Writing software is hard, mostly because the expectations are rather high. We want our software to be cheap, safe, fast, reliable, easy to use, and that’s just a few things to start with. There is also a reason why we have so many tools and languages: different software projects have different sets of priorities.

What do we want from a project like Tor? Well, we want everything, but, if we have to prioritize, safety comes on the top of the list. That’s why I’m very excited to hear that Tor developers have decided to embrace Rust. Here is what they’re saying:

For us, these problems mean that programming in C is a slow and painstaking process. Everything we write takes more code than we’d like it to, and we need to double-check even the safest-looking code to make sure it doesn’t fall prey to any of C’s list of enormous gotchas. This slows us down seriously, and increases the cost of adding new features.

Rust seems like the clearest way out of our bind. It’s a high-level language, and significantly more expressive than C. What’s more, it’s got some really innovative features that let the language enforce certain safety properties at compile-time. To a first approximation, if the code compiles, and it isn’t explicitly marked as “unsafe”, then large categories of bugs are supposed to be impossible.

That’s a huge win for us in programming and debugging time, and a huge win for users in security and reliability.