deddit.petersanchez.com

The coreutils Rust rewrite story (infosec.exchange)
from cm0002@literature.cafe to programming@programming.dev on 04 May 22:11
https://literature.cafe/post/31408345

#programming

threaded - newest

Sanctus@anarchist.nexus on 04 May 22:29 next collapse

Rust is so obviously a cuck licensing grift for corpos that it even does the corpo thing! Dont worry about why it is just remake it so I dont have to pay or recognize anybody.

gravitas_deficiency@sh.itjust.works on 04 May 23:01 next collapse

TehPers@beehaw.org on 04 May 23:25 collapse

You’re right. The only reason someone would write something in Rust is to change the license. Nobody would use Rust for any other reason, nor would they use any other language for that purpose.

Sanctus@anarchist.nexus on 05 May 01:13 collapse

Then what’s this push to rust everything? Even shit thats not a particular risk for memory safety?

anti_antidote@lemmy.zip on 05 May 03:59 collapse

Have you considered that maybe it’s just pleasant to write software in?

30p87@feddit.org on 05 May 05:47 collapse

It’s not, and it’s especially not to use resulting software. 90% of software I have problems with, let it be compilation errors or missing missing features due to bad libraries, is Rust

TehPers@beehaw.org on 05 May 06:36 collapse

The anti-Rust circlejerk is strong, wow.

I have loads of software written in Rust installed, many of which I compile myself. Not once has the language choice been an issue that I’ve had with the software. Some of that software may be missing features, but that has little to do with the language and more to do with my decision to install v0.1.4 of the software.

Python, on the other hand…

And while we’re on the topic of coreutils, why does every C and C++ project I look at require me to install dozens of random libraries myself? I guess because they’re dynamically linked, which is cool and all, except the page to install each dependency has an encyclopedia of a README written in 1984 in a text file. It’s not usually an issue, just annoying.

onlinepersona@programming.dev on 05 May 05:39 next collapse

C is a shit language, Rust is better. Rewriting C crap in Rust is a public service. The faster we can get eOS of C and C++ the better.

Solemarc@lemmy.world on 05 May 06:28 next collapse

I know we’ve all heard Microsoft and google say that 70% of their bugs are memory safety issues, but the GNU core utils don’t really have that problem. They’re small, simple, short lived programs and most of the problems they have arent memory related.

Most of the CVE’s we’ve seen since Ubuntu picked the rust version up are logic issues and race conditions.

onlinepersona@programming.dev on 05 May 08:36 collapse

Regardless of how secure and safe GNU coreutils are, requiring people to learn a memory unsafe language in order to contribute isn’t good. It’s the same as having COBOL control most of the financial system and other legacy systems. It’s better to rewrite those things in modern languages early on than 50, 70 or 100 years later.

Bugs will occur, that’s hardly an argument against progress nor is it an argument for standing still. It’s good that bugs existed. It was a learning opportunity for the rust core utils. We learn by making mistakes. The people involved in the bug fixing and those who read the bug reports undoubtedly learned a thing or two that they can use to improve the rust ecosystem and bring to other projects.

CVEs exist and will continue to exist as long as software exists. Logic CVEs will probably exist forever, but practically eliminating an entire class (memory safety CVEs) allows concentrating on logic. I’d argue that’s a much better way forward.

MonkderVierte@lemmy.zip on 05 May 09:39 collapse

There’s not much to contribute there. They are small simple utilities some Unix admin wrote for their own convenience some 50 years ago. The equivalent to a little shell script, where they had not much shell yet.
GNU overengineered them a bit and that’s it.

Their point is, that every system has them, with the same interfaces and behavior everywhere.
If you have to rewrite them, make them better but name them differently. Like tools like ripgrep, fd, bat and the like.

onlinepersona@programming.dev on 05 May 10:50 collapse

Wy rename them? This exactly gives people the opportunity to contribute stuff to standard tooling without having to go through a mailing list and with a much better developer experience.

Yes, it’s on Microslop Github, but I have hope they’ll see the light and move away from that AI riddled big tech platform. At the latest when forgejo or another forge implements federation.

MonkderVierte@lemmy.zip on 05 May 11:13 collapse

Wy rename them?

Because they have to work 100% like the original tools otherwise. I will not write compatibility checks for the -rs set in my scripts and likely nobody else too. Even POSIX compatibility is often already expected too much.

sobchak@programming.dev on 05 May 07:07 collapse

I like C. Rust is better, but I like the simplicity of C too. C++ is an abomination :)

ThomasWilliams@lemmy.world on 05 May 06:29 collapse

I doubt whether the original code even considered race conditions. That would have been left to script developers to figure out.

rust-core-utils is not completely compatible nor does it replace all functionality of core-utils. It’s essentially useless for compliation or configuration scripts before we even discover all the bugs it probably has in it.

Memory safety is useless if the language is such a pig to program it’s almost impossible to write bugfree code.