Fast, secure, safe: the web that can still be

Node, PHP, Python, Ruby—we’ve grown accustomed to the fact that most of the web is produced by dynamic languages. This has various advantages in expressiveness, but it’s not without its problems.

Somehow in the rush of Minimum Viable Products and the latest fashions in web frameworks, most web developers have forgotten compiled languages.

This talk will look at some of the problems caused by dynamic languages and how compiled languages can solve them surprisingly elegantly, looking in particular at Rust as an implementation language.

The two key areas of focus are performance and correctness:

1) Performance (development, CPU and memory): dynamic languages focus on developer performance at the cost of runtime performance, causing various scalability problems and upsetting users by making them wait. As it stands, web server startup times of a minute are not unheard-of, with basic apps using several hundred megabytes of RAM; tests that take many minutes to run are also common. In a language like Rust, total server startup times measured in milliseconds are the norm (of course, this is to be balanced against compile time), and memory usage can easily be cut to a minuscule fraction of that of its dynamic brethren.

Moreover, the developer performance claims of dynamic languages really start to fall apart over time as codebases grow and time passes by, and the probability of accidentally introducing nasty bugs increases significantly; compiled languages have various standard features that make long-term maintenance surprisingly easy and safe.

2) Correctness: dynamic languages make it concerningly easy to do the wrong thing, and only find out at runtime—or worse, when your site has been hacked. By using a language like Rust and its type system effectively, we’ll see how doing the right thing comes naturally, and how this can save you from nasty bugs and security problems. As an example, it’s entirely feasible to make a web framework immune to injection bugs (SQL injection, XSS, &c.), without performance becoming a problem.

You will come away from this talk thoughtfully assessing the tradeoffs of compiled and dynamic languages, perhaps ready to experiment with a completely compiled language for a change.

Chris Morgan



I’ve been working with the web from when I was ten. Until a year or so ago, I worked in dynamic languages almost all the time; professionally, I still work mostly in Python and JavaScript. But I had formed a vision of the web framework that I wanted, and at present Rust is the best language for my goals. I believe that the future lies somewhere closer to such languages, rather than with completely dynamic languages, and I’m slowly but surely building my vision—starting with writing Rust’s HTTP libraries.