Mozilla bets its Rust language will make your internet safer

JavaScript, a smash hit among programmers, made the web powerful. Now Mozilla’s Rust could protect the web from hack attacks.

Twenty-two years ago, Mozilla co-founder Brendan Eich whipped up JavaScript in 10 days of manic activity in 1995. It’s since become the world’s most popular programming language.

Now Mozilla hopes lightning will strike twice with a sequel called Rust. If successful, the new programming language could be as important as JavaScript to Mozilla’s mission of making the internet better for us all — and it could be just as helpful to the nonprofit organization’s reputation, too. JavaScript let web developers make websites interactive, triggering an explosion of innovation like online photo editing, scrolling and zooming maps, and word processing with Google Docs. Rust is a lower-level tool, though, that could make Mozilla’s Firefox web browser faster and more secure.

And if its enthusiastic reception in programming circles continues, Rust could help protect a lot of other software from attacks that today are the bane of online existence. Attackers who have learned to exploit vulnerabilities in internet-linked software are responsible for stolen identities, drained bank accounts, leaked confidential documents and political persecution.

Rust, the “most loved” language in a 2017 survey by programming advice site Stack Overflow, won allies like online storage service Dropbox. Programmers have contributed tens of thousands of packages of pre-written code to help others get their projects moving faster, too. Need to decode a web addresscheck the time, or handle some video? Somebody’s probably already written the basics for you.

In a sign of growing interest, programmers are steadily increasing the number of pre-written Rust packages. That make it faster to get started with a Rust software project.
In a sign of growing interest, programmers are steadily increasing the number of pre-written Rust packages. That make it faster to get started with a Rust software project.

“Rust is growing,” says Redmonk analyst Stephen O’Grady, who tracks language popularity. “It made a substantial jump and is now solidly in second-tier language territory — which is good company to be in.”

It’s really hard to create a major language like C, C++ or Java used by millions of programmers. Mozilla succeeded with JavaScript, with countless others helping to refine it over the years.

Looking good in programmers’ eyes improves Mozilla’s reputation as an innovator, not a laggard to be left behind. “The language is exciting,” says Jonathan “Duke” Leto, the founder of programming firm Leto Labs. Restoring that reputation is important for Mozilla’s attempt to ignite enthusiasm for its Firefox browser and use it for goals like protecting your privacy or making sure Google’s websites don’t require you to use Google’s browser.

It’s time to root for underdog browser Firefox — again

The biggest reason to like Rust is that it can wipe out a huge class of software security holes — a major problem with browsers that today handle everything from our most personal communications to our biggest financial transactions. Even if you’re not a programmer, you’ll like a more secure internet.

“Every big piece of Rust code we get in there decreases the attack surface for security holes in the browser,” says Dave Herman, Mozilla’s director of strategy and research.

Rust’s safety lets Mozilla free up Firefox memory, too, a key computing resource these days as we keep so many browser tabs open. Rust is also designed to better handle the thorny computing challenge of doing many tasks in parallel — that’s key to unlocking the power of modern chips that have many processing engines.

Even if nobody outside Mozilla ever touches Rust, it will directly help Firefox. Mozilla moves Rust-written components into Firefox through a project fittingly called Oxidation. Indeed, Rust and Oxidation are key to a project called Quantum to speed up Firefox with the release of Firefox 57 this November.

Sean White, Mozilla's vice president of technology strategy
Sean White, Mozilla’s vice president of technology strategy

Stephen Shankland

“You can try a lot of different experiments,” says Sean White, Mozilla’s senior vice president leading the emerging technologies. “We have way we can very quickly try and fail on things without touching the hundreds of millions of people using Firefox.”

The source for these Rust components is new core browser software called Servo, a Mozilla research project that’s written mostly in Rust.

Going whole hog and building a new browser entirely on Servo would be risky, though. Instead, Mozilla is cherry-picking the best parts and adding them to Firefox’s core, called Gecko. “The future is intelligently managing the combination of the two,” says David Bryant, Mozilla’s vice president of platform engineering.

In the longer run, Mozilla wants Servo to be useful on its own. It struggles today even with basic web documents like Wikipedia. Mozilla’s goal of getting it to work with the much more complicated Google Docs site is actually very ambitious. If successful, though, it would signal a major step forward in overall practical readiness.

David Bryant, Mozilla's VP of platform engineering
David Bryant, Mozilla’s VP of platform engineering

Stephen Shankland/CNET

And Mozilla is considering making a version of Servo that can be embedded into smaller computing devices, White says. One possible example: a VR headset that displays virtual reality worlds constructed with the WebVR technology Mozilla helped create. Servo is designed to take advantage of modern computer chips that can run lots of tasks in parallel, and success there could make Servo very efficient on inexpensive hardware.

Another programmer, Robert O’Callahan, is such a big Rust fan that he quit Mozilla to work on Rust programming tools at his startup, Pernosco. Most languages either give programmers low-level control or protection against memory-induced security problems, but not both. “Rust is the first mainstream language to escape that tradeoff,” O’Callahan says.

Even if you don’t care much about programmers toiling over their keyboards, you should care about that Rust advantage. With governments and identity thieves paying top dollar for computer attack software, everyone on the internet can be a potential victim.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s