by worble on 3/9/25, 5:09 PM with 166 comments
by tmtvl on 3/9/25, 7:29 PM
by brian-armstrong on 3/9/25, 7:16 PM
left-pad II, coming soon to a Linux distro near you
by deivid on 3/9/25, 7:13 PM
Mostly, I am tired of tools requiring root access, or a block device, to function, even in read only mode.
If you have a file on disk (eg: a VM's disk) mdadm will refuse to show metadata, requiring root to do so.
by noja on 3/9/25, 7:25 PM
by WhereIsTheTruth on 3/9/25, 8:10 PM
> "I'm going to state the obvious, that Rust is very good for security, for parallelism, for performance".
> The idea to replace GNU coreutils with Rust versions was not about security, though, because the GNU versions were already quite secure. "They did an amazing job. They almost don't have any security issues in their code base." And it's not about the licensing, he said. "I'm not interested in that debate."
> One of the reasons that Ledru liked Rust for this project, he said, is that it's very portable. He is "almost certain" that code he writes in Rust is going to work well on everything from Android to Windows.
> Ledru cited laziness as another reason for using Rust. "So if there is a crate or library doing that work, I'm going to use it. I'm not going to implement it [myself]." There are between 200 and 300 dependencies in the uutils project. He said that he understood there is always a supply-chain-attack risk, "but that's a risk we are willing to take". There is more and more tooling around to help mitigate the risk, he said.
People who keep promote this fraud are fraudsters too
by jmclnx on 3/9/25, 7:35 PM
I wonder if Linux is re-written i rust will it too remove GPL as a factor ?
Again due to the license choice I tend to believe this can be seen as a way to move Linux to a Microsoft Type Windows System.
by xixixao on 3/9/25, 7:07 PM
The amount of complexity, even with pretty high-level Rust std, is still super high. So rewriting them in Rust is no small feat.
For the file-system management ones: I appreciate the value of everyone knowing these tools, but they do have some terrible defaults, and I wish there was an alternative between using a GUI/TUI file manager and carefully not stabbing myself in the foot. That's why I started building human-utils (alas it's very much unfinished).
by timewizard on 3/9/25, 7:30 PM
That's not obvious.
> He is "almost certain" that code he writes in Rust is going to work well on everything from Android to Windows.
I'd think the problem with security in code is cocky developers who believe that some part of the environment is magical and can save them from themselves.
> Ledru cited laziness as another reason for using Rust. "So if there is a crate or library doing that work, I'm going to use it. I'm not going to implement it [myself]."
Precisely. Where does this "certainty" come from then?
> He is thinking about "what we are going to leave to the next generation".
At this rate, a complete and total mess, of two slightly incompatible libraries neither of which have any significant features which differentiate it from the other, save for in the imagination of the developers themselves.
by jll29 on 3/9/25, 7:51 PM
There was a book called "Dr. Dobb's C-tools", which had the commented source code of a C compiler, assembler, linker and std library, and it greatly benefitted me to go beyond K&R's book towards understand the idioms of C programing.
by malkia on 3/9/25, 7:07 PM
by shmerl on 3/9/25, 6:47 PM
by 1vuio0pswjnm7 on 3/10/25, 3:34 AM
by greenheadedduck on 3/9/25, 7:27 PM
by saurik on 3/9/25, 7:47 PM
It just really really sucks that people are thereby allocating a ton of effort into reimplementing these tools--putting good effort behind a project that even has a good reason to exist (memory safety), even if (as I'll poke at later in this comment) that apparently is explicitly not the reason they are working on this (which shocked me)--with the goal of being "bug for bug compatible" with the upstream copies from the GNU Foundation while carefully ignoring the #1 most important integration (as this affects how the software fits into the whole) test: "is this software 'free' as in freedom?".
Of course, they claim that this is some kind of unproductive waste of time "debate", as if the license is the least important part of the software and doesn't matter, and I think some people want to take this narrative. Regardless, whether or not we agree with this--a position that feels a lot like "politics don't matter and are a waste of time, so stop voicing your concerns"--that's not what's going on here: if you look a bit deeper, this project actually cares deeply about its license, and is going out of its way to choose the license it is using, ignore complaints, and avoid ending up GPL.
https://www.youtube.com/watch?v=5qTyyMyU2hQ
In an interview with FOSS Weekly, Sylvestre Ledru (the main developer, who curiously has a background working on Debian and Firefox, before ending up getting seduced by the clang/LLVM ecosystem), firmly states "it is not about security", focusing only on an interest in learning himself how the full stack of tools function and preparing for a future where new developers don't actually know enough C to contribute; this might seem to fit into the earlier narrative that the license doesn't really matter, which he later restates himself "I don't care that much, as long as it is OSI compliant".
This topic comes up multiple times later in the interview, and Steven sticks to his framing that he doesn't care about the license, that this debate is a waste of time, and that he tries to avoid discussing it as it is "more philosophical than technical". Of course, this isn't preventing him from discussing it ;P... this is clearly a big issue that people have with this project, it is one that comes up in most discussions of the project, and--if it really didn't matter, and it really weren't a big deal--you would thereby expect that he'd just change it, to avoid having to discuss it again...
...only, in this interview--in no small part from the interviewer slowly leaking part of their pre-interview discussion to cause the topic to keep coming back up--we learn just how much this developer does seem to care about the license, as, to keep it all as MIT, he's having to avoid looking at the original implementation, in an attempt to avoid accidentally letting his code get infected by GPL, to support some users of the project who actively choose to use this reimplementation to avoid GPL compliance (the example we are given--by the interviewer outing it, not him--is "car manufacturers").
As someone who works in security but finds it demoralizing how often security is used as an excuse for what ends up being an effort to lock users out of a platform due to what is merely some supposedly-accidental property of the effort--including one time I was in a hearing with the US Copyright Office, sitting next to a rep from General Motors who was there to argue that we shouldn't be allowed to jailbreak a "portable all-purpose mobile computing device" because that might include a car (lol)--I found this back/forth in the comments forum on the website for this interview worth reading:
https://hackaday.com/2024/07/17/floss-weekly-episode-792-rus...
<AgainAgain> the goal is to “rewrite it in x” is to move everything to permissive liscenses. then lock future changes away. just like every thing else “security” is used as pretext.
<Jonathan Bennett> We chatted a bit about exactly that. They make no claim that this effort is for security, and freely admitted that some of their users are doing so precisely because it’s MIT and not GPL. So… Yes, but actually no.
<Thovte> That sounds like yes, but actually, yes. No?