cross-posted from: https://programming.dev/post/35495679
Earlier post version: image/text.
From another article referenced there:
The maintainers of the Ubuntu Linux distribution are now rewriting GNU Coreutils in Rust. Instead of using the GPLv3 license, which is designed to make sure that the freedoms and rights of the user of the program are preserved and always respected over everything else, the new version is going to be released using the very permissible or “permissive” (non-reciprocal) MIT license, which allows creating proprietary closed-source forks of the program.
There will surely be small incompatibilities - either intentional or accidental - between the Rust rewrite of coreutils and the GNU/C version. If the Rust version becomes popular - and it probably will, if Ubuntu starts using it - the Rust people will start pushing their own versions of higher level programs that are only compatible with the Rust version of coreutils. They will most probably also spam commits to already existing programs making them incompatible with the GNU/C version of coreutils. That way either everyone will be forced into using the MIT-licensed Rust version of coreutils, or the Linux userland becomes even more broken than it already is because now we have again two incompatible sets of runtime functions that conflict with one another. Either way, both outcomes benefit the corporations that produce proprietary software.
(Source – which does contain some more-than-problematic language outside of these passages, compare the valid objections raised by others here and in the cross-posts.)
Compare also how leaders of Canonical/Ubuntu have ties to Microsoft, and how the Canonical employee who leads the push to rewrite coreutils as non-GPL-licensed Rust software has spent years working for the British Army, where he “Architected and built multiple high-end bespoke Electronic Surveillance capabilities”, by his own proud admission.
Fuck, I’m so tired of canonical’s bullshit.
They used to be a boon for the free software ecosystem, now they’re a detriment whenever it’s convenient.
There are some scumbags in that company eager to profit off of lowering people’s standards wherever possible.
Do not let them. They don’t need a nicer campus.
Rust people seem to be focused mostly on identity politics and dividing people into groups that are then supposed to fight each other.
Yeah, this guy can eat my entire ass. This is the same language that fascists use to delegitimize anyone who isn’t straight and white.
He’s not wrong, though.
There is way more social activism among Rust developers than other languages.
If you read the Rust manual, it even says at the very beginning that the entire purpose behind Rust is empowerment.
Just because people say things you don’t like doesn’t mean they’re not true.
at first, i lol’ed at the c/rust divide because i thought it was another silly holy war like emacs/vi but it’s taken on a MUCH bigger and troubling role
The problem is there are tons of c developers who are old and don’t want anything new. But C is unsafe and don’t come back with a skills issue we have tons of examples of C being unsafe and in big projects it is hard to see every mistake. And I’m not saying rust is the answer but to eliminate 90% of most bugs a memory safe language should be used.
I’d say a bigger issue is the adoption of non-free software.
It doesn’t matter what language you choose; if you pick a non-free license then you are part of the problem.
the licensing seems to be the issue here instead of the possible exploits.
I posted 2 years ago about the same concerns on /r/StallmanWasRight and the lemmy rust community. Many dismissed it as a conspiracy theory … Not that I agree with the form and language used in this article but ditching GPL coreutils from prominent distros is a turning point and slippery slope for Free Software and Linux.
The article is clearly mostly manipulative bullshit. The arguments about “incompatibilities” between uutils and coreutils being used as an “extend” strategy is just bonkers, the point of uutils is to be a 1-to-1 compatible toolset, and there’s no reason to doubt the developer’s intention there. Even if they do introduce some extra features, most software projects that actually matter will not be using them, because compatibility with coreutils will remain important for decades to come.
The kernel of truth hiding in there is that Rust’s “preferred” licensing under MIT/Apache is indeed a problem, and it should have been GPL (or at least MPL) everywhere from the beginning, especially for libraries. This is probably the worst aspect of Rust indeed, but not enough to outweigh all the awesome technical parts of it.
That was long before I even noticed how disgusting people many Rust programmers are.
His entire argument is rather undercut by his grandpa-level ranting about “discord” and the use of JavaScript on rust forums.
Those are all legitimate concerns that useful idiots have been conditioned to ignore.
Man, I miss when only half the first world was on the Internet.
We need barriers of entry to keep morons and their asinine rhetoric out.
As the saying goes, don’t throw the baby out with the bathwater. I think @floofloof@lemmy.ca summed things up pretty well here.
Also, from my reply to that comment:
As for the off-putting statements about ‘Rust people’: Since the article was published on March 19, I wonder if much of it, revolving around what the author saw as indications of authoritarianism, came from heavy disquiet in the face of authoritarianism’s recent gaining hold of the White house. I’d even consider it likely that people who post on Techrights have an above-average sensitivity for this kind of thing. It could be that the author has since arrived at a more differentiated and just view. Of note, since the time of his writing, the Rust project did remedy things that he criticized about their website.
As the saying goes, don’t throw the baby out with the bathwater.
Meh - I’m pretty confident this sort of rant is well worth ignoring.
some untested stuff controlled by proprietary software of Microsoft?
AFAIK, Rust is mainly funded by the Rust Foundation, which not only includes Microsoft, but also includes comrades from Huawei and alike.
I don’t really buy the “small incompatibilities” argument. The project strives for total compatibility, even down to the most esoteric parameter that nobody has ever heard of. And even that seems like overkill to me - there are alternative implementations of core commands on Linux and other *nix systems like BSD, Solaris etc. where the compatibility is way worse. For example, busybox is used in embedded Linux, and a containerized images like Alpine Linux.
It also seems a bit rich to complain that uutils might get extended. GNU coreutils came into being because of dissatisfaction with the commands that came with the default *nix. Same for bash (vs sh), GNU cc (vs cc), GNU emacs (vs emacs) and so on. Was there somebody back then complaining about devs “spamming commits” that extended functionality?
And other Rust applications won’t only work with uutils. That’s absurd. They’ll test the capabilities of the OS they’re built to run on either at build time with feature flags or at runtime by probing commands. Just like any other high level application.
As for license, MIT is used for plenty other things in a typical Linux dist, e.g. X11.
The biggest point of concern for a Rust rewrite is dependency integrity. Rust uses cargo to manage dependencies and absolutely everything in the Cargo.toml/Cargo.lock files has to be reviewed. The crates.io repository is beginning to support package signing and The Update Framework initiative but every single dependency of uutils would need to be carefully reviewed and signature validated for it to be considered trustworthy. Basically everything needs to get locked down, and wherever possible dependencies expunged altogether.
Nope. Not reading a Techrights article.
The title is bs. There is no “push by Canonical”. A random person on the internet wrote Uutils in Rust because it’s easy to write fast code in it. Then Canonical wants to package the software but they aren’t “pushing”, they are just packaging software someone else wrote. Canonical’s goal is memory safety but that’s not the author’s goal because Coreutils haven’t got many vulnerabilities anyways.
The licensing part is sort of sad. The author picked MIT, because he does not care. He also said that he does not want drama. Well he did get the drama. The sad part is that I think that he would be willing to change the license to GPL, had it not been for all the childish drama and “hate”. Communication is difficult for people online, unfortunately.
It’s not really childish if you understand the implications of choosing a license.
I’m tired of mornic losers being afraid to fight for what they believe in because it might make them look bad in front of their peers.
If you care about the subject, then you shouldn’t let the opinions of idiots dictate your actions.
Ubuntu Pro intensifies with the full support of the tools under a custom license.
Glad I switched to Debian a few years ago.
Got tired of seeing that advertisement every time I logged in.
Fuck Canonical and whatever scumstains keep trying to profit off of people’s low standards.
Fuck that entirely
Eh, it’s Ubuntu. They have a long history of trying to reinvent the wheel, getting no traction, and then reverting to whatever the rest of the world uses instead. And Linux is full of incompatible parallel packages that provide the same functionality. It ended up not mattering very much with init systems—why should this be any different, even if it’s the one Ubuntu oval-shaped wheel that catches on for some reason?
I’m really not a fan of this whole rust movement. Statically linked binary, no ta.
I’ve started looking for another c/c++ based shell to go back to, now that fish has moved to rust (ideally ones that follow xdg config specs etc). Ysh (oils) is current choice.
Rust isn’t the problem.
It’s the licensing.
I’m struggling to connect the dots between “X person used to work in electronic surveillance” and an immediate risk to the open source software being developed by a different employer. Is there some reason to think this person is still working for their old employer? Or is the speculation that they are a idologue out to destroy Linux from the inside?
If there’s something unsafe in the code, especially a rust rewrite of the coreutils I’d expect it’s going to be found immediately. People are going to go over that code with a fine toothed comb.
If the central idea of the article is “I don’t think there’s a place in the FOSS community for people with different ideas/beliefs/history than me” then the author should come out and say that (many have in the past). Claiming we’re at risk because of some wild speculation about a nefarious plot between the military and Microsoft to attack Linux and privacy… it really does require something more firm than this.
I think what they’re trying to imply is that Canonical is setting this all up so they can create a (possibly paid) fork of coreutils that spys on its users.
Which is all well and good except for now it’s just a baseless paranoid fantasy. And if that was laid out up front I would have no notes.
Over here in reality, if Canonical deployed a closed source, paid, spyware laden version of it’s OS it might take a little while for some of the server business to disappear, but they’d loose almost all their market share overnight. They’d be a cautionary tale in the FOSS community and the software industry.
Finally, some legitimate critique of Rust, that does not revolve around “DEI bad” or “memory safety bad”!
Both can be criticized within reason. Yes, there’s that infamous Rust dev, who likes to sabotage projects she’s involved with the moment things don’t go the way she wants it, thinks the word “cancer” is somehow a slur, and of course loves to send her followers after people for various reasons, often while purposefully misinterpreting people’s words. All while spreading either the evopsych “extreme female brain theory of borderline personality disorder” nonsense, or the “cluster B abuse” nonsense made up by far-right theologists masquerading as psychologists to explain trans people on the terms of christian fundamentalism and without allowing them to live life as they want. This (nor other similarly bad Rust devs, nor callout culture in general, nor other things like the whole “master” branch fiasco with Github) does not mean we need to throw out the baby with the bathwater, like Brian Lunduke and other far-right adjacent people want us to do, all while pretending their position is the “centist” one, because “real fascists did those things for the sake of pure evil, but we have good reasons to do those very same things, like crime statistics and IQ tests”.
Same with memory safety. We usually get the “skill issue” type of critique, meaning “just write better code”. I personally prefer D’s approach to memory safety with its multi-level solution alongside with the much nicer code for the unsafe stuff. And I guess Rust also have something similar to D’s
--noboundscheckcompiler flag as a way to disable boundschecks in times it’s needed.This all creates a situation I’ve first seen unfolding during the whole gamergate culture war fiasco. Thanks to burnt out atheist YouTubers making bad faith critique of Anita Sarkeesian’s videos lead to the rebrand of Morality in Media to NCOSE and the formation of Collective Shout, which ultimately lead to the whole payment processor censorship issue. Thanks to alt-right chuds constantly misgendering and sending death threats to Brianna Wu enabled a racist abuser to hide within our circles. And thanks to chud developers wanting to “give real treatment to gender confused people” and wanting to “gatekeep” software development from newbies, actual critiques of the Rust language, such as a heavily OCaml-influenced language being sold as a C replacement (if not a C++ replacement - all without true built-in OOP support), or the fact a functional programming language is being sold as a general purpose language, all because “you can opt out” (Java also technically allows you to opt-out from most OOP features).
I don’t get the whole skill issue thing. We have had memory safety bugs for decades and I assume everyone thinks their code doesn’t. But if history is anything to go buy it does but everyone thinks they are the developer that won’t do it.
Yes, there’s that infamous Rust dev, who likes to sabotage projects she’s involved with the moment things don’t go the way she wants it
Please give a name, so i don’t accidentally invite them to the big project i’m planning.
Asahi Lina. She’s started to become infamous in certain circles, however she often blames all negative backlash on her on Luna the Foxgirl (who is not innocent, but it’s interesting that so far this whole incident only happened with Lina and is not a recurring one) contacting people behind her back, usually with a Google Doc that suspiciously lacking certain details and screenshots of certain conversations, and instead describes that. Also she claimed Luna was an abusive borderline person, and to my knowledge, only apologized to her in private. I knew Luna for a longer time than Lina did (we are using the same obscure language, where everyone knows its users by name), and during her time in null:Ptr/Live, she acted much “less autistic”, so I have a bad feeling that Lina might have tried to “amateur ABA” her, with the worst of those people in my experience ending up denying “female autism” altogether to stop women from “acting the wrong way”. It just seem, she “went woke” with it and applied to trans people equally.
People who had to deal with her bullshit have started to use “pulling a Lina” as a slang term for pulling out years old drama to smear a person, and she had so much controversy on her PL name, that people who previously dealt with her think her VTuber rebrand was an attempt at hiding her past behind the avatar.
Speaking of missing context from a Google doc, here’s an easy to find one, part of the “FUDposting”:
