Announcement
Collapse
No announcement yet.
Rust-Written Coreutils Increases GNU Compatibility, Adds NetBSD Support
Collapse
X
-
-
Originally posted by Developer12 View Post
How do you trust any of the contributors to GNU? how do you trust the kernel you're using? Any upstream can have malicious contributions. By having everyone in the entire rust ecosystem pulling from and keeping an eye on the same package for parsing command line options, you have all the eyeballs on one implementation, rather than 20 or so implementations spread across different projects.
When projects "vendor" libraries by copying code directly into their tree it also becomes impossible to keep track of who has made a copy, and of what version. With shared code repositories you know immediately who's using a library which is invaluable when a bug is discovered and you need to get the word out. In all likelihood people will probably get the bugfix automatically when their build system pulls a new version.
You ALSO solve the problem of everyone writing their own shitty parsers and allocators and red-black trees. Everyone automatically ends up using the best implementation available, rather than one that was written by some dude 7 years ago and forgotten about.
The only reason vendoring libraries or writing them yourself is "boring" is because you end up utterly ignorant of their problems.
- Likes 2
Comment
-
Originally posted by EphemeralEft View Post
There are 14 competing languages? Ridiculous! We need to develop one universe language that covers everyone's use cases.
Comment
-
quick question (not rethorical, I'm no expert and have no idea what the answer is, even if I might have a superficial understanding of some of them...):
which of the most common CWEs (types of vulnerabilities) does C happily allow devs to trip over and using Rust might outright eliminate or at least help them trip less often (eg: by circunscribing the issue to unsafe / bindings)?
other quick question: if their project is still WIP, isn't it a productive approach if the rust coreutils devs use all relevant crates now to get most things in place and later make an effort to minimize dependancies?
and finally: can't a rust over C binding be defined once then used by everyone, thus making it a problem that needs to be solved once instead of a problem each codebase (or even each call to anything) in C needs to implement again and again? isn't that like a huge gain? or did I read too much into what Rust and C advocates have been saying around phoronix comments? and can this binding be made into a crate all by itself, so projects that need it can share the exact same implementation and quickly propagate fixes? (again, absolutely not an expert in any of this... high chance of containing misconceptions and improper logical leaps)Last edited by marlock; 16 October 2023, 05:48 PM.
- Likes 2
Comment
-
Originally posted by Developer12 View Post
But there are other levels at which control is possible, and for some projects — like sensitive, low-level system components — I would argue the tradeoffs of reinventing the wheel are not only worth it, but requisite. By taking the RAD road, uutils is losing the single biggest advantage Rust has to offer — memory-safety — leaving it in the same nebulous bug boat as its predecessor, without its predecessor's decades of realworld usage, testing, and battle-hardening.
To be fair, uutils' stated goal is cross-platform compatibility, not safe memory handling; I just don't find the former compelling without the latter.
But who knows. After a few decades of steady development, I may well change my mind.
- Likes 3
Comment
-
Originally posted by marlock View Postwhich of the most common CWEs (types of vulnerabilities) does C happily allow devs to trip over and using Rust might outright eliminate or at least help them trip less often (eg: by circunscribing the issue to unsafe / bindings)?
Those are all hugely beneficial things, but voluntary.
Originally posted by marlock View Postif their project is still WIP, isn't it a productive approach if the rust coreutils devs use all relevant crates now to get most things in place and later make an effort to minimize dependancies?
Originally posted by marlock View Postcan't a rust over C binding be defined once then used by everyone, thus making it a problem that needs to be solved once instead of a problem each codebase (or even each call to anything) in C needs to implement again and again?
When compiling a Rust project, the most recent version of each dependency that satisfies the version constraints is pulled down. That could be the latest-and-greatest release, or a release from years and years ago, or maybe even multiple, conflicting releases. (Dependencies might share dependencies but constrain them differently.)
Loose constraints are helpful in that they make updates more or less automatic, but they're harmful for audits and build reproducibility, and might introduce new and different bugs as easily as they might fix them.
- Likes 2
Comment
-
Originally posted by marlock View Post... can't a rust over C binding be defined once then used by everyone,...
"-sys" crates should expose the truly raw, fully unsafe, directly 1-to-1 mapped version of the C library (so basically, like a C-style .h header, but in Rust).
Indeed, they are often generated fully automatically by "bindgen", with perhaps minimal manual polish.
The safe, using all the rust bells and whistles, wrapper around this should be a second crate.
This is so that different opinions on how to make the "best" safe wrapper (which probably involve tradeoffs between performance, completeness, complexity) can still all use the same "header".
Example:
C library "foo" would get a rust mapping called "foo-sys".
Then someone designs a nice, safe wrapper and decides to call it "fubar" (depending on foo-sys).
Someone else thinks they can do it better and creates "bar-ista" (also depending on foo-sys).
Then, ideally, experience shows which works better, and the two developers combine their learned lessons into "bazbaz" (or fubar v2.0, or any other option, because we're flexible now!)Last edited by Juke1349; 16 October 2023, 06:30 PM.
Comment
-
Originally posted by timofonic View Post
- Likes 2
Comment
-
Originally posted by jstoik View Post
I completely agree with you that interdependency, on many levels, is unavoidable. Code can neither be compiled nor executed without the help of myriad, indefinitely-complicated components, all of which require an implicit trust because they're well beyond the scope of what any individual human has any control over.
But there are other levels at which control is possible, and for some projects — like sensitive, low-level system components — I would argue the tradeoffs of reinventing the wheel are not only worth it, but requisite. By taking the RAD road, uutils is losing the single biggest advantage Rust has to offer — memory-safety — leaving it in the same nebulous bug boat as its predecessor, without its predecessor's decades of realworld usage, testing, and battle-hardening.
To be fair, uutils' stated goal is cross-platform compatibility, not safe memory handling; I just don't find the former compelling without the latter.
But who knows. After a few decades of steady development, I may well change my mind.
You WANT this dependancy. It's a significantly better world when there's one implementation of each library, used by everyone, maintained by people who know what they're doing and have the time to do it right.
- Likes 6
Comment
Comment