. I don’t personally have a great deal of faith that unique ownership at an object level with a load of heuristics about when it’s safe to alias is the right long-term model. Verona went a very different way and I hope Rust may be able to retrofit our ideas at some point.

One project that I worked with, for example, was bitten by the fact that unsafe in Rust means ‘I promise to follow all of the Rust rules, you just can’t mechanically check them’. It read a value from an MMIO register into a variable typed as an enumeration. Outside of the unsafe block, it then checked that the value was in range. Rust enumerations are type safe and so the compiler helpfully elided this check. Moving the check into the unsafe block fixed it, but ran counter to the generic ‘put as little in unsafe blocks as humanly possible’ advice that is given for Rust programmers.

When I looked at a couple of hobbyist kernels written in Rust, they had trivial security vulnerabilities due to not sanitising system call arguments. This was depressing because both Rust and C++ make it trivial to wrap userspace pointers in a smart pointer type that does the checks automatically.

In snmalloc, for example, we use C++ templates to express the lifecycle of memory throughout its allocation flow. This would also be possible in Rust, but isn’t free in either language: you have to use the tools provided, but the outcome is that we can statically check a lot of properties at compile time.

With one of my other hats, I am the maintainer of an RTOS that is written in C++ and runs on a platform where the hardware enforces spatial and temporal memory safety. To date, I don’t believe we’ve had any bugs that would have been prevented by Rust. All of the memory-safety bugs (we have had some, and we catch them fairly easily because they lead to traps and so are easy to add tests for) have been in code that’s doing intrinsically unsafe things (memory allocators, for example). We use C++20, with moderately heavy use of concepts. We have a ring buffer implementation that uses a mixture of static_asserts and templates to verify the wrapping behaviour at compile time and that’s just one example of a place where we do a lot of compile-time checks that are impossible in C.

I’d also like to clear up a few misunderstandings about C++:

- The Itanium C++ ABI has been stable for 20+ years. C++ shared libraries compiled with clang and linked against those compiled with GCC (or vice versa), or different versions of the same compiler has been standard practice for a long time. Both libstdc++ and libc++ use inner namespaces for the standard-library types and so allow something like symbol versioning but exposed at the language level. You can see ABI breaks if one library uses a newer version of a type and the other an older one, but that’s why we only bump those forward on major releases: C++ DSOs compiled for FreeBSD 13 may not link with binaries compiled for FreeBSD 14.

- Command-line argument parsing and JSON are not part of the C++ standard library, but there are de-facto standards. Nlohmann JSON[1] and CLI11[2] are widely used (it’s been a long time since I’ve seen a project that used anything else) and have very easy-to-use interfaces. I believe (I am a member of the C++ standards committee, but I only recently joined and have not participated in discussions around this) that a big part of the reason it isn’t in the core specification is that there is a de-facto standard and there’s little urgency in adding it to the core.




Finally, one of the key things that we found was that a lot of projects used C/C++ out of inertia. They don’t have peak memory or sub-millisecond-latency constraints and could easily be written in a managed language, often even in an interpreted one. We have Lua in the base system. I’d love to see a richer set of things exposed to Lua. I played a bit with a kqueue wrapper using Sol2[3] that lets you write Lua coroutines and have them implicitly yield on blocking operations.

I’d love to see a generic process manager in the base system that subsumes devd and inetd written in Lua, with C++ wrappers around pdfork (ideally pdvfork, but it doesn’t exist yet) and friends, exposed via sol2. The code in C++ is dealing directly with low-level system interfaces and would not be safer in Rust, but all of the parsing and control-plane logic can live in a safe GC’d language. You can run a lot of Lua code in the time it takes one fork call to execute.

If we exposed type info from dynamic sysctls generically (I think there’s a project working on this?) then things like sysstat could be written in Lua. I was experimenting with Dear ImGui for this, since it had back ends that rendered in X11, Wayland, in a terminal, or remotely over a websocket. Unfortunately, the latter two were never merged and are probably unmaintained (the author is also the person behind llama.cpp and so probably isn’t going to work on it for a while). Being able to run management tools in a terminal and click on a URL to open them in the web browser would be amazing, but doesn’t require a new systems programming language.

I’d love to see a default that anything intended to run with elevated privilege is written in Lua.

David

[1] https://github.com/nlohmann/json
[2] https://github.com/CLIUtils/CLI11
[3] https://sol2.readthedocs.io/

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Back in 386BSD+patchkit days I changed inetd(8) so that you could
write Tcl scripts in inetd.conf, and let them decide what you wanted
to happen. It did everything tcpwrappers did, and then some.
Can you elaborate that one ?

Do you mean "setuid programs" or "500 root programs" ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
***@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

On Sat, 20 Jan 2024 09:51:25 -0700
No, thanks.

Better use LUA than rust crap.




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

don't mind me, I'm just here to reply to something I actually know about

-------- Original Message --------
PkgBase is meant to package base.

If pkg gains that feature, we might "recommend" some ports, but i think our base needs to stay self-contained, just as it currently is.

Kind regards,

Mina


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Second!
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

On Mon, 22 Jan 2024 08:57:47 +0000
First thank you for the reasoned response. Second the project probably
needs a discussion about the build system and can the compiler be moved
to ports. I think that is off topic for this thread.

Looking back at my own Rust code, We appear have come to similar
conclusions about Crates.io value. SERDE in particular has become one
dependency I try to avoid at all cost.

Which I think leads to one of my big reasons for supporting Rust and
something else that needs to be moved to its own thread, Text encoding
issues. I think the project needs to follow OpenBSD's lead and
deprecate non UTF-8 locales. While I personally can't read or write
anything other than English and a few dozen words in Spanish,
Portuguese, and French, I can find or create test input data that isn't
in basic ASCII and test my string handling against such input. Assuming
allowing things like French column names make sense.

As a whole, including documentation, C and by extension C++ have an
atrocious mess in this issue. Other than basic call examples which the
manpages and other references cover well, the bigger best practices,
which datatype to use, is it already in UTF-8 or not, either don't
exist or are contradictory depending on the age of the reference. With
Rust I can incorporate Unicode decoding errors into my basic error
handling path and let the user know that they need to run iconv or
similar on their data.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

This has been false since tracking LLVM releases outright, instead of
trunk, since LLVM 8.0. On the other hand, our base system compiler is
technically our own brand of C/C++ compiler based on an external
project, currently clang.
Also false, rustc can totally build and link stuff without cargo. It's
just that for nearly all projects, it's not necessary or practical to
not use cargo for build instrumentation.

--
Charlie Li
...nope, still don't have an exit line.

For CHERIoT RTOS, we use clang-tidy to run the static analyser. It’s the longest CI job, by quite a large margin, but it’s a small enough project that we haven’t felt the need to trim what it runs on, so we run it on *every* file on every commit to a PR.

It’s also something that you need to do from the start. If you run the clang analyser or Coverity on FreeBSD, you get a vast number of false positives and so having a ’no warnings’ policy is impossible to enforce. I would recommend doing it on a per-compilation-unit basis:

- New files must have no new warnings.
- Old files get opted in once they’re clean and must then have no new warnings.
- Anything that explicitly silences a false positive needs sign-off from two committers in code review.

At the very least, the last point will likely get the comment ratio up a bit, since the code will need to actually be readable by other people to make it into the tree.

Even then, there’s likely to be a bit of churn when you update to newer versions of the analysers.

Making this work really just needs build system infrastructure to generate a compile_commands.json (something that any build system that isn’t Make can do. I know MaskRay has written some scripts to try to generate one from bmake but I couldn’t get them to work) and some work from the CI team. They’re currently understaffed and under-resourced.
Yes. Don’t call `eval` on untrusted input.

David

In case we allow more than C/C++ into the tree, but no matter if via
external or internal toolchain: Currently we are proud that we are able
to build rather old code on recent releases and we are even working on
this kind of backwards compatibility to some extend (e.g. building the
oldest supported release on the most recent in-development version).

Which impact would any of the proposals have in this regard?
To my current understanding of the thread, an external toolchain may
result in losing this backwards compatibility even during the lifecycle
of a release (could I compile FreeBSD x.0 2 years later on x.y, or can I
compile x.y on x.0). This may be fixable (by having more than one rust
compiler in the ports tree, and sticking with a specific one for a given
release branch), but needs to be discussed / taken into account.

As a generic voice of opinion: I agree with Warner Losh that providing
the possibility to play around and learn in a way which doesn't get into
the way of the functionality which we provide currently is a good first
step into getting hard factual data about possible benefits. I also
agree with David Chisnall that some "renovation" would be good in the
long term, and that current technologies provide ease of use not only in
security related but also in code quality and quality assurance related
areas compared to C. Not in terms of "we need to rewrite", but in terms
of "we need to provide the possibility to be able to make use of it". In
that regard it may be nice to set up some guidelines, e.g. if you use
C++, the target shall be C++17 / smart pointers / ... whatever (just to
use some words as examples which came up in this thread, not as a
suggestion that I want to have this written down as a rule), and if you
use Rust, you shall do X and Y, and if you use lua, do Z, if you use
python, ... So some kind of what we have for style but in terms of
coding guideline.

Bye,
Alexander.

Hi,

Somewhat adjacent to this discussion - what I'd like [1] to see, as a user
rather than a developer, is a system-stable rust, so that if/when
something needs rust, it uses the system-specific version.

Let's say when there's a new freebsd version. This has, say, rust v1.72.
It's not src-rust in that rust wouldn't be used to build freebsd source.
But the binaries would be there, selectable on freebsd installation,
much as one can select kern-dbg from the installer.

Then in ports, one of the options might be 'use system rust' [X]
so avoiding the churn that happens constantly.

[1] I have no idea how feasible this would be, or even if it's possible.
I hope it's not a stupid question.

is FreeBSD unix system or religion?
if it have to evolve to religion PLEASE provide usable unix system, maybe
under other project.
I do need normal unix system. FreeBSD is the only remaining useful.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

It's just another hype trying to solve problem of bad programmers. Proper
programmer with proper use of brain cannot be replaced by machine.



--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

While I think I agree with the arguments against including Rust, there are programming languages that make it
really hard to manage the possible interactions between components and hence expose you to security issues.

C is the “rust golden” example. Complexity can become unbearable and it can be compared to programming in assembler. ;)




Borja.







--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

This line above is complete nonsense. as most of that discussion.

Two things are certain:

- democracy is last phase of civilisation fall. Happening today.
Democracy, in case of FreeBSD will do the same for FreeBSD.
Already happened year ago for linux and others.
As there are more stupid people than clever.
If it wins - Rust and other nonsenses will become quickly standard. What
is certain - that there will be exactly opposite about security holes that
their claims. There will be far more that it is today.

- clever people don't need latest computers, so current FreeBSD can still
be used. With possibly some development to meet current needs. So not
really a problem.

Mark Twain once said "no amount of arguments are sufficient for idiot".

So this is my last post. Keep fighting.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

your talking, as well as my talking is useless. It doesn't help because
large corporations have big resources to make anything useful a trash, so
everything be the same nonsense like their products.
And people are every year more and more retarded. So they succeed.
Microsoft is FreeBSD sponsor. It tells all.

If FreeBSD will have to be more secure, or improved in real way the
discussion would turn to "How to simplify that software". That's all


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

One new data point: DARPA is looking to rewrite a significant amount
of C code to Rust with their "Translating All C to Rust (TRACTOR)"
project:
https://sam.gov/opp/1e45d648886b4e9ca91890285af77eb7/view

Thanks,

Seeing a government endorse Rust over C makes me endorse C over Rust
even more than I already did.

Cool. Still waiting for anybody to take me up on the offer to do build
system integration. Since the Rust advocates can't get even this basic step
done for review, it's going to be impossible to have Rust in the base. This
isn't even integrate rust compiler like we do with llvm, but with external
Rust toolchain.

Until somebody steps up for this task, the status quo can't possibly change.

Warner

* geom-exporter: I mentioned this project up above. It's finished