We’ve been searching for a memory-safe programming language to replace C++ in Ladybird for a while now. We previously explored Swift, but the C++ interop never quite got there, and platform support outside the Apple ecosystem was limited. Rust is a different story. The ecosystem is far more mature for systems programming, and many of our contributors already know the language. Going forward, we are rewriting parts of Ladybird in Rust.
Yeah seems about right for this project. I really wanted this to be a serious browser, but nothing about this dude is serious.
Also I know he backed this statement up with much better testing but these AI brainrot things people say kill me: “I ran multiple passes of adversarial review, asking different models to analyze the code for mistakes and bad patterns.”
“I coded this with hundreds of handcrafted AI prompts.”
“That sounds hazardous, but did you test it?”
“I had multiple AIs test it!”
You’re not the first I hear saying his bad news/not serious. Afaik I didn’t hear a thing about him until ladybird. What did I missed?
God that screenshot is giving me severe second hand embarrassment
I was enthusiastic about LadyBird until I learnt that the guy leading the project i s a white supremacist, via pivot-to-ai.
Now I hope either someone else takes it over, or that it crashes and burns.
I don’t think you should be able to make claims like this without hard proof.
Do you have any information about this?
Edit: So I found out where you read that, and that article is wayyy over thinking that comment.
I think the Twitter comment could be taken multiple ways and it would be fair to give them the benefit of the doubt.
How many times do I have to give him the benefit of the doubt though?
First it was the “using they in documentation is political ideology” Github issue, then he publicly defended DHH when people called him out for being a white supremacist, he implied tech companies are discriminating against white people with diversity policies, and he tweeted that he hopes young people will carry on Charlie Kirk’s legacy.
If one or two of these things happened in isolation, I could maybe understand giving him the benefit of the doubt as a non-American (for that last one) non-native English speaker. But all of these things taken together? I personally don’t think I can look past that.
To be fair I hadn’t heard of some of these, so I think you’re right. I wouldn’t go so far as as to say he’s a white supremacist but it definitely seems like he has an “ideology”
Edit: The more I read about it the more it’s pissing me off. Especially defending DHH who wrote that trash article about London (I’m not a Londoner but I’m a Brit who’s there enough with work to know he’s talking absolute shit).
That’s fair, I assume most people probably aren’t following ladybird that closely so it’s easy to miss. It just bothers me because shrugging off small individual problems and ignoring a bigger trend is arguably what let people like DHH get a platform in the first place.
Google’s monopoly is a bigger problem than one guy having confused ideas, to me.
If any creator can separate work from personal and the product is good I really couldn’t care less with what they use their own time for.
I’m pretty sure you could find people with other unsavoury opinions in the devteams for both chrome and firefox, what then?
No one can separate their creative idea from the rest of the brain. Any fool that thinks that’s possible is straight up stupid.
Andreas Kling’s ladybird? Don’t wanna touch that with a 10ft pole.
https://hyperborea.org/reviews/software/ladybird-inclusivity/
Hyperborea.org is that owned by a racist or is the domain ment to be making fun of it?
Based on the content of that article alone (especially near the bottom), I don’t think it’s run by a racist at all. Can confirm via their social media presence.
Weird. I would not feel comfortable using that domain. I thought i was reading a neo Nazis blog on the issue.
Can you explain why you feel that way? “Hyperborea” is not a term I’m familiar with vis a vis Nazism.
Its a very common meme with neo Nazis and white nationalists. They are the only ones I see mention hyperborea. This explains the usage if you skip over the explanation of what hyperborea is https://knowyourmeme.com/sensitive/memes/hyperborea
Sigh of course it’s a Nordic thing. I should have guessed. White nationalists also love other Heathen/Norse symbolism.
Good to be careful, so thanks for educating me.
The author explains why he chose the name on his site. I don’t think this is a neo-nazi / white nationalist thing despite the irony.
If any creator can separate work from personal and the product is good I really couldn’t care less with what they use their own time for.
I’m pretty sure you could find people with other unsavoury opinions in the devteams for both chrome and firefox, what then? Lynx?
I would of course love to see ladybird succeed, but it has seemed problematic from the start in my opinion. Servo seems much more serious.
I also like that Servo is developing an engine, not a browser as such. Seems like a good idea to keep the two separated.
The worst part is they are doing themselves a disservice by not rewriting it by hand - have they really learnt enough Rust to know how to effectively rewrite the other parts of the engine as they say? Doubtful - they’ll probably just do everything through AI stuff going forward.
I was enthusiastic about this project. But I am afraid these recent tangents will only reduce momentum.
The things people criticize are so fucking brainless these days. AI this, slop that.
Not a single one of you made fun of “let’s rewrite it in Rust.” You can’t even elevate to the level of mildly funny parroting.
“Let’s stop halfway through our multi-year project to rewrite it in another language” is peak nerd shiny distraction. I say this as one who resists the urge every day. Way to delay your project by several more years, clown.
All things considered the way they’re approaching the migration is fine enough - they’re only moving specific portions at a time, they’re not stopping C++ development, and they’re making sure it doesn’t introduce regressions. Adopting a memory-safe language for something like a browser makes sense because it completely eliminates that class of vulnerabilities.
The problem is the way they’re approaching the code itself. From their wording, it sounds like they’re relying on AI heavily for both writing and reviewing the code. Rust has a steeper learning curve than most languages and is very different from C++. They even mention in the blog that their current Rust code looks like C++ code ported over. If they don’t take the time to actually learn Rust before adopting it, it’ll just lead to security logic issues that their AI couldn’t catch because C++ and Rust don’t always behave the same way. And that’s completely ignoring all of the other ethical/technical issues with AI
Be that as it may, the time to choose Rust was at the beginning. It existed then, but they made their technology choice. Continuing to develop in C++ while doing the migration just means more throwaway code and duplicated effort. This decision is truly the worst of both worlds.
I’ve suddenly lost all interest in this browser’s development. From what I’ve heard, LLMs are pretty bad at generating Rust code for some reason. If they used LLM to bulk convert C++ code to Rust, the quality of the code is questionable at best.
Surely you read the article?
"The requirement from the start was byte-for-byte identical output from both pipelines. "
The bytecode from C++ is identical to the Rust output.
I don’t think it’s possible to write rust code that compiles to the exact same binary as c++. compilers make different optimizations, and make overall a different structure, especially across languages.
I think they meant the rust library produces the same output from the same input as the c++ library.
if llms indeed generate worse rust code than for other languages, that’s not that big of a problem because the compiler will catch a lot of mistakes. if it compiles, it will run, and no memory safety bugs unless unsafe is also used. the llm could pick the wrong functions for some uses, but that should be caught relatively easily with testing, which can be automated partly
edit: I was wrong, they indeed say that. this is weird.
Is it a good sign for Rust code when it’s described as having “a strong ‘translated from C++’ vibe”? Or when the developer says too much Rust might be something they “can’t merge”?
out of context?
Please coordinate with us before starting any porting work so nobody wastes their time on something we can’t merge.
If you look at the code, you’ll notice it has a strong “translated from C++” vibe. That’s because it is translated from C++. The top priority for this first pass is compatibility with our C++ pipeline. The Rust code intentionally mimics things like the C++ register allocation patterns so that the two compilers produce identical bytecode.
that seems reasonable to me
I think my statement came across as more alarmist than I meant it. E.g.
Is it a good idea to just translate something from C++ like that? It seems technically feasible but there’s something “off” about the whole thing. Apparently you can translate C++ directly to Rust, but anecdotal statements claim that while Rust supports C++ conventions, you wouldn’t typically build a Rust app using them.
Looking back previously, the developer originally talked about switching to Swift, then decided not to switch to Swift.
And in the past, “Ladybird devs have been very vocal about being ‘anti-rust’ (I guess more anti-hype, where Rust was the hype).”
It all just suggests rudderlessness from the developers right now. Must Rust be a priority? Did Swift need to be?
Why it wouldn’t be? Surely not having idiomatic rust doesn’t eliminate other benefits of switching to the language, like better tooling, memory safety, and perhaps more people willing to contribute. Over time the codebase can be improved but the main goal in the transition seems to not break existing functionality, which they seem to have accomplished for LibJS.
I haven’t looked at the code, but the mem safety may be out if the translation just slapped unsafe and transmute everywhere.
And “working code” is often very hard to replace, it can be hard to justify code changes when the original “works just the same”. So, I would expect the weird ported code to live on unless there is a major effort to rewrite it.
There’s no reason to believe it’s mostly unsafe. And even if that’s the case, changing from unsafe rust to safe is less of a leap than cpp to rust.
Having done some C to rust auto-translation some time ago, it definitely was wildly unsafe. Maybe it’s better now, but there is no reason to assume it’s mostly safe now either. Even recently I did some regular vibe coding to test it out, and it generated some very questionable code.
Even if there is zero “unsafe”, there could be loads of unchecked array accesses, or unwraps causing panics, which while “safe”, will cause crashes.
Fixing unsafe can be a mixed bag, some will be easy, some will require much deeper changes. And without looking at the code, impossible to say which it will be.
I don’t think “why not” is a great response in general - especially when the same developer also invested time in Swift that was ultimately wasted.
It’s not a why not response. I’m asking back why do you think it wouldn’t be worth it even as a literal translation from C++, because in my view, that would be a first step towards a proper Rust port, and it still brings benefits to the table.
