Rust in Production

NLnet Labs with Arya Khanna and Martin Hoffmann

Every time you load a website, send an email, or update an app, you're quietly relying on a handful of unglamorous services that route your packets to the right place: DNS to translate names into addresses, and BGP to figure out how to actually get there. When these systems break, or get attacked, the Internet doesn't just slow down but stops working. For more than 25 years, NLnet Labs has been one of the small, non-profit teams keeping that core infrastructure running. Their software, including the DNS servers NSD and Unbound, the RPKI tools Krill and Routinator, and the new DNSSEC signer Cascade, is deployed everywhere from hobbyist Pi-Hole setups to Let's Encrypt and major Internet operators. And increasingly, it's written in Rust! In this episode, I talk to Arya Khanna and Martin Hoffmann from NLnet Labs about what it takes to maintain critical Internet infrastructure as a small team, why they bet on Rust for new projects like the domain crate and Cascade and what the rest of us can learn from a codebase whose users include the people who keep your routes flowing. About NLnet Labs NLnet Labs is a non-profit foundation based in Amsterdam that develops open source software and open standards for the core infrastructure of the Internet. Since 1999, the small but dedicated team has built some of the most widely deployed building blocks of the modern web, including the authoritative DNS nameserver NSD [https://nlnetlabs.nl/projects/nsd/about/], the recursive DNS resolver Unbound [https://nlnetlabs.nl/projects/unbound/about/], and the RPKI tools Krill [https://github.com/NLnetLabs/krill] and Routinator [https://nlnetlabs.nl/projects/routing/routinator/], which secure global Internet routing. Their work is trusted by operators ranging from hobbyist Pi-Hole users to Let's Encrypt and major Internet service providers. In recent years, NLnet Labs has been steadily moving its new development to Rust, with projects like the domain [https://nlnetlabs.nl/projects/domain/about/] crate and the Cascade [https://nlnetlabs.nl/news/2025/Oct/07/cascade-0.1.0-released/] DNSSEC signer leading the way. Links From The Episode * NSD [https://nlnetlabs.nl/projects/nsd/about/] - NLNet Labs' first project * lychee [https://github.com/lycheeverse/lychee] - A link-checker that receives funding from NLNet (not NLNet labs!) * unbound [https://nlnetlabs.nl/projects/unbound/about/] - A DNS server like BIND, but only for recursive queries * Cascade [https://nlnetlabs.nl/news/2025/Oct/07/cascade-0.1.0-released/] - The new DNSSEC signing solution from NLNet Labs * Pi-Hole [https://pi-hole.net/] - A small usecase for unbound * Let's Encrypt [https://letsencrypt.org/] - A big user of unbound with scale and security requirements * Asahi Linux [https://asahilinux.org/] - Linux on Apple Silicon, mostly with Rust * Binder CVE [https://social.kernel.org/notice/B1JLrtkxEBazCPQHDM] - A CVE in Rust * LDNS [https://nlnetlabs.nl/projects/ldns/about/] - A collection of DNS functions, written in C, now in maintenance mode * domain [https://nlnetlabs.nl/projects/domain/about/] - The new collection of DNS functions, written in Rust * tokio [https://tokio.rs/] - The biggest shared dependency across the Rust ecosystem, first announced in 2017 * Rust in Production: Helsing with Jon Gjengset [https://corrode.dev/podcast/s06e02-helsing/] - You can take generics too far * bytes [https://github.com/tokio-rs/bytes] - Tokio's Arc of bytes * Arc Welding [https://en.wikipedia.org/wiki/Arc_welding] - The other type of "fixing" * Alejandra González' crate dependency analysis [https://tech.lgbt/@blyxyas/116252699616176134] - 46% of published crates depend directly on tokio * RPKI [https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure] - Signing and validating IPs and routing information * Routinator [https://nlnetlabs.nl/projects/routing/routinator/] - A RPKI validator, one of the first Rust applications in production * hyper [https://hyper.rs/] - The ubiquitous HTTP crate * Krill [https://github.com/NLnetLabs/krill] - The RPKI Certificate Authority tool with "fun" shutdown code * Roto [https://codeberg.org/NLnetLabs/roto] - Tert's scripting language, used by another NLNet Labs project, Rotonda Official Links * NLnet Labs Website [https://nlnetlabs.nl] * Arya Khanna's Website [https://bal-e.org/] * Arya Khanna on GitHub [https://github.com/bal-e] * Arya Khanna on Mastodon [https://tech.lgbt/@bal4e] * Martin Hoffmann on GitHub [https://github.com/partim] * Martin Hoffmann on Mastodon [https://social.tchncs.de/@partim]

Helsing with Jon Gjengset

Jon Gjengset is one of the most recognizable names in the Rust community, the author of Rust for Rustaceans, a prolific live-streamer, and a long-time contributor to the Rust ecosystem. Today he works as a Principal Engineer at Helsing, a European defense company that has made Rust a foundational part of its engineering stack. Helsing builds safety-critical software for real-world defense applications, where correctness, performance, and reliability are non-negotiable. In this episode, Jon talks about what it means to build mission-critical systems in Rust, why Helsing bet on Rust from the start, and what lessons from his years of Rust education have shaped the way he writes and thinks about production code. About Helsing Founded in 2021, Helsing is a European defence company building AI-enabled software for some of the most demanding environments imaginable. Helsing's software runs where correctness is non-negotiable. That philosophy led them to Rust early on and they've leaned into it fully. From coordinate transforms to CRDT document stores to Protobuf package management, almost everything they build ends up being written in Rust. About Jon Gjengset Jon holds a PhD from MIT's PDOS group, where he built Noria, a high-performance streaming dataflow database, and later co-founded ReadySet to continue that work commercially. He then spent time building infrastructure at AWS, before joining Helsing as a Principal Engineer. Outside of his day job, he's been teaching Rust to the world through his livestreams and writing for years, which makes him a rare combination: someone who thinks deeply about both how to use Rust and how to explain it. Links From The Episode * Helsing AI selected for Eurofighter upgrade [https://helsing.ai/newsroom/helsing-ai-selected-for-eurofighter-upgrade] - Helsing's Eurofighter Project * CA-1 Europa [https://helsing.ai/europa] - Helsing's Autonomous Uncrewed Combat Aerial Vehicle * Rust in Python cryptography [https://cryptography.io/en/latest/faq/#why-does-cryptography-require-rust] - Rust being used in a Python library * Clippy Documentation: Adding Lints [https://doc.rust-lang.org/stable/clippy/development/adding_lints.html] - How to add custom lints to (your own fork of) clippy * anyhow's .context() [https://docs.rs/anyhow/latest/anyhow/trait.Context.html] - Use it everywhere, it's very very helpful * eyre [https://docs.rs/eyre/latest/eyre/] - A fork of anyhow with support for customizable, pluggable error report handlers * miette [https://docs.rs/miette/latest/miette/] - Fancy, diagnostic-rich error reporting for Rust with source snippets and labels * buffrs [https://github.com/helsing-ai/buffrs] - Helsing's Cargo-inspired package manager for Protocol Buffers, written in Rust * sguaba [https://github.com/helsing-ai/sguaba] - Helsing's Rust crate for type-safe coordinate system math, preventing unit and frame mix-ups at compile time * Sguaba: Type-safe spatial math in Rust [https://www.youtube.com/watch?v=kESBAiTYMoQ] - Jon's talk at Rust Amsterdam introducing sguaba and the type-system techniques behind it * Apache Avro [https://avro.apache.org/] - A compact binary serialization format for streaming data, with a Rust implementation available via the apache-avro crate * pubgrub [https://docs.rs/pubgrub/latest/pubgrub/] - A Rust implementation of the PubGrub version-solving algorithm, as used in Cargo and uv * CRDTs [https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type] - Conflict-free Replicated Data Types: data structures that can be merged across distributed nodes without conflicts * ADR (Architecture Decision Record) [https://adr.github.io/] - A lightweight way to document important architectural decisions and their context * DSON: JSON CRDT using delta-mutations for document stores [https://dl.acm.org/doi/10.14778/3510397.3510403] - The 2022 paper that was the basis for Helsing's CRDT implementation * dson [https://docs.rs/dson/latest/dson/] - Helsing's Rust implementation of DSON * Jon's Livestreams on YouTube [https://www.youtube.com/@jonhoo] - Deep-dive Rust coding sessions where Jon implements real-world libraries and systems from scratch * WebAssembly with Rust [https://rustwasm.github.io/docs/book/] - The official Rust and WebAssembly book, covering a cool technology and useful skills to have as a Rust developer * Rust for Rustaceans [https://nostarch.com/rust-rustaceans] - Jon's book for intermediate Rust developers covering ownership, traits, async, and the finer points of the language * CVE-2024-24576: Cargo/tar supply chain vulnerability [https://blog.rust-lang.org/2023/08/03/cve-2022-46176.html] - A security issue in the tar crate that affected Cargo's package extraction * Wikipedia: Defence in Depth [https://en.wikipedia.org/wiki/Defence_in_depth_(non-military)#Information_security] - The security principle of using multiple independent layers of protection; Even with Rust you need multiple layers, there is no silver bullet * SBOMs (Software Bill of Materials) [https://www.cisa.gov/sbom] - A machine-readable inventory of all components in a software artifact; Cargo's lock files make this tractable for Rust projects * Helsing: AI-assisted vetting of software packages [https://blog.helsing.ai/posts/ai-assisted-vetting-of-software-packages/] - Make it more efficient to review dependencies you take in * Bevy [https://bevy.org/] - A game engine built entirely in Rust, and a notable example of a large, complex Rust dependency * Tauri [https://tauri.app/] - A Rust-powered framework for building lightweight desktop and mobile apps from a web frontend, an alternative to Electron Official Links * Helsing Website [https://helsing.ai] * Helsing Tech Blog [https://blog.helsing.ai] * Helsing on GitHub [https://github.com/helsing-ai] * Helsing on LinkedIn [https://www.linkedin.com/company/helsing/] * Jon Gjengset's Website [https://thesquareplanet.com] * Jon Gjengset on GitHub [https://github.com/jonhoo] * Jon Gjengset on YouTube [https://www.youtube.com/@jonhoo] * Jon Gjengset on Bluesky [https://bsky.app/profile/jonhoo.eu] * Rust for Rustaceans [https://nostarch.com/rust-rustaceans]

Cloudsmith with Cian Butler

Rust adoption can be loud, like when companies such as Microsoft, Meta, and Google announce their use of Rust in high-profile projects. But there are countless smaller teams quietly using Rust to solve real-world problems, sometimes even without noticing. This episode tells one such story. Cian and his team at Cloudsmith have been adopting Rust in their Python monolith not because they wanted to rewrite everything in Rust, but because Rust extensions were simply best-in-class for the specific performance problems they were trying to solve in their Django application. As they had these initial successes, they gained more confidence in Rust and started using it in more and more areas of their codebase. About Cloudsmith Made with love in Belfast and trusted around the world. Cloudsmith is the fully-managed solution for controlling, securing, and distributing software artifacts. They analyze every package, container, and ML model in an organization's supply chain, allow blocking bad packages before they reach developers, and build an ironclad chain of custody. About Cian Butler Cian is a Service Reliability Engineer located in Dublin, Ireland. He has been working with Rust for 10 years and has a history of helping companies build reliable and efficient software. He has a BA in Computer Programming from Dublin City University. Links From The Episode * Lee Skillen's blog [https://www.skillen.io/] - The blog of Lee Skillen, Cloudsmith's co-founder and CTO * Django [https://www.djangoproject.com/] - Python on Rails * Django Mixins [https://docs.djangoproject.com/en/6.0/topics/class-based-views/mixins/] - Great for scaling up, not great for long-term maintenance * SBOM [https://en.wikipedia.org/wiki/Software_bill_of_materials] - Software Bill of Materials * Microservice vs Monolith [https://martinfowler.com/articles/microservices.html] - Martin Fowler's canonical explanation * Jaeger [https://www.jaegertracing.io/] - "Debugger" for microservices * PyO3 [https://pyo3.rs/] - Rust-to-Python and Python-to-Rust FFI crate * orjson [https://github.com/ijl/orjson] - Pretty fast JSON handling in Python using Rust * drf-orjson-renderer [https://github.com/brianjbuck/drf_orjson_renderer] - Simple orjson wrapper for Django REST Framework * Rust in Python cryptography [https://cryptography.io/en/latest/faq/#why-does-cryptography-require-rust] - Parsing complex data formats is just safer in Rust! * jsonschema-py [https://github.com/Stranger6667/jsonschema/tree/master/crates/jsonschema-py] - jsonschema in Python with Rust, mentioned in the PyO3 docs * WSGI [https://peps.python.org/pep-3333/] - Python's standard for HTTP server interfaces * uWSGI [https://uwsgi-docs.readthedocs.io/en/latest/] - A application server providing a WSGI interface * rustimport [https://github.com/mityax/rustimport] - Simply import Rust files as modules in Python, great for prototyping * granian [https://github.com/emmett-framework/granian] - WSGI application server written in Rust with tokio and hyper * hyper [https://hyper.rs/] - HTTP parsing and serialization library for Rust * HAProxy [https://www.haproxy.org/] - Feature rich reverse proxy with good request queue support * nginx [https://nginx.org/en/] - Very common reverse proxy with very nice and readable config * locust [https://locust.io/] - Fantastic load-test tool with configuration in Python * goose [https://www.tag1.com/goose/] - Locust, but in Rust * Podman [https://podman.io/] - Daemonless container engine * Docker [https://www.docker.com/] - Container platform * buildx [https://github.com/docker/buildx] - Docker CLI plugin for extended build capabilities with BuildKit * OrbStack [https://orbstack.dev/] - Faster Docker for Desktop alternative * Rust in Production: curl with Daniel Stenberg [https://corrode.dev/podcast/s02e01-curl/] - Talking about hyper's strictness being at odds with curl's permissive design * axum [https://docs.rs/axum/latest/axum/] - Ergonomic and modular web framework for Rust * rocket [https://rocket.rs/] - Web framework for Rust Official Links * Cloudsmith Website [https://cloudsmith.com/] * Cian Butler's Website [https://cianbutler.ie/] * Cian's E-Mail [butlerx@notthe.cloud]

Gama Space with Sebastian Scholz

Space exploration demands software that is reliable, efficient, and able to operate in the harshest environments imaginable. When a spacecraft deploys a solar sail millions of kilometers from Earth, there's no room for memory bugs, race conditions, or software failures. This is where Rust's robustness guarantees become mission-critical. In this episode, we speak with Sebastian Scholz, an engineer at Gama Space, a French company pioneering solar sail and drag sail technology for spacecraft propulsion and deorbiting. We explore how Rust is being used in aerospace applications, the unique challenges of developing software for space systems, and what it takes to build reliable embedded systems that operate beyond Earth's atmosphere. About Gama Space Gama Space is a French aerospace company founded in 2020 and headquartered in Ivry-sur-Seine, France. The company develops space propulsion and orbital technologies with a mission to keep space accessible. Their two main product lines are solar sails for deep space exploration using the sun's infinite energy, and drag sails—the most effective way to deorbit satellites and combat space debris. After just two years of R&D, Gama successfully launched their satellite on a SpaceX Falcon 9. The Gama Alpha mission is a 6U cubesat weighing just 11 kilograms that deploys a large 73.3m² sail. With 48 employees, Gama is at the forefront of making space exploration more sustainable and accessible. About Sebastian Scholz Sebastian Scholz is an engineer at Gama Space, where he works on developing software systems for spacecraft propulsion technology. His work involves building reliable, safety-critical embedded systems that must operate flawlessly in the extreme conditions of space. Sebastian brings expertise in systems programming and embedded development to one of the most demanding environments for software engineering. Links From The Episode * GAMA-ALPHA [https://www.satcat.com/sats/55084] - The demonstration satellite launched in January 2023 * Ada [https://ada-lang.io/] - Safety-focused programming language used in aerospace * probe-rs [https://probe.rs/] - Embedded debugging toolkit for Rust * hyper [https://hyper.rs/] - Fast and correct HTTP implementation for Rust * Flutter [https://flutter.dev/] - Google's UI toolkit for cross-platform development * UART [https://en.wikipedia.org/wiki/Universal_asynchronous_receiver-transmitter] - Very common low level communication protocol * Hamming Codes [https://en.wikipedia.org/wiki/Hamming_code] - Error correction used to correct bit flips * Rexus/Bexus [https://en.wikipedia.org/wiki/Rexus/Bexus] - European project for sub-orbital experiments by students * Embassy [https://embassy.dev/] - The EMBedded ASsYnchronous framework * CSP [https://github.com/libcsp/libcsp] - The Cubesat Space Protocol * std::num::NonZero [https://doc.rust-lang.org/std/num/struct.NonZero.html] - A number in Rust that can't be 0 * std::ffi::CString [https://doc.rust-lang.org/std/ffi/struct.CString.html] - A null-byte terminated String * Rust in Production: KSAT [https://corrode.dev/podcast/s04e07-ksat/] - Our episode with Vegard about using Rust for Ground Station operations * Rust in Production: Oxide [https://corrode.dev/podcast/s03e03-oxide/] - Our episode with Steve, mentioning Hubris * Hubris [https://github.com/oxidecomputer/hubris] - Oxide's embedded operating system * ZeroCopy [https://docs.rs/zerocopy/latest/zerocopy/] - Transmute data in-place without allocations * std::mem::transmute [https://doc.rust-lang.org/std/mem/fn.transmute.html] - Unsafe function to treat a memory section as a different type than before Official Links * Gama Space Website [https://www.gamaspace.com/] * Gama Space on LinkedIn [https://www.linkedin.com/company/gamaspace/] * Gama Space on Crunchbase [https://www.crunchbase.com/organization/gama-22d7]

Radar with Jeff Kao

Radar processes billions of location events daily, powering geofencing and location APIs for companies like Uber, Lyft, and thousands of other apps. When their existing infrastructure started hitting performance and cost limits, they built HorizonDB, a specialized database which replaced both Elasticsearch and MongoDB with a custom single binary written in Rust and backed by RocksDB. In this episode, we dive deep into the technical journey from prototype to production. We talk about RocksDB internals, finite-state transducers, the intricacies of geospatial indexing with Hilbert curves, and why Rust's type system and performance characteristics made it the perfect choice for rewriting critical infrastructure that processes location data at massive scale. About Radar Radar is the leading geofencing and location platform, trusted by companies like Uber, Lyft, and thousands of apps to power location-based experiences. Processing billions of location events daily, Radar provides geofencing APIs, geocoding, and location tracking that enables developers to build powerful location-aware applications. Their infrastructure handles massive scale with a focus on accuracy, performance, and reliability. About Jeff Kao Jeff Kao is a Staff Engineer at Radar, where he led the development of HorizonDB, Radar's geospatial database written in Rust. His work replaced Elasticsearch and MongoDB with a custom Rust stack built on RocksDB, achieving dramatic improvements in performance and cost efficiency. Jeff has deep experience with geospatial systems and previously open-sourced Node.js TypeScript bindings for Google's S2 library. He holds a degree from the University of Waterloo. Links From The Episode * Radar Blog: High-Performance Geocoding in Rust [https://radar.com/blog/high-performance-geocoding-in-rust] - The blog post, which describes Radar's migration from Elasticsearch and MongoDB to Rust and RocksDB * FourSquare [https://foursquare.com/] - The compay Jeff worked at before * Ruby [https://www.ruby-lang.org/] - The basis for Rails * PagerDuty) [https://www.pagerduty.com/] - Another company Jeff worked at. Hes' been around! * CoffeeScript [https://coffeescript.org/] - The first big JavaScript alternative before TypeScript * Scala [https://www.scala-lang.org/] - A functional JVM based language * Wikipedia: MapReduce [https://en.wikipedia.org/wiki/MapReduce] - Distributed application of functional programming * Wikipedia: Algebraic Data Types [https://en.wikipedia.org/wiki/Algebraic_data_type] - The concept behind Rust's Enums, also present in e.g. Scala * Kotlin [https://kotlinlang.org/] - Easier than Scala, better than Java * Apache Lucene [https://lucene.apache.org/] - The core of ElasticSearch * Discord Blog: Why Discord is switching from Go to Rust [https://discord.com/blog/why-discord-is-switching-from-go-to-rust] - Always the #1 result in searches for Rust migrations * Radar Blog: Introducing HorizonDB [https://radar.com/blog/introducing-horizondb] - A really nice write up of Horizon's architecture * RocksDB [https://rocksdb.org/] - The primary storage layer used in HorizonDB * MyRocks [https://github.com/facebook/mysql-5.6] - A MySQL Storage Engine using RocksDB, written by Facebook * MongoRocks [https://github.com/mongodb-partners/mongo-rocks] - A MongoDB Storage Layer using RocksDB * CockroachDB [https://www.cockroachlabs.com/] - PostgreSQL compatible, distributed, SQL Database * InfluxDB [https://www.influxdata.com/] - A timeseries database that used RocksDB at one point, and our very first guest in this Podcast! * sled [https://github.com/spacejam/sled] - An embedded database written in Rust * rocksdb [https://github.com/rust-rocksdb/rust-rocksdb] - Rust bindings for RocksDB * H3 [https://h3geo.org/] - Uber's Geo Hashing using hexagons * S2 [https://s2geometry.io/] - Google's Geo Hashing library * Wikipedia: Hilbert Curve [https://en.wikipedia.org/wiki/Hilbert_curve] - A way to map 2 dimensions onto 1 while retaining proximity * Wikipedia: Finite-State Transducer [https://en.wikipedia.org/wiki/Finite-state_transducer] - A state machine used for efficiently looking up if a word exists in the data set * Rust in Production: Astral [https://github.com/corrode/corrode.github.io/blob/baea69ca7c7be643832a8970c635d98f312ecc18/podcast/s04e03-astral] - Our episode with Charlie Marsh about tooling for the Python ecosystem * burntsushi [https://github.com/BurntSushi] - A very prolific Rust developer, now working at Astral * fst [https://github.com/BurntSushi/fst] - FST crate from burntsushi * Wikipedia: Trie [https://en.wikipedia.org/wiki/Trie] - A tree-structure using common prefixes * Wikipedia: Levenshtein Distance [https://en.wikipedia.org/wiki/Levenshtein_distance] - The number of letters you have to change, add, or remove to turn word a into word b * tantivy [https://github.com/quickwit-oss/tantivy] - A full-text search engine, written in Rust, inspired by Lucene * LightGBM [https://github.com/microsoft/LightGBM] - A gradient boosted tree, similar to a decision tree * fastText [https://fasttext.cc/] - A text classification library from Meta * Wikipedia: Inverted Index [https://en.wikipedia.org/wiki/Inverted_index] - An index used for e.g. full text search * Wikipedia: Okapi BM25 [https://en.wikipedia.org/wiki/Okapi_BM25] - The ranking algorithm used in tantivy * Wikipedia: tf-idf [https://en.wikipedia.org/wiki/Tf%E2%80%93idf] - A classic and simple ranking algorithm * Roaring Bitmaps [https://github.com/RoaringBitmap/roaring-rs] - A very fast bitset library used in many places * corrode.dev: Be Simple [https://corrode.dev/blog/be-simple/] - A sentiment right down Matthias' alley * loco-rs [https://loco.rs/] - Rust on Rails Official Links * Radar [https://radar.com/] * Radar Blog [https://radar.com/blog] * Radar Documentation [https://radar.com/documentation] * Jeff Kao on LinkedIn [https://www.linkedin.com/in/jeff-kao/]