The focus on media parsing is smart - it's one of the most attack-prone surfaces in any messaging app. Media files are essentially untrusted input from the network that need complex processing.
What's interesting is the broader trend: Signal's libsignal is Rust, Matrix's vodozemac (Olm/Megolm implementation) is Rust, and now WhatsApp is moving this direction. The industry seems to be converging on Rust for the security-critical paths while keeping the UI layer in whatever makes sense for the platform.
The differential fuzzing approach they mention is key - you can't just rewrite and hope for the best. Real-world media is full of edge cases and malformed files that users expect to "just work." Having both implementations running in parallel during the transition gives you a safety net.
I agree with everything you say. But wow, does that comment sound like AI. Probably Grok?
Not saying you are AI, you might just be a heavy user who picked up the same patterns
The "is key - ", is a key giveaway.
I like your AI slop detector, is it part of your consciousness ?
The hardest part of a rewrite like this is usually maintaining bug-for-bug compatibility with the legacy parser rather than the actual Rust implementation. Most real-world media files are malformed in some way that the C++ code implicitly handled, so if you write a strict parser you end up breaking valid user data. Differential fuzzing seems like the only practical way to map that behavior without manually reviewing millions of edge cases.
It sounds like it's a design goal of this "wamedia" to _not_ maintain bug compatibility with media players.
I suspect it is actually about maintaining permissiveness for malformed inputs rather than keeping security bugs. I ran into this building ingestion for a print-on-demand service where users upload technically broken PDFs that legacy viewers handle fine. If the new parser is stricter than the old one you end up rejecting files that used to work, which is a non-starter for the product.
> Two major hurdles were the initial binary size increase due to bringing in the Rust standard library [...].
They don't say what they did about it, do they? Did they just accept it?
I suspect they just use no_std whenever its applicable
Turn out if you have strong control over the compiler and linker instrumentations, there are a lot of ways to optimize binary size
Probably yes. It's ~300KB per binary, and it's a one-time cost.
It can be avoided entirely by disabling the standard library, but that's inconvenient, and usually done only when writing for embedded devices.
Usually the problem isn't the size directly, but duplication of Rust dependencies in mixed C++/Rust codebases.
If you end up with a sandwich of build systems (when you have library dependencies like C++ => Rust => C++ => Rust), each Rust/Cargo build bundles its copy of libstd and crates. Then you need to either ensure that the linker can clean that up, or use something like Bazel instead of Cargo to make it see both Rust and C++ deps as part of a single dependency tree.
The whole article a bit watery which is why I read it as a PR rather than technical presentation
> We believe that this is the largest rollout globally of any library written in Rust.
I suppose this is true because there's more phones using WhatsApp than there are say Windows 11 PCs.
Given that WhatsApp uses libsignal, is it safe to assume that they haven't been using the Rust library directly?
WhatsApp doesn't use libsignal, and Android is already pretty Rusty and deployed more than WhatsApp around the world (not just smartphone. Tons of "embedded" use cases also run on custom Android)
Like our gym devices that have a full tablet to run a basic application to control weights, talk about wasting money.
It doesn't make sense for that device alone, but the vendor probably supplies all the different equipment in the gym. Using a tablet simplifies their supply chain, deployment, debugging/repair, app update process and simply supports more features. There are probably some connectivity features on the device, for example. When you look at all of that together, it's hard to argue it's wasting money.
It's like complaining about Electron apps. For sure I love small native apps like everyone else. But, if Electron enables a company to ship cross-platform apps and iterate faster, who am I to say no?
(I happen to have seen some of those tablets in diagnostic mode and poked around a bit. These things are much more complicated than you think.)
Once you price in the cost of integration, plastics, ROHS, CE and other regulatory/certifications, the extra cost of an Android tablet which already has a lot of that starts to make sense.
If you also add in the extra ease of things like device management across fleets etc, it becomes a no-brainer for the manufacturer.
Well, doesn't look like to me, and a plain ESP32 with a touch screen would do the job for displaying a weight bar with plus, minus and reset count buttons.
And then you get to a cardio unit where you want a completely different set of features and have to start over. Going lean on hardware only makes sense when you push out a very high number of units, when you have to deal with battery constraints or when you just have a lot of intertia, the combination of existing codebase and developer filter skillset.
Except all the machines have the same feature set I mentioned.
Agree that wanting to hire cheap developers is why they did it that way, the current interface is so laggy that I would bet it is Web based, on top of running Android for nothing.
That's not a problem of the platform, but is a problem of the developers.
The extra cost of an Android capable tablet (maybe $200 especially wholesale) is a minimal hardware cost considering the overall price of the equipment is in the thousands.
But finding good embedded developers is a very difficult problem to solve, much easier to find Android app developers and then you get the Android eco-system for free like device management, OTA updates etc.
Put all the sensors and controls on a USB bus and you need one or two actual embedded developers to deal with the drivers and the rest of the developers can build the UI that people see.
In the case of a gym, the person buying the equipment is the customer, not you.
They want features that will make you "sticky" to the gym, plus save costs on training you on how to use the equipment.
[deleted]
If you watch "Microsoft is Getting Rusty: A Review of Successes and Challenges" it appears the whole effort is more on the Azure side, and besides some timid adoption like GDI regions, there is a lukewarm adoption of Rust on Windows side, still pretty much a C and C++ feud.
The focus on media parsing is smart - it's one of the most attack-prone surfaces in any messaging app. Media files are essentially untrusted input from the network that need complex processing.
What's interesting is the broader trend: Signal's libsignal is Rust, Matrix's vodozemac (Olm/Megolm implementation) is Rust, and now WhatsApp is moving this direction. The industry seems to be converging on Rust for the security-critical paths while keeping the UI layer in whatever makes sense for the platform.
The differential fuzzing approach they mention is key - you can't just rewrite and hope for the best. Real-world media is full of edge cases and malformed files that users expect to "just work." Having both implementations running in parallel during the transition gives you a safety net.
I agree with everything you say. But wow, does that comment sound like AI. Probably Grok?
Not saying you are AI, you might just be a heavy user who picked up the same patterns
The "is key - ", is a key giveaway.
I like your AI slop detector, is it part of your consciousness ?
The hardest part of a rewrite like this is usually maintaining bug-for-bug compatibility with the legacy parser rather than the actual Rust implementation. Most real-world media files are malformed in some way that the C++ code implicitly handled, so if you write a strict parser you end up breaking valid user data. Differential fuzzing seems like the only practical way to map that behavior without manually reviewing millions of edge cases.
It sounds like it's a design goal of this "wamedia" to _not_ maintain bug compatibility with media players.
I suspect it is actually about maintaining permissiveness for malformed inputs rather than keeping security bugs. I ran into this building ingestion for a print-on-demand service where users upload technically broken PDFs that legacy viewers handle fine. If the new parser is stricter than the old one you end up rejecting files that used to work, which is a non-starter for the product.
> Two major hurdles were the initial binary size increase due to bringing in the Rust standard library [...].
They don't say what they did about it, do they? Did they just accept it?
I suspect they just use no_std whenever its applicable
https://github.com/facebook/buck2/commit/4a1ccdd36e0de0b69ee...
https://github.com/facebook/buck2/commit/bee72b29bc9b67b59ba...
Turn out if you have strong control over the compiler and linker instrumentations, there are a lot of ways to optimize binary size
Probably yes. It's ~300KB per binary, and it's a one-time cost.
It can be avoided entirely by disabling the standard library, but that's inconvenient, and usually done only when writing for embedded devices.
Usually the problem isn't the size directly, but duplication of Rust dependencies in mixed C++/Rust codebases.
If you end up with a sandwich of build systems (when you have library dependencies like C++ => Rust => C++ => Rust), each Rust/Cargo build bundles its copy of libstd and crates. Then you need to either ensure that the linker can clean that up, or use something like Bazel instead of Cargo to make it see both Rust and C++ deps as part of a single dependency tree.
Who knows what they did, but there are things which can be done: https://github.com/johnthagen/min-sized-rust
The whole article a bit watery which is why I read it as a PR rather than technical presentation
> We believe that this is the largest rollout globally of any library written in Rust.
I suppose this is true because there's more phones using WhatsApp than there are say Windows 11 PCs.
Given that WhatsApp uses libsignal, is it safe to assume that they haven't been using the Rust library directly?
WhatsApp doesn't use libsignal, and Android is already pretty Rusty and deployed more than WhatsApp around the world (not just smartphone. Tons of "embedded" use cases also run on custom Android)
Like our gym devices that have a full tablet to run a basic application to control weights, talk about wasting money.
It doesn't make sense for that device alone, but the vendor probably supplies all the different equipment in the gym. Using a tablet simplifies their supply chain, deployment, debugging/repair, app update process and simply supports more features. There are probably some connectivity features on the device, for example. When you look at all of that together, it's hard to argue it's wasting money.
It's like complaining about Electron apps. For sure I love small native apps like everyone else. But, if Electron enables a company to ship cross-platform apps and iterate faster, who am I to say no?
(I happen to have seen some of those tablets in diagnostic mode and poked around a bit. These things are much more complicated than you think.)
Once you price in the cost of integration, plastics, ROHS, CE and other regulatory/certifications, the extra cost of an Android tablet which already has a lot of that starts to make sense.
If you also add in the extra ease of things like device management across fleets etc, it becomes a no-brainer for the manufacturer.
Well, doesn't look like to me, and a plain ESP32 with a touch screen would do the job for displaying a weight bar with plus, minus and reset count buttons.
And then you get to a cardio unit where you want a completely different set of features and have to start over. Going lean on hardware only makes sense when you push out a very high number of units, when you have to deal with battery constraints or when you just have a lot of intertia, the combination of existing codebase and developer filter skillset.
Except all the machines have the same feature set I mentioned.
Agree that wanting to hire cheap developers is why they did it that way, the current interface is so laggy that I would bet it is Web based, on top of running Android for nothing.
That's not a problem of the platform, but is a problem of the developers.
The extra cost of an Android capable tablet (maybe $200 especially wholesale) is a minimal hardware cost considering the overall price of the equipment is in the thousands.
But finding good embedded developers is a very difficult problem to solve, much easier to find Android app developers and then you get the Android eco-system for free like device management, OTA updates etc.
Put all the sensors and controls on a USB bus and you need one or two actual embedded developers to deal with the drivers and the rest of the developers can build the UI that people see.
In the case of a gym, the person buying the equipment is the customer, not you.
They want features that will make you "sticky" to the gym, plus save costs on training you on how to use the equipment.
If you watch "Microsoft is Getting Rusty: A Review of Successes and Challenges" it appears the whole effort is more on the Azure side, and besides some timid adoption like GDI regions, there is a lukewarm adoption of Rust on Windows side, still pretty much a C and C++ feud.
https://www.youtube.com/watch?v=1VgptLwP588
Quite impressive, I did not know so many bugs were due to memory access.
Very cool! I'm wondering if Signal is doing something similar? libsignal is implemented in Rust, but I don't know about the other parts.
Cool - now we only need to get selling-you-out-for-profit-Zuckerberg out of WhatsApp to make it really trustworthy.