Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing.
-
Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing. The supposed security and performance gains are irrelevant, and while memory safety is important, logic bugs don’t suddenly cease to exist just because it was written in Rust.
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version
(www.phoronix.com)
-
@maxine wish i could boost this five times
-
Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing. The supposed security and performance gains are irrelevant, and while memory safety is important, logic bugs don’t suddenly cease to exist just because it was written in Rust.
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version
(www.phoronix.com)
@maxine also coreutils 9.11 increased performance by 50%-600% on major tools like
catso the perf claims need to be redrawn anyway -
@maxine also coreutils 9.11 increased performance by 50%-600% on major tools like
catso the perf claims need to be redrawn anyway@maxine oops that would be 1500% https://circumstances.run/@hipsterelectron/116438776604523528
-
Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing. The supposed security and performance gains are irrelevant, and while memory safety is important, logic bugs don’t suddenly cease to exist just because it was written in Rust.
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version
(www.phoronix.com)
@maxine What I do not understand: Why invest so much energy in removing coreutils and other GPLed stuff when they rely on GPLed Linux (kernel) anyway?
-
Do not trust projects which incidentally end up replacing licenses that put minimal requirements on corporations with anti-labour licenses such as MIT/BSD type.
@maxine 100%. I used to be neutral on the license issue but this is quickly becoming a red flag.
-
@maxine What I do not understand: Why invest so much energy in removing coreutils and other GPLed stuff when they rely on GPLed Linux (kernel) anyway?
-
Do not trust projects which incidentally end up replacing licenses that put minimal requirements on corporations with anti-labour licenses such as MIT/BSD type.
@maxine IIRC, uutils has LLM code contributions from people who don't understand what they're doing
-
@maxine What I do not understand: Why invest so much energy in removing coreutils and other GPLed stuff when they rely on GPLed Linux (kernel) anyway?
-
Do not trust projects which incidentally end up replacing licenses that put minimal requirements on corporations with anti-labour licenses such as MIT/BSD type.
@maxine I would not go so far as to categorise permissive licenses in that way, even though Apple, Inc. are my economic free rider. The reality is always more nuanced than that. But for the sake of argument, I feel MPL-2.0 is the way to go for what I publish outside of FreeBSD or existing BSD/MIT projects I work on.
-
@maxine IIRC, uutils has LLM code contributions from people who don't understand what they're doing
@maxine proof: https://github.com/uutils/coreutils/pull/8538
There could be more but I'm not in a mood to dig them all
cc: @hipsterelectron -
Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing. The supposed security and performance gains are irrelevant, and while memory safety is important, logic bugs don’t suddenly cease to exist just because it was written in Rust.
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version
(www.phoronix.com)
@maxine I love copyleft licensing, but I don't think memory safety bugs are irrelevant, nor do I think people trying transition to memory safe languages are automatically bad actors.
-
@maxine I would not go so far as to categorise permissive licenses in that way, even though Apple, Inc. are my economic free rider. The reality is always more nuanced than that. But for the sake of argument, I feel MPL-2.0 is the way to go for what I publish outside of FreeBSD or existing BSD/MIT projects I work on.
@bms48@mastodon.social @maxine@hachyderm.io Classifying BSD/MIT as anti-labour in general is debatable. That said, in particular contexts like this, they sure can be.
-
@maxine I love copyleft licensing, but I don't think memory safety bugs are irrelevant, nor do I think people trying transition to memory safe languages are automatically bad actors.
@sundew @maxine most of the utils in coreutils have no remote attack surface and run without suid bit, so neither local privilege escalation is an issue. so the threat model really does not include memory-safety in any important way. thus the whole rewrite coreutils in rust for security is utter bullshit.
-
Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing. The supposed security and performance gains are irrelevant, and while memory safety is important, logic bugs don’t suddenly cease to exist just because it was written in Rust.
Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version
(www.phoronix.com)
@maxine Tangential, the Phoronix forums seem to be absolutely flooded with transphobia and other bigotry... I know "don't read the comments" is common sense, but they really need moderators over there
️ -
@maxine Tangential, the Phoronix forums seem to be absolutely flooded with transphobia and other bigotry... I know "don't read the comments" is common sense, but they really need moderators over there
️@luxliquida I resent using Phoronix as a source here but I didn’t find another quickly, but yes, the community of that site is an absolute cesspit. Has been as long as I remember.
-
@sundew @maxine most of the utils in coreutils have no remote attack surface and run without suid bit, so neither local privilege escalation is an issue. so the threat model really does not include memory-safety in any important way. thus the whole rewrite coreutils in rust for security is utter bullshit.
I think memory safety issues in any program can still be very bad news. One example:
https://www.csoonline.com/article/549634/vulnerability-in-widely-used-strings-utility-could-spell-trouble-for-malware-analysts.htmlSure, a safety issue in a webserver is worse than in a utility, but I'd still like all the software I use to be memory-safe.
Even if you're not doing full-on malware analysis, I'd like to know it's safe to run basic utilities on files downloaded from the internet without having to worry about RCE.
-
@maxine oops that would be 1500% https://circumstances.run/@hipsterelectron/116438776604523528
@maxine also forgot about the c2rust ones https://circumstances.run/@hipsterelectron/116453862836059542
-
@torb @txt_file @maxine android uses Linux just fine and it's getting more and more closed. The way I understood it is it's legal because as far as Linux is concerned, all parts of android outside of the kernel are no different from random proprietary apps you can run on your desktop, which is not even a GPL thing but a special additional clause in the Linux license
-
@bms48@mastodon.social @maxine@hachyderm.io Classifying BSD/MIT as anti-labour in general is debatable. That said, in particular contexts like this, they sure can be.
