Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: People won’t shut up about Rustlang, and Musk mandates Twitter teams return to the office.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

1. Unstoppable Rust

First up this week: Suddenly it seems everyone’s talking about the Rust language. A whisper has quickly become a chattering roar. From humble beginnings 12 years ago, it now sounds like The Next Big Thing.

Analysis: Safer, faster, better

You have to try hard to write memory-related vulnerabilities in Rust. But unlike other “safer” languages such as C#, you don’t need to suffer runtime slowness from excessive checks or garbage collection.

Lily Hay Newman is but one such chatterbox: Language That’s Taking Over Tech

“Solution to memory-safety issues”
People make mistakes, so code is inevitably going to contain mistakes. … But a growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way: By design, developers can’t accidentally create the most common types of exploitable security vulnerabilities.
…
By writing new software in Rust instead [of C or C++] programmers can be confident that they haven’t introduced any memory-safety bugs [which] make up the majority of all software vulnerabilities. … Because Rust produces more secure code and, crucially, doesn’t worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. … Proponents emphasize that Rust … interoperates well with software written in other languages and that it is crucial simply because it meets a dire need.
…
One of the biggest challenges of the transition to Rust, though, is precisely all the decades that developers have already spent writing vital code in memory-unsafe languages. [But] the case for some type of solution to memory-safety issues seems to get made again and again every day. Just [last] week, a high-criticality vulnerability in the ubiquitous secure communication library OpenSSL could have been prevented if the mechanism were written in a memory-safe language.

What’s it like to switch to? Martijn Faassen has been using C, C++, TypeScript and Python for decades:

The Rust tooling is great: Cargo does a lot, Rust analyzer works in complex setups, autoformat works, and Clippy gives good suggestions and sometimes can even refactor automatically. The defaults are good! In fact I think the Rust tooling is the best of any programming language I’ve used so far.
…
There are a lot of high quality Rust libraries available. There is also quite a wide breadth in what the library ecosystem offers. … Rust packages (called crates) are easy to find online [and] it’s typically easy to find the documentation [but] the documentation quality is mixed.
…
Test driven development helps you design code with clear and minimal contracts. … If you want to test a subsystem that depends on something else, you compose it together with a fake implementation that provides just enough behavior to let you test your own code. … This is really powerful.

And Nabil Elqatib shares his impressions:

Almost two years [ago] Rust … was “sold” to me as a strongly-typed language with the promise of great tooling to prevent memory-safety bugs … by tracking object lifetime and variable scope of all references during compilation. … At the time, I had a hard time wrapping my head around this new concept.
…
One of the projects I worked on consisted of bridging 900K+ lines of C code from and into Rust. There was no great difficulty … and this use case seems to be pretty well established. … You still need to have some “plumbing” code here and there … but it’s the price you pay and … it’s fairly low.
…
Strict ownership and borrowing help to ensure that data are accessed safely and efficiently. Its modern syntax and design allow for an easier understanding and usage of … patterns and recent paradigms. Also … Rust does a really good job making sure threads run concurrently without race conditions and similar issues.

Wait. Pause. Weren’t we saying the same things about Golang not far back? jonathantn compares and contrasts:

Rust is easier to introduce into an existing C codebase than Go. So if you’re sitting on a project that is already a few million lines of code, the smart decision is to take all the interfaces that deal with external input and data parsing and rewrite those portions into Rust to help insulate the program from common memory related attack vectors.

You don’t have to rewrite a few million lines of code to drastically improve the security posture of the application.

But Rust’s governance needs to grow up—and fast. Olivier Faure posits a political pachyderm in the parlor: [You’re fired—Ed.]

Let’s mention the elephant in the room. … The article announcing the 1.65 release of the Rust programming language included: … “We stand in solidarity with the people in Iran struggling for human rights.” … In the 1.59 release announcement: … “We stand in solidarity with the people of Ukraine.” [And] for the 1.44 release: … “Taking a stand against the police brutality currently happening in the US and the world at large.”
…
Many people are opposed to the use of a tech forum to broadcast political messages [and] for some people, they reflect a worldview that they don’t necessarily agree with. … A lot of people … feel bullied when the Rust blog makes these political statements. … If you really want to push human rights, and not just a watered-down version of the US progressive agenda, you need to have some way of selecting worthy causes that isn’t just whatever was last on mainstream channels. You need a set of criteria [which] should be documented.

Get off Virtucon’s lawn:

I’m not defending COBOL but there’s a lot of it out there and you’d be surprised how much there is. It was also one of the first [languages] so respect your elders.

I also hear if you say COBOL three times the ghost of Grace Hopper will appear in your bathroom mirror.

2. Elon Musk Says: You Must Go Back to the Office

Twitter staff will no longer be able to work from home. The new CEO says they can’t even work a hybrid schedule—it’s 40+ hours or quit.

Analysis: That’s not going to work

It’s easy to dismiss Elon’s “unconventional” ideas as unworkable. But it’s really hard to see how this one could possibly be a good idea.

Kurt Wagner: Musk’s First Email to Twitter Staff

“He has dismissed roughly half its workforce”
New Twitter Inc. owner Elon Musk emailed his workers for the first time late Wednesday to prepare them for “difficult times ahead” and ban remote work unless he personally approved it. … The new rules, which kick in immediately, will expect employees to be in the office for at least 40 hours per week.
…
Prior to Musk’s arrival, Twitter had established a permanent work-from-anywhere arrangement. … He has also eliminated “days of rest” from Twitter staff calendars … which was a monthly, companywide day off introduced during the pandemic [in a] sign of Musk’s impatience with Twitter’s existing work culture.
…
Twitter has been under Musk’s leadership for close to two weeks, in which time he has dismissed roughly half its workforce and most of its executive suite.

Noone’s gonna take DarKnightofCydonia alive:

LOL, Elon. [You don’t] understand that Twitter isn’t a SpaceX type thing where there’s an aspirational, very ambitious goal that might keep people around despite intense workloads.
…
Nobody working at Twitter is there right now because they fawn all over you. By making them resent you more day by day by instilling an atmosphere of distrust … is getting you closer to losing your $44 billion mistake entirely. … Everyone is just going to quit.

And @MartinSFP has seen it all before:

Typical ‘my house my rules’ move from a new boss. But very out of step with how many other places work these days—and with how many workers want to work.

The Moral of the Story:
The whole secret of a successful life is to find out what is one’s destiny to do—and then do it

—Henry Ford

You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.

Image: Paul Madelénat (via Unsplash; leveled and cropped)