What can go wrong? Yikes...
The post is clearly aimed at self-promotion. The guy is basically referring to mundane things like using transpilers to generate Rust from C. Those have been around for a few years now, such as C2Rust[1]. At best, this sort of project is looking for corporate backing to politically handle this sort of migration.
At this point this sort of stunt is hardly technical, and instead it's something between a publicity stunt and managing technical debt.
C2Rust is not going to be very idiomatic.
That's irrelevant when discussing migrating large volumes of code. The hard part is migrating the project to another tech stack and setup proper test coversge. After that point, nice-to-haves such as idiomatic code is treated as mundane maintenance work.
Word and Excel almost certainly have 30 year old C++ code that #must-not-be-touched, bugs and all.
Are they going to upstream their changes to the Google Chrome-codebase?
Most anything related to “intrusive linked lists” is difficult or outright impossible in safe Rust, but is commonly used in operating system code.
"Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases. Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’"Anyone who has experience with LLMs knows that strong typing, static validation, and testing is how you get the most out of codegen. The kind of thing Rust is for. I can think of ways to do this gradually, that would actually work.
It's something that would take years to see effects in a C++ codebase but I think the alternative of sticking with C++ is a dead end.
Somewhat relevant: I chuckled at this (quite accurate) 2 hour overview of the unfixable problems with C++: https://www.youtube.com/watch?v=7fGB-hjc2Gc.
Unreliable source: I worked at Microsoft (on C++) many years ago and I've been writing C++ on/off for ~15 years.
“If it compiles, it is probably correct” is a major aid if you do not actually understand what the code is doing. AI and the compiler could be powerful partners.
Meanwhile the content of the post is merely that an engineer who works for a team within Microsoft's AI division wrote on LinkedIn "my goal is to eliminate every line of C and C++ from Microsoft". (He believes that he can get AI agents to accomplish this.)
Not quite the same as an official plan announced by the CTO or something. Bit misleading title.
If he said “by 2050” or “by 2100”, I bet he would get fewer applicants. I also think the applicants he would get would be of lower quality.
https://www.microsoft.com/en-us/research/people/galenh/proje...
> Decades of vulnerabilities have proven how difficult it is to prevent memory-corrupting bugs when using C/C++. While garbage-collected languages like C# or Java have proven more resilient to these issues, there are scenarios where they cannot be used. For such cases, we’re betting on Rust as the alternative to C/C++. Rust is a modern language designed to compete with the performance C/C++, but with memory safety and thread safety guarantees built into the language. While we are not able to rewrite everything in Rust overnight, we’ve already adopted Rust in some of the most critical components of Azure’s infrastructure. We expect our adoption of Rust to expand substantially over time.
-- https://azure.microsoft.com/en-us/blog/microsoft-azure-secur...
> And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.
-- https://blogs.windows.com/windowsexperience/2024/11/19/windo...
> We will accelerate and automate threat modeling, deploy CodeQL for code analysis to 100 percent of commercial products, and continue to expand Microsoft’s use of memory safe languages (such as C#, Python, Java, and Rust), building security in at the language level and eliminating whole classes of traditional software vulnerability.
-- https://www.microsoft.com/en-us/security/blog/2023/11/02/ann...
So naturally, there are many people that besides AI KPIs, now have to match their SFI KPIs at Redmond, including Mark Russinovich.
"Mark Russinovich, Microsoft Azure CTO tells Rust Nation UK 2025 why Azure is moving to Rust from C++"
https://www.youtube.com/watch?v=SmUprpjCWjM
"Microsoft is Getting Rusty: A Review of Successes and Challenges - Mark Russinovich"
https://www.youtube.com/watch?v=1VgptLwP588
Naturally aiming at 2030 for the amount of existing C++ code is crazy, and there are groups within Microsoft, especially DirectX and Windows that most likely won't let go of their toys.
If the title was "Microsoft to expand use of Rust" then OK. If it was "Microsoft to develop all new projects in Rust rather than C++", that would be an unsubstantiated claim when you're talking about the company as a whole rather than just Azure or some other segment, but it would at least be a bit closer to the truth than the current HN title.
With that said... I work at Microsoft on Windows OS, and the main point that was mentioned is indeed true: this is a claim of this engineer only and his team, and it just seems to be a plan totally misaligned with Windows OS vision of how things should be in 10 years. We won't get rid of C++ code anytime soon, the goal is to keep in hybrid state, not to get rid of things. This is unfeasible to do in mature products given all Windows OS processes to ship code.
A little money wouldn't do any harm, though.
And since you are here, some of us dislike the C++ vs .NET narrative from the Windows team, Windows 7 .NET bindings being dropped, refusal for .NET DirectX Bindings like Apple and Google do with their 3D APIs, the way UWP tooling went down the drain, and would welcome an improvement on the state of affairs.
A guiding metric on lines of code. How could this possibly go wrong?
Maybe the plan is not testing because they think that Rust is "safe" and automatic translation is smarter than a typical Microsoft employee.
not really a high bar is it...
With less sarcasm, how bad is Microsoft as a workplace? The source of this kind of naively arrogant proclamation can be anything from a single rotten apple, to a critical mass of unchecked idiots in the same business unit, to normal for the company culture, to a top-down mandate.
But it’s nothing more than marketing drivel. The goal is for clueless C-level folks to say “if MS can do this with their AI, surely we can take care of our problems using a few copilot subscriptions and a large layoff!”
How do they intend to accomplish this? Assuming 40 hour work weeks (160 hours/month), and even assuming a developer would spend their entire 8 hour work day solely reviewing generated Rust code, that would still be ~104 lines of code per minute. At that point what value does the engineer they're hiring even have if they'd just be scrolling through the code and giving it a cursory glance?
A million lines of code per engineer per month, they say.
What a dreadfully bad use of excellent technology!
LLMs could help the review all that code, and help their programmers find problematic C or C++ code that could be fixed, or perhaps replaced with Rust.
What they are proposing is mindless foolishness. AI slop on an industrial scale
Rust is good. Rust is not magic
> Update: It appears my post generated far more attention than I intended... with a lot of speculative reading between the lines.
> Just to clarify... Windows is *NOT* being rewritten in Rust with AI.
> My team’s project is a research project. We are building tech to make migration from language to language possible. The intent of my post was to find like-minded engineers to join us on the next stage of this multi-year endeavor—not to set a new strategy for Windows 11+ or to imply that Rust is an endpoint.
evil-olive•1mo ago
from the LinkedIn post [0]:
> I have an open position in my team for a IC5 Principal Software Engineer. The position is in-person in Redmond.
> My goal is to eliminate every line of C and C++ from Microsoft by 2030.
so perhaps a more accurate title would be "one guy at Microsoft, in a LinkedIn job posting, says it's his goal to replace all C/C++ code with Rust"
0: https://www.linkedin.com/posts/galenh_principal-software-eng...
ghandi25•1mo ago
avaer•1mo ago
gucci-on-fleek•1mo ago
If we're talking hypotheticals, I'd much rather Microsoft open source the NT kernel and low-level subsystems (like ntdll.dll). Open sourcing all of Windows would be even better, but that seems nearly impossible to me.
scrubs•1mo ago
Well, it's way beyond sucks. But ok: is it even possible to run windows with just a command line ... no ui, no graphics, start menu, no file manager or is the ui too integrated into the OS?
phil-martin•1mo ago
https://learn.microsoft.com/en-us/windows-server/get-started...
gucci-on-fleek•1mo ago
Docker supports Windows containers [0], but this requires a Windows host so it probably doesn't help you too much. Windows PE [1] does support a GUI, but it doesn't include any of the traditional shell components. Nano Server [2] is the closest to what you're talking about, but it's been deprecated.
> start menu, no file manager or is the ui too integrated into the OS
Windows Phone [3], Windows IoT [4], and Xbox are all NT-based, and none of them include a traditional file manager or shell, but they all do have GUIs.
[0]: https://hub.docker.com/r/microsoft/windows
[1]: https://en.wikipedia.org/wiki/Windows_Preinstallation_Enviro...
[2]: https://learn.microsoft.com/en-us/previous-versions/windows-...
[3]: https://en.wikipedia.org/wiki/Windows_Phone
[4]: https://en.wikipedia.org/wiki/Windows_IoT
hulitu•1mo ago
Why don't you use it ?
gucci-on-fleek•1mo ago
2. Because what I want doesn't exist. Windows NT has excellent technical foundations, but I really don't like using Win32 or any of the Windows shell stuff, but there's no way for regular consumers to use Windows NT without Win32. (WSL exists, but that still requires a full Windows installation)
3. The ecosystem. Linux tends to have much better support than Windows for the types of software that I use, and a hypothetical GNU/NT hybrid would have even worse than both Windows and Linux.
signa11•1mo ago
please do explain. thank you !
gucci-on-fleek•1mo ago
1. Unix has “everything is a file”, which is great, but it also means that you spend lots of time converting structured data to/from strings. Windows NT instead has “everything is an object”, which has the same benefits of “everything is a file”, plus the additional benefit of all the data being structured and typed. (Of course, Windows has a far worse UI for interacting with objects than Unix does for files, but the UI isn't what we're talking about here).
2. NT cleanly separates the low-level NT APIs from the higher-level subsystems [0]. Win32 isn't special at all to NT, it's just another subsystem. WSL1 was implemented as a subsystem [1], and it could cleanly support most of the Linux syscalls without needing any hacks. Similarly, it implemented full Linux filesystem semantics on top of NTFS by using the builtin attribute and alternate stream support. Wine does the reverse on Linux, but it's not nearly as clean of an architecture as NT.
3. Linux runs far more code in the kernel than NT does [2]. While this is often good for performance, it's much worse for security and reliability since kernel bugs tend to have much worse consequences than user-mode bugs. Linux and Windows have been moving in opposite directions here, with Linux moving more graphics code into the kernel with KMS [3], while Windows is moving more graphics code into userspace with WDDM [4].
4. NT was designed with much better security than Unix. Every object has an associated security token that controls its access [5], and programs can freely reduce (but not increase) the privileges granted by each token, which is a much cleaner way to implement sandboxing compared to Linux's user namespaces, where programs need to create entirely new user and filesystem hierarchies from scratch instead of just restricting the current ones. (Despite this, it's much easier for programs to implement sandboxing on Linux than on Windows)
5. Further on the security idea, Unix's concept of a single "root" account that can do everything without any restrictions is mostly a terrible idea. With Windows, there aren't any accounts that have all privileges (ignoring LocalSystem), which means that exploiting a system component usually has less consequences than on Unix. Similarly, Windows has proper RBAC [6] via UAC, so when you “Run as Administrator”, you're still running it under your account, just with an elevated security token. "sudo" is somewhat similar, except that it runs programs as root, which leads to problems with permissions on files in your home directory.
As you can see, the general theme is most components of NT have much cleaner technical designs than their corresponding components in Linux, which NT then squanders behind atrocious interfaces, while Linux puts in tons of work to create great interfaces and new features on top of much worse technical foundations. (This same argument mostly applies to the BSDs too)
[0]: https://en.wikipedia.org/wiki/Architecture_of_Windows_NT#Use...
[1]: https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux#WS...
[2]: https://en.wikipedia.org/wiki/Architecture_of_Windows_NT#Ker...
[3]: https://en.wikipedia.org/wiki/Direct_Rendering_Manager#Kerne...
[4]: https://en.wikipedia.org/wiki/Windows_Display_Driver_Model
[5]: https://en.wikipedia.org/wiki/Object_Manager
[6]: https://en.wikipedia.org/wiki/Role-based_access_control
greatgib•1mo ago
DannyBee•1mo ago
(We went to the same university, ive never worked with him and actually worked at a competitor for about twenty years, but know plenty of folks who have worked with him and am fairly familiar with his work and research)
oreally•1mo ago
feverzsj•1mo ago
noodellaboss•1mo ago
pjmlp•1mo ago
https://www.microsoft.com/en-us/research/people/galenh/