On Rust and the Safety Cult
Apparently C is unsafe. Someone on Reddit told me. Forty years of running the entire world — unsafe. How did we survive?
Every day on r/programming: “Just rewrite it in Rust.”
Linux kernel? Just Rewrite it bro. PostgreSQL? Rewrite it. Your grandmother’s pacemaker firmware? Definitely rewrite it.
Fifty million lines of battle-tested code? Weekend project. Those kernel developers don’t understand memory safety like a bootcamp graduate who just discovered lifetimes.
The borrow checker is your new mother. Can’t do that, unsafe! Can’t touch that, might hurt yourself!
Want a doubly-linked list? No. Want two mutable references? No. Want to write actual systems code? Here, wrap it in unsafe. Congratulations, you’ve invented C with more steps.
Look at any serious Rust project. Ctrl+F “unsafe”. There’s your memory safety. It’s unsafe blocks all the way down. The standard library is full of them. Every FFI call needs one. Can’t write a kernel without them.
But sure, tell me more about memory safety while standing on foundations of unsafe code.
“Google is rewriting everything in Rust!”
No. They’re rewriting the parts that don’t matter. The new shiny bits where they can afford a 10x slowdown in development while junior developers fight the compiler.
The parts that actually work? The parts running since 1987? Those stay in C.
Here’s what they won’t tell you: Bad programmers write bad code in any language.
Give them Rust, they’ll .unwrap() everything. They’ll .clone() their way out of borrow checker errors. They’ll write “safe” code that’s slower than my C from 1992.
Your Rust program runs on a C kernel. Compiled by a C++ compiler. On firmware written in C. On microcode written in assembly.
It’s unsafe all the way down. Always has been. Your safety is an illusion. A comfort blanket. Theater.
Every unsafe block is admission that you need C. Every FFI call is a confession. Every time you reach for std::mem::transmute, you’re writing C with extra syntax.
C is unsafe like a knife is unsafe. Yes, you can cut yourself. You can also build civilization and do surgeries.
Rust is safe like safety scissors are safe. Great for kindergarten. Useless for real work.
The entire stack you’re using right now? C. The browser? C++. The OS? C. The database? C. The network stack? C. But yeah, C is the problem.
Want memory safety? Write less code. Want fewer bugs? Keep it simple. Want reliable software? Understand what you’re doing.
But that’s hard. Easier to believe a compiler will save you. That type systems will think for you. That someone else’s complexity will solve your complexity.
Your web service could have been a CGI script. Would have been faster too.
Write Rust if you want. It’s fine. Just stop pretending you’re revolutionizing computing. You’re not rewriting Unix. You’re writing another CRUD app that queries a C database through a C network stack on a C operating system.
The evangelism is exhausting. The safety cult is tiresome. We get it. You read the book. You fought the borrow checker. You won. Congratulations.