Originally posted by dremon_nl
View Post
Announcement
Collapse
No announcement yet.
Rust-Written Coreutils Increases GNU Compatibility, Adds NetBSD Support
Collapse
X
-
Originally posted by dremon_nl View Post
I am wondering where this urge to rewrite a project in Rust comes from, may be from the original desire to write it in C?
- Likes 13
Comment
-
Originally posted by Rallos Zek View PostBUG: Not GPL... hence not an Gnu coreutils replacement.
- Likes 6
Comment
-
Originally posted by timofonic View Post
Did you miss the recent GNU memory bug that handed out root to everyone who asked? https://www.phoronix.com/news/Glibc-LD-Nasty-Root-Bug
How about the recent buffer overrun in curl that overwrote the heap with received data? https://www.phoronix.com/news/Curl-8.4-Coming
Turns out it's true what we knew from the very beginning: C sucks ass when it comes to security, and GNU ain't about to rewrite their 40-year-old crusty stack of shit. Even if they did, anyone running BSD (opensense edge firewalls, anyone?) wouldn't be able to benefit. There's no value in making basic components available to only a select few.
- Likes 11
Comment
-
Originally posted by ALRBP View Post
Maybe from all theses security issues related to memory management.
I'm sure uutils will find some fans, but I really want the coreutils I use to be the more boring project in the world, given it's criticality.
- Likes 6
Comment
-
Originally posted by fitzie View Post
it was a project born out of trying to learn rust. One of the reasons I don't really care for it is that it pulls in random crates, which is an inappropriate attack surface, especially since it's often used by root user. Spoke to their devs about it and they didn't seem to be worried about that, and argue that it's needed because they want to support all platforms including windows, and don't have the skill/time to write all the crossplatform code themselves.
I'm sure uutils will find some fans, but I really want the coreutils I use to be the more boring project in the world, given it's criticality.
When projects "vendor" libraries by copying code directly into their tree it also becomes impossible to keep track of who has made a copy, and of what version. With shared code repositories you know immediately who's using a library which is invaluable when a bug is discovered and you need to get the word out. In all likelihood people will probably get the bugfix automatically when their build system pulls a new version.
You ALSO solve the problem of everyone writing their own shitty parsers and allocators and red-black trees. Everyone automatically ends up using the best implementation available, rather than one that was written by some dude 7 years ago and forgotten about.
The only reason vendoring libraries or writing them yourself is "boring" is because you end up utterly ignorant of their problems.
- Likes 10
Comment
-
-
Originally posted by fitzie View PostOne of the reasons I don't really care for it is that it pulls in random crates, which is an inappropriate attack surface, especially since it's often used by root user.
They might all be perfect and memory-safe and well-considered and well-authored now and forever more, but I doubt it.
- Likes 3
Comment
-
Originally posted by bug77 View Post
There's Swift for Apple stuff. AI stuff is happy using mostly Python. And I'm sure there's a place for Go in there, somewhere.
I am actually preparing a presentation about Go these days and at some point I had an epiphany: many (most?) languages are called "general purpose" these days, but while not "single purpose", they are so far off from being "general" anything - each tackles a number of problems better than other, but none tackle everything better.
- Likes 2
Comment
Comment