I enjoyed this gem and its descendants from the comments. What I see instead, commonly, even in big rust projects, is that it's easy to accidentally define something with a longer lifetime than you intend. Some of that happens accidentally (not recognizing the implications of an extra reference here and there when the language frees things based on static detections of being unused). Much more of it happens because the compiler fights against interesting data structures -- e.g., the pattern of allocating a vec as pseudo-RAM, using indices as pseudo-pointers, and never freeing anything till the container itself is unused.
There's nothing wrong with those techniques per se, but the language tends to paint you into a bit of a corner if you're not very good and very careful, so leaks are a fact of life in basically every major Rust project I've seen not written by somebody like BurntSushi, even when that same sort of project would not have a leak in a GC language.
For example, in the linked code below, x is clearly unused past the first line, but its “Drop” implementation executes after the print statement at the end of the function.
The takeaway is that if you want a value to drop early, just explicitly `drop` it. The borrow checker will make sure you don't have any dangling references.
https://play.rust-lang.org/?version=stable&mode=debug&editio...
In general, I think "lifetimes" only exist in the context of the borrow checker and have no influence on the semantics of Rust code. The language was designed so that the borrow checker pass could be omitted and everything would compile and run identically.
A more contrived example is Earley items in parser that point inside a grammar rule (all rules are in flat vec) and back into previous parser state - so I have 2 u32 offsets. If I had pointers, I would be tempted to have a pointer to grammar rule, index inside of it, and pointer to previous state [1], so probably 3x the space.
In both cases, pointers would be easier but slower. Annoying that Rust doesn't really let you make the choice though...
[0] https://github.com/microsoft/derivre/blob/main/src/hashcons.... [1] https://github.com/guidance-ai/llguidance/blob/main/parser/s...
1. You don't have much choice in the matter
2. When implementing that strategy, the default (happy path coding) is that you have almost zero choice in when the underlying memory is reclaimed
It's a pattern that doesn't have to be leaky, but especially when you're implementing it in Rust to circumvent borrow-checker limitations, most versions I've seen have been very leaky, not even supporting shrink/resize/reset/... operations to try to at least let the user manually be more careful with leaks.
I understand the problem isn’t that the tools exist, it’s that there are Rust users who are not aware of the concept and its evolution over the years, which I’d argue is not a uniquely Rust issue.
Maybe I’m misunderstanding, but isn’t the point of the borrow checker to throw errors if a reference “outlives” the memory it references?
How can an extra reference extend the lifetime?
You only fix that by explicitly considering lifetimes as you write your code -- adding in concrete lifetimes and letting the compiler tell you when you make a mistake (very hard to do as a holistic strategy, so nobody does), or just "git gud" (some people do this, but it takes time, and it's not the norm; you can code at a very high level without developing that particular skill subset, with the nearly inevitable result of "leaky" rust code that's otherwise quite nice).
> you use the item longer, you have a longer implicit lifetime. The memory it references will also be claimed for longer
This is only true at the stack frame level, you cannot extend a variable beyond that, and there's no difference with a GC in that particular case (a GC will never remove an element for which there's a variable on the stack pointing towards it)
> You only fix that by explicitly considering lifetimes as you write your code
Lifetime parameters don't alter the the behavior, and their are either mandatory if the situation is ambiguous or entirely redundant. And it only works at the function boundaries, where lifetime extension cannot happen anyway. (See above)
Please stop spreading bullshit criticism that have no grounding in reality (Rust has real defects like everything else, but spreading nonesense isn't OK).
If you heap allocate something and store a reference to it, Rust will absolutely keep that object alive till all such references are gone. It's not "bullshit [with] no grounding in reality."
That property is, yes, what you would see in a GC language (e.g., Entity Framework back in the day in C# would have a leak if you tried to create short-lived objects from long-lived objects using the built-in DI, since EF had a bug maintaining a strong reference to those objects tied to the lifetime of the outer object). My observation is that people tend to do that much more in Rust than in GC languages because the compiler makes other coding patterns harder.
I still don’t follow how a reference can extend the lifetime of some memory, even on the heap.
Sounds like you are describing a language that uses reference counting to manage memory, and I’m not sure what purpose a borrow checker would serve in a reference counted language.
I did, because that's the only thing that can be kept alive longer than needed (till the end of the scope where the variable is defined).
> If you heap allocate something and store a reference to it, Rust will absolutely keep that object alive till all such references are gone.
No it doesn't.
And it shows you have no understanding of how Rust works. A GC will do that, but the borrow checker won't, it cannot, all it can do is to yell at you so that you make your variable live as long as it needs.
See this playground to see what happen when you allocate something on the heap and try return a reference to it: https://play.rust-lang.org/?version=stable&mode=debug&editio...
If you could please stop spreading nonsense about a language you don't even know the basics of, that would be great for everyone.
That is what GC languages do. Too
You can get serious resource leaks in any language if you are careless
What Rust guarantees is you cannot derefernce a null pointer
Personally I don't really care what language common tools are written in (except for programs written in C(++), but I'll gladly use those after they've had a few years to catch most of the inevitable the memory bugs).
I think the difference is that there aren't many languages with projects that actually end up writing full suite replacements. There's a lot of unexpected complexity hidden within simple binaries that need to be implemented in a compatible way so scripts don't explode at you, and that's pretty tedious work. I know of projects in Rust and Zig that intend to be fully compatible, but I don't know if any in Java+GraalVM or Go. I wouldn't pick Zig for a distro until the language hits 1.0, though.
If these projects do exist, someone could probably compare them all in a compatibility and performance matrix to figure out which distribution is the fastest+smallest, but I suspect Rust may just end up winning in both areas there.
On top of that you get better performance and probably smaller binaries. But I would pick Rust over Java for CLI tools just on the strengths of the language itself.
Of course this isn't a very nuanced or clever take, but certainly part of the truth
Preventing leaks is explicitly not a goal of rust and making lifetimes correct often involves giving up and making unnecessary static lifetimes. I see this all the time in async rpc stream stuff.
That is, they aren't impossible and you'll eventually have to fight against one nasty one in your job, but it's far better than without a GC or borrowck.
> As a reference lifetime 'static indicates that the data pointed to by the reference lives for the remaining lifetime of the running program.
I don't know if `unbounded` would immediately be understood by someone new to Rust, but it captures that `T: 'static` is a negating assertion. I.e. it largely says what it can't be.
CLI applications are exactly a case, where it doesn't matter at all, see Inferno and Limbo.
There is, with Rust you cannot extend the lifetime of an object by keeping a reference to it, when this is exactly the kind of things that will happen (and cause leaks) with GC.
> this looks like hand-rolled pointers using vecs as one option fairly frequently
Emphasis mine. Idk where you got the idea that was something frequent, but while it is an option that's on the table in order to manage data with cyclic references and is indeed used by a bunch of crate doing this kind of stuff, it's never something you'd have to use in practice.
(I say that as someone who's been writing Rust for ten years in every possible set-up, from embedded to front-end web, and who's been teaching Rust at university).
Are you talking about hand-rolled arena allocation? I don´t see how a GC language would have a different behaviour as long as you also use arena allocation and you keep a reachable reference.
> There's nothing wrong with those techniques per se, but the language tends to paint you into a bit of a corner if you're not very good and very careful, so leaks are a fact of life in basically every major Rust project I've seen not written by somebody like BurntSushi
If I take 3 random major Rust projects like Serde, Hyper, and Tracing, none of which are written by BurntSushi, your claim is that they all suffer from memory leaks?
I wouldn't be surprised if that style of leak were more prevalent than one would expect. It's pretty subtle. But that link is the only such instance I'm aware of it happening to such a degree in crates I maintain. Maybe there are other instances. This is why I try to use `Box<[T]>` when possible, because you know that can't have extra capacity.
I find the GP's overall argument specious. They lack concrete examples.
If you sit down and really think about it, I think you'll find that a precise definition of a leak is actually somewhat difficult.
I am nowhere near the first person to make this observation.
I point this out to avoid a big long thread in which we just argue about what the word "leak" means. You could absolutely define "leak" in a way that my example is not a leak. But I prefer a definition in which "leak" does include my example.
I do not care to litigate the definition. If you want to recast my example as a "space" leak instead of a "memory" leak, then I don't object, and I don't think it changes the relevance of my example. (Which I think is absolutely consistent with the context of this thread.) In particular, I don't think "memory leak" in this thread is being used in a very precise manner.
> so leaks are a fact of life in basically every major Rust project I've seen not written by somebody like BurntSushi
And yes, I said I considered their overall argument specious.
Sorry, don't believe this one bit. I'm very thankful for everything Canonical/Ubuntu did about 20 years ago, but no thanks. This comes from someone who loves Rust and what it made possible. However, freedoms are too important to not treat anything that looks like an attack on them as such.
I don't follow it much these days, but nothing really surprises me from Canonical anymore. They leech off free software just like any other corporation.
Unless I'm remembering it wrong, I'm honestly not surprised that they might just be less worried about licensing in general after that; maybe this is the software licensing equivalent of "too big to fail"?
I think your recollection here is pretty colored, or else you were only reading stuff from one particular bubble. My own recollection is that there were very compelling arguments to the contrary, ones that I agreed with. Like, foundational to the concept of civil court cases is "standing" which is almost invariably down to a party suffering damages. Courts aren't a venue (at least in the US in general) for solving debates of abstract philosophy, that's what civil society is about, they're for applying the state's general monopoly on violence in order to rectify harms. Party A claims they were damaged by Party B (statutory, actual or both) in a way that violates the law. The remedy if they win is generally that they are made whole via money as best as possible or, rarely, via actual performance by Party B.
But if open source license GPL code is distributed with open source license CDDL code, with full access the source of both available, who is losing money on that? Who is getting damaged? What rights are being lost? Who has standing to sue over it? The idea that it's banned at all isn't tested legally anyway afaik, but more fundamentally if there is no harm then there simply isn't any court case. Say you saghm decided tomorrow that you were really steamed about ZFS being included with Ubuntu and decided to get going on your lawsuit on Monday, when the court asks "how much money did that cost you and what do you want us to do about it" what would your answer be, even putting aside "what's your theory of law on this one".
>and from what I can tell, they basically got away with it?
Well, that would be expected if there just isn't any case there right?
(I don't approve of this system, I am merely describing what I see as the status quo.)
As has been said, being a FOSS "advocate" may put you on many sides of any copyright issue.
> RIAA isn't going to waste time finding out if the recipients were planning to buy CDs otherwise. If you receive software under a license that is too restrictive for you, then there is always the option to pay the rightholder to grant you a more permissive license in exchange for money.
Your comparison fails to understand how different these claims are. First, those CDs have a price on the tin. That is -- this claim would have "actual damages" which can be readily determined. Second, you're speculating a new license for either Linux or OpenZFS is possible, but I don't think anyone imagines either is readily available given the number of rights holders. If Oracle was offering to relicense (BTW only its portion of the ZFS source) for a known and reasonable amount $X, like your CDs, then your comparison might make more sense (but read on, the offer of another license does not preclude a finding of non-infringement).
Thankfully, of course, copyright law provides for statutory damages where actual damages cannot readily be proven, as here. But those nominal/statutory damages divided up among Linux rights holders would be almost insignificant, and therefore this poster above is likely correct -- this may not be a legally cognizable injury.
While I may agree re: this poster's damages analysis, I'm not even sure that's the best form of the ZFS argument. IMHO where anyone creates a functional software interface, whether it be via game console's cart or a kernel module, fair use allows one to create to software and use that interface. Period. Your license can say whatever it wants. Your license can say "all your software now belongs to use" and IMHO it is completely unenforceable. IMHO the courts have favored software interoperability and fair use for years.
For example:
In Sega Enterprises, Ltd. v. Accolade, Inc., the court denied copyright protection for “functional requirements for compatibility with the Genesis console . . . .” Under this approach, the right of the kernel module author to create a compatible module overrides any nominal copyright infringement created when that author creates static or dynamic links to kernel code. Sega’s Genesis console had no public API whatsoever, stable or otherwise, yet the court still denied protection to these functional elements. Regardless of the status of the API or system interface required for compatibility, any parts of a program that a developer must copy — such as kernel headers, definition files, variables, or mandatory Linux kernel function calls — in order to create a Linux-compatible kernel module would not receive copyright protection.[0]
Note, Sega even offered Accolade a license (just as we discussed the potential for an alternative license above) that would have allowed Accolade to create Sega-compatible games. Notwithstanding this offer, the court declined to find copyright infringement in Accolade’s creation of Sega-compatible games without a license.
[0]: https://www.networkworld.com/article/836041/smb-encouraging-...
Who's an advocate here?
> Your comparison fails to understand how different these claims are.
Comparisons don't understand anything. I mean to draw attention to aspects shared by two different things.
> I don't think anyone imagines either is readily available given the number of rights holders
Me neither, but I don't think that's pertinent. Why do you?
Finally, you make an argument about interfaces, but I think the issue here is the use of CDDL licensed code, rather than the (re-)implementation of an interface. To me it seems like the finding in Sega v Accolade aren't relevant here.
Yes, I understand you meant to reason by analogy, and I told you that I think your analogy is flawed. When you reason by analogy, perhaps you should be prepared for someone to say, "That analogy doesn't make sense in this context." Mostly because -- your analogy doesn't make sense in this context. One, is an actual damages case, and the other is statutory damages case. When we are strictly discussing damages, your comparison is an apples to oranges comparison.
You said:
>>> If you receive software under a license that is too restrictive for you, then there is always the option to pay the rightholder (sic) to grant you a more permissive license
You suggest "there is always the option to pay the rightholder (sic) to grant you a more permissive license" and I'm saying that it's impossible in this circumstance? There is no one stop shop for the licensee. There is no 50 stop shop.
In your scenario, where we are to imagine an incompatibility exists, you also imagine a theoretical alternative license would be relevant to a court. And I'm saying, just as relevant, is the actual impossibility of obtaining the consent of either all ZFS licensors or all Linux licensors.
We've created effectively perpetually licensed software via our shared use of FOSS. And now one party we imagine saying -- actually these two works will be incompatible forever. You think a court won't think that's wild?
More significantly, this entire line of argument has an angels on the head of a pin quality. The GPL and the CDDL are the licenses that have already been chosen by Canonical, because Canonical didn't, like you, read an incompatibility into this CDDL-GPL combination. So -- fair enough that Canonical didn't feel the need to cast about for some theoretical alternative license, if it doesn't feel that the CDDL and the GPL are incompatible.
> I think the issue here is the use of CDDL licensed code
As discussed -- I don't think it matters much how the code is licensed. If it makes it easier, imagine the CDDL sourced code is actually a closed source, proprietary filesystem. So -- Linux provides a module interface, but it could be any interface. Just as in Sega, IMHO even proprietary code can use GPL licensed code, which provides an interface, for the purposes of interoperability. Why? Because "fair use".
Or they correctly interpreted the law?
Few of us care to admit how this "legal consensus" is mostly BS. Lots of evidence to the contrary, but, like politics these days, it sure is an appealing fantasy?
If the common consensus was BS, I actually don't think that detracts from the larger point I was trying to make much; I probably distracted from it too much with my over-enthusiastic wordplay at the end, but my original intent was to convey that Canonical might just intentionally have decided that they aren't concerned with the types of licensing issues that people are discussing here with regards to coreutils. If my theory is correct, it's due to sound legal judgment or intentional non-compliance isn't something I have any strong insight into; I mostly just thought it was worth suggesting that what people here think about it might not really matter all that much because it seems unlikely to me that they'll either be convinced to change their plans or suffer significant negative consequences from going forward with what they've decided, regardless of whether it's right or wrong.
If there are any SV billionaires out there, can you fund CUDA on OpenBSD please? :-P
From my perspective, it seems imminently plausible. Who cares about the licensing?
But I'm interested in what leads you to the opposite conclusion.
Well, for one, the author of the Rust based utils cared enough to change it (or rather to not re-adopt GPL, but IMO that's the same ting). Why shouldn't we care about the licencing?
I know people do care about licensing, but it's also plausible that it isn't what any given project is most focused on.
If there's one thing people need to understand it's that corporations will always strive to take as much as they can and give back as little as they can. It's incredibly naive to think they won't do it again after that's exactly what every corporation has done for the past several centuries. Give an inch and they'll take a mile. You can't seriously think companies like Microsoft and Oracle aren't already salivating at the thought of the community rewriting GNU/Linux in a permissive licence?
It's not that this particular case is "freedoms being attacked". It's that freedoms are constantly and relentlessly under attack and we can't let our guard down for one moment. GPL is our protection and voluntarily stepping out of it would be suicide.
But yes, there were additional licensing assurances provided so as to not create problems for Novell/Mono - it was always treated positively.
I think we're really going to miss having the fundamental parts of the system available under strong copyleft, and it will be very hard to go back.
I will go on record now with the prediction that, if uutils catches on, Red Hat will be one of the last companies to move away from GNU. They are probably the largest contributor to glibc and GCC.
What evidence do you have that they would have "preferred not to provide source at all"? Because their is a mountain of evidence otherwise.
As an individual user, Red Hat will give you a free license to their flagship product. Then they will tell you how to download every line of code for it. I don't have a license. I do not use Red Hat (other than occasionally using the also totally free RHEL9 container).
"Remember when Red Hat tried to lock away the source code to subscribers only?"
I do not remember them changing the policy you are talking about. If you think they did, it highlights how overblown the response was at the time. The biggest impact of the Red Hat change is that Alma Linux is now a better project that can actually innovate and contribute.
Red hat provided the source to their kernel with the letter but not the spirit of the law, to impeed Oracle Linux. We'd (Ksplice) get the changes from Redhat version to version as one giant patch file, with all the changes mixed together. There's no chance in hell their internal kernel developers worked that way, but the source was there, so the letter of the GPL was satisfied.
The other thing they did was close the source repos. First you had to be a subscriber to get the binaries, and thus by the GPL, you could get the source. However, if you shared that source code with anyone else and they caught you, they wouldn't let you renew your license the next year, so you couldn't get the newer version, binaries OR source. This also isn't technically against the rules of the GPL, but it's hard to see that as being in line with the spirit of it.
It's hard to see Redhat as the benevolent GPL open source hug supplier with real world business practices like that. Not that I fault them for it, it's just business.
Unbreakable Kernel.
https://arstechnica.com/information-technology/2023/06/red-h...
Again, be careful not to attribute past RH actions with IBM. Yes, IBM was very helpful in the 90s and later, but you can't fully trust a corporation past the next financial statement, and certainly not past a leadership change or three.
As he says, it's just business. And IBM isn't near the top on my list of big tech companies to avoid. However they are subject to the same enshittification pressures as the rest. Their history is not all rosy either.
Apart from Clang/LLVM and WebKit you mean?
Ok in fairness the LGPL license of KHTML was a huge reason the WebKit source was available (for ages it was just reluctant tarball dumps) but I don't think that's the case for LLVM.
I don't think the GPL has really meant corporation's have given back significantly to Linux. There are still plenty of closed source drivers. The main motivation to give back is the extremely high cost of maintaining out-of-tree modifications (e.g. Android's binder).
The compiler and toolchain really are going the wrong direction with LLVM in terms of open source.
And hey some of the work does get upstreamed, which is probably a good choice for the vendor anyway if the target in question isn't intended to be immediately thrown in the thrash and forgotten.
It was originally supposed to. https://lists.gnu.org/archive/html/emacs-devel/2015-02/msg00...
Them putting the downloads of their enterprise OS behind a login screen (student and solo developer licenses can STILL be got for free) is something I 100% understand and am kind of sympathetic about.
I know that's out of like with how some people define free software, but I've always had ethical issues with the way people would redistribute Red Hats work for free. Just because it's legal doesn't make it ethical.
In particular:
> I think the GPL has led to fairly noticeable increase in the amount of proprietary software in the world as companies that would happily adopt a BSDL component decide to create an in-house proprietary version rather than adopt a GPL’d component.
It also aligns with my experience: my company couldn’t find an LZO compression library that wasn’t GPL’d, so the decision was between implementing one in-house or cutting the feature. We ended up restricting use of the feature to in-house use only, but opening up our core source code was never an option.
If there had been a permissive license option available, we would’ve likely donated (as we do to several other dependencies), and would’ve contributed any fixes back (because that’s easier to explain to customers than “here’s our patched version”).
Lots of people express this fear that BSD-licensing of components will lead to a world where all the big proprietary software just locks everything down. But if you actually work with large software, you end up finding out that it's actually a lot of work to maintain your own fork, and so you start pushing to get more things upstreamed. Because, after all, if your code is private, it's your task to fix it if somebody breaks it, but if it's upstreamed, it's their task to do it.
An interesting datapoint is LLVM/Clang, where, yes, lots of companies have their own proprietary forks of Clang. But for the most part, those companies still upstream gobs of stuff: most of the biggest contributors to the project are the people with the proprietary forks. Furthermore, as I understand it, basically everybody relying on EDG has, or is in the process of, worked to move off of it into Clang. Which, if EDG dies, means that the permissively-license Clang has done more to kill off proprietary compilers than copyleft-licensed GCC has.
The best defense against proprietary software is to make it too expensive for proprietary software to compete, and using a permissive license means you can trick the companies making proprietary software into helping you do that.
It's also an example of the GPL not preventing corporations from building (and releasing under a more permissive license) non-GPL software.
Before Apple built Clang, they made a GCC plugin[0] which dumped the AST from the GCC frontend, and fed it into the LLVM backend. Sure, they published the source of their GCC modifications under the GPL, but that was nothing compared to the entirely novel backend, which was released under a far more permissive license.
Meanwhile, Stallman handcuffed GNU projects like Emacs for years[1] by refusing to expose GCC's AST in an effort to prevent something like this from happening.
[1]https://lists.gnu.org/archive/html/emacs-devel/2015-01/msg00...
But they didn't! Dragonegg is a GCC plugin, which didn't exist when work started on Clang--GCC plugins date to GCC 4.5, released in 2010, which is the same year that Clang became self-hosting.
The timeline is rather like this: LLVM originally relied on a hacked-up version of gcc 4.2 called llvm-gcc to create LLVM IR from source code. When GCC added support for plugins, there was the attempt to move that frontend to a more reliable framework, and that was Dragonegg. As far as I'm aware, Apple never contributed to the Dragonegg project itself. Dragonegg didn't last that long; by 2014, the project was completely dead. And for most of its life, the biggest interest in Dragonegg was to have some modicum of support for Fortran.
> Meanwhile, Stallman handcuffed GNU projects like Emacs for years[1] by refusing to expose GCC's AST in an effort to prevent something like this from happening.
By the time of that message, RMS's worst nightmare had come true with Dragonegg... only for Dragonegg to have already died due to a lack of demand for it.
Sorry, trust has been broken too often in these scenarios, and the benefits of lots more people working on the same library are not entirely clear.
I understand that many companies don't want to be a part of the pool of software licensed under the GPL - that is their right. But don't try to spin this "if only BSDL was the common one, there'd be a much bigger utilization of a different pool of software". That might even be true, but it would come with the caveat that tivoization would always be an option, which for some of us is something more significant.
If I put two choices in front of someone, the binary option of copyleft vs proprietary and they'll always go proprietary, or I give them something permissive and there's at least the chance they contribute back, the second option is strictly better. It's sort of the equivalent of having a wealth tax that raises no revenue, I'd rather have you here contribute something than move abroad and get nothing, even if the benefit is more indirect
We also want to engage with and donate to the projects we use, mostly out of risk management: if they go unmaintained that’s bad for us.
Read LGPL a little more carefully. LGPL requires you to use it in a particular manner that lets any user swap out your version for their version, which basically means you're only allowed to dynamically link it as a shared library. Even if you make no changes to the library!
I had thought that the dynamic linking requirement was the only option according to the licence, but apparently not. According to 6.a. of v2 and 4.d.0. of v3 of the LGPL, it would be enough to give the user access to the source/object code of the main application and the compilation scripts under non-open-source terms, so that they can recompile and statically link it against their own version of the library.
> the GPL has led to fairly noticeable increase in the amount of proprietary software in the world
What he did:
> opening up our core source code was never an option.
It's companies that decide that open sourcing their software is 'never an option'–even the LZO compression part of it–that lead to a 'noticeable increase in the amount of proprietary software in the world'. They are just using the GPL bogeyman as a thin excuse for their own decisions.
Partly related. Would you have paid if the project had offered a paid non GPL licence?
We probably would’ve for LZO too; not sure why that fell through.
How would the legal argument be any different for MIT/etc. licensed software in that case? Would the lawyers sign off on using MIT-licensed software without a CLA? Wouldn't they make the argument that the provenance of the software and therefore its licensing is not solid? Seems like the only thing that matters is who has the right to offer a license to the software, not what the license is.
I think the reasoning (as it was explained to me) was that when people made their original contributions, they were agreeing to the license at that time (in this case GPL, but for other projects MIT). But the other contributors never agreed that the main maintainer could relicense their contributions for a fee.
The upshot was that we went with an in-house fully-proprietary alternative. More expensive, probably lower quality.
The absolute most that Canonical can do is start making a fork of the software where they don't distribute the source code. But in that case, the original code is still right there. No freedom is lost at any point.
Also anyone that really cared could use the BSD versions anyway.
The first comment on LWN is about a bug in the more(1) from uutils. I checked out that code, found some oddities (like doing stat() on a path to check if it exists, right before open()ing it) and went to check against how GNU coreutils does it.
Turns out coreutils does not do it at all, because more(1) is from util-linux. ta-dam.
There are a lot of GNU utils. For now, Ubuntu is only taking on the ones that are actually in coreutils. Those are the ones that uutils considers "production ready".
Wouldn't this imply that these aren't actually 1:1 replacements?
This would seem to be one of the driving factors in the creation of oxidizr: to allow testing how ready the components are to be drop in replacements with easy recourse. You can read more about that in this section of the linked blog post by jnsgruk https://discourse.ubuntu.com/t/carefully-but-purposefully-ox...
uutils aims to be a drop-in replacement for the GNU utils. Differences with GNU are treated as bugs.
Their goals are to _replace GPL's code_. It's a subtle attack on Free Software by providing corporations a workaround so they don't have to abide by the terms of the license.
Nobody seriously doubts the efficiency or safety of the GNU Coreutils. They've been battle tested for over 30 years and whatever safety or optimization risks are left are negligible.
However the TOCTOU is completely benign here. It's just an extra check before Rust opens the file so if you were to try to "exploit" it the only thing that would happen is you get a different error message.
Can't reproduce this. If I do
sudo strace -e inject=stat:delay_exit=30s:when=2 ./coreutils more foo
rm foo
ln -s /etc/passwd foo
ln -s /etc/passwd foo
sudo more foo
(I did not know about that strace feature though - that is very cool, thanks!)
It's still not going to do anything incorrect when it comes to actually open the file though.
TOCTOU only matters when the check is actually checking something important. Here it isn't; it's just giving nicer error messages. If you bypass it you just lose those nice error messages.
So it isn't a problem here.
The major change is a recent comment I made where I was musing about a future where LLMs actually write most of the code. That isn't a foregone conclusion but the recent improvements in coding LLMs suggests it isn't as far off a future as I once considered.
My thought was simple: if I am using a LLM to do the significant portion of generating code, how does that change what I think about the programming language I am using? Does the criteria I use to select the language change?
Upon reflection, Rust is probably the best candidate. It has strictness in ways that other languages do not have. And if the LLM is paying most of the cost of keeping the types and lifetimes in order, what do I care if the syntax is ugly? As long as I can read the output of the LLM and verify it (code review it) then I actually want the strictness. I want the most statically analyzable code possible since I have low trust in the LLM. The fact that Rust is also, ahem, blazingly fast, is icing on the cake.
As an aside to this aside, I was also thinking about modular kernels, like Minix. I wonder if there is a world where we take a userland like the one Ubuntu is trying and apply it to Minix. And then slowly replace the os modules with ones written in Rust. I think the modularity of something like Minix might be an advantage, but that might just be because I am completely naïve.
Unless you are experienced in rust, you have zero ability to catch the kind of mistakes LLMs make producing rust code.
I'd say it's on par with other languages then... LLM are roughly 95% correct on code generation but that's not nearly enough for using them.
And spending time finding which 5% is looking good but actually wrong is a frustrating experience.
Those programs are making different kind of mistakes than humans and I find them much harder to spot.
However it's unlikely LLMs will generate a lot of Rust code. All these LLMs are generating is the most likely next token, based on what they've been trained on. And in their training set, it's likely there is massively more Python and JS code out there than Rust, simply because those are way more popular languages. So with Rust, it's more likely to hallucinate and make mistakes than with Python where the path is much better trodden
In my experience llms are not particularly bad with rust compared to python, though I've only toyed with them minimally.
Elsewhere in this thread someone mentioned LLMs producing poor performing code that does stuff like collect iterators far too often and pointed out that fixing this sort of thing often requires significant Rust expertise, and I don't disagree with that. However, my impression is that it still ends up being less work for an experienced Rust programmer to claw back some memory from poor code than for someone similarly experienced in something other than Rust working in a code base in their own language. I've seen issues when three or four Go engineers spend weeks trying to track down and reduce memory overhead of slices due to the fact that it's not always easy to tell whether a given slice owns its own memory on the heap or is referencing a different one; looking for everywhere that `collect` is called (or another type known to heap allocate) is comparatively a lot simpler. Maybe Go being a lot simpler than Rust could make LLMs produce code that's so much better that it makes it easier for humans to debug and fix, but at least for some types of issues, my experience has been the opposite with Go code written by humans, so I wouldn't feel particularly confident about making that prediction at this point in time.
Rust has tons of code out there, and quality code. Different from js or Python that has an abundance of low quality to pure garbage code.
There's a lot of refreshing energy amongst Rust coders eager to produce better, more modern command-line tools. That's amazing, and a real benefit to everyone. But rewriting simple, decades-old, perfectly functional tools, with the explicit goal of not improving them is just a self-absorbed hobby. And a dangerous one at that - any new code will contain bugs, and the best way to avoid that is not to write code if you don't have to.
I doubt they'll get noticeably better performance (the main GNU tools are already very optimised). I'm not sure they really lack in resilience. And I don't think memory safety is a big factor here.
Maintenance is definitely a big plus though. It will be much nicer to work on modern Rust code than ancient C.
https://www.youtube.com/watch?v=5qTyyMyU2hQ
In an interview with FOSS Weekly, Sylvestre Ledru (the main developer, who curiously has a background working on Debian and Firefox, before ending up getting seduced by the clang/LLVM ecosystem), firmly states "it is not about security".
i am surprised by the implication
Every proprietary Linux OS (such as most Android phones) uses busybox, at a slight disadvantage to them, because they can't handle using GPL3 coreutils. Now they'll use the MIT-licensed drop-in replacement coreutils.
Many of these utilities have had logic errors in them, you can find them on GitHub issues. sudo, for example, allowed you to bypass through some way I cannot remember.
And I bet you they are not a replacement for GNU utilities, i.e. have less features, and are possibly not optimized either, and perhaps they even have different (or less) flags/options.
I have written a lot of Bash scripts, I wonder how well (if at all) would work on Ubuntu with the Rust utilities.
At any rate, feel free to look around here: https://github.com/uutils/coreutils/issues?q=is%3Aissue%20st...
It is NOT a replacement of GNU coreutils AT ALL, as of yet.
Granted under "Goals" it says "uutils aims to be a drop-in replacement for the GNU utils. Differences with GNU are treated as bugs.", but please look around the opened (and closed) issues (since they should tell you about the major, yet simple logic bugs that has occurred). It is definitely not ready, and I am not sure when and if it will be ready.
FWIW the README also says: "some options might be missing or different behavior might be experienced.".
Future will tell, but right now, it is an extremely bad idea to replace GNU coreutils with Rust's uutils. Do you think otherwise? Elaborate as to why if so.
Also, while we're slinging the README around, here's the first paragraph:
> uutils coreutils is a cross-platform reimplementation of the GNU coreutils in Rust. While all programs have been implemented, some options might be missing or different behavior might be experienced.
The "ignorant comment" above was actually just pointing out the thing that the developers thought was second-most-important for people to know—right after the fact that it's a reimplementation.
> some options might be missing or different behavior might be experienced.
Both of these statements cannot be true at the same time.
This has ulterior motive written all over it. Best outcome: nothing happens.
True, but code from those utilities may eventually be used in the network (for example, through copied functionality and shared libraries). Also, a creative pipeline may actually involve them (think of the Unix philosophy.)
Eventually plain C has to die or be relegated to unavoidable places like in the assembly cases, even if Rust is not the best alternative after all.
Also making progress bars and colors does not require Rust, it's equally possible in C, C++, Zig, Go, Swift, etc.
I did a decent bit of mod_perl, love & respect perl, but here in 2025, it's pretty terrifying to me that Debian's main dependency is a pretty sizable perl runtime. That there seems to be very little that will budge this. The whole ecosystem is built atop a language that very few people have interest in, that has much less interest & activity than other modern alternatives.
It's fine if we start switching the user env over to more popular Rust based utilities. But what I really want is for the OS itself to modernize, to start getting away from it's ancient seemingly-unshakeable legacy. Nothing against Perl, but I'd love to see this family of OSes move beyond being Perl only.
Why? If 30 years of Windows being the most internet connected OS has proven anything, it's that 99% of desktop executable should be deleted before they make it through the disk write cache.
Mobile platforms show that mandatory sandboxes are a massive bonus to preventing malware. Desktop operating systems refuse to go that route because of the risk of breaking existing tools, which is why nobody bothers to actually use sandboxing APIs, which is why many third party sandboxing attempts keep breaking.
There's no reason why desktops can't exchange files through virtual file systems or dedicated sharing APIs like on mobile. My calculator doesn't need camera access and my music player can do without biometrics. The desktop is stuck in the 1990's permission model (or 1970s, for Unix-likes) because that's what people have gotten used to.
My experience with the Steam Deck is that Flatpak sandboxing on a read-only system image works absolutely fine. Things would work better if desktop applications would bother standardising and following existing standards, but the technology works. Sure, it's not good enough if you're a Linux kernel developer, but the 0.01% of users who are affected by those limitations shouldn't limit everyone else.
Some desktop users may think themselves to be too smart to get hacked, especially on Linux, but their desktops are not that different from smartphones.
I adore Rust
Please don't!
Can we get on with innovating on the backs of what went before, not reinvent it...
Bleeding edge beta (alpha?) software put in the core of their system
Reminds me of when they switched Gnome out for Ubuntu One, no way back if you did 'aptitude full-upgrade'.
It was a buggy leaky pos
Again, dear friends...
"There are countless examples in the open source community of tools being re-engineered, and re-imagined using tools and practices that have only relatively recently become available."
Recently? You can use Ada or OCaml, which is a better Rust. You can use C with formal proofs and not constantly rewrite everything.
But that of course is the point. No rewrites, no easy money for the corporate OSS "developers".
Never written rust, only looked at snippets on blogs, but it visually looks so different to ml
Am I being fooled by superficial syntactical differences?
Could you explain?
The push for Rust isn't just a technical decision - it's a calculated economic strategy. By forcing rewrites of stable systems in a new language, companies effectively reset the clock on developer experience and expertise.
When a C/C++ codebase with 30 years of institutional knowledge gets rewritten in Rust, senior developers with decades of experience suddenly compete on more equal footing with juniors who just graduated. Your 15 years of C++ optimization knowledge? Now worth less than a 22-year-old's six months of Rust bootcamp training.
This isn't about memory safety - it's about labor costs. Companies call it "modernization" while quietly erasing the premium they'd otherwise pay for experience. The technical arguments serve as perfect cover for what's really happening: deliberately manufacturing a scenario where they can replace $250K senior engineers with $80K juniors.
The pattern is familiar to anyone who's watched other industries. Create artificial obsolescence of existing skills, then exploit the resulting chaos to reset salary expectations and eliminate the leverage that comes with specialized knowledge.
This is why language transitions always seem to coincide with hiring freezes and "restructuring." It's never been about technical superiority - it's about breaking labor's bargaining power.
The rest really is tin foil hat stuff. I'll believe it if I see it, until then its hard to see Rust as a deskilling. The language requires a different skill is all.
If those 15 years of C++ optimization don't provide an advantage over what a 22 year old with half a year of bootcamp can provide for a quarter of the price, then maybe it really is time to stop doing things in C++.
The unfortunate truth of programming as a profession is that you need to move with the times. If C++ is on its way out (which I highly doubt), it's time to learn Rust. Most Visual Basic programmers moved on, as did most Fortran programmers, and many C++ programmers when Java hit the scene.
When you're making this about labour's bargaining power, you're assuming that young labour is a threat to experience labour. Perhaps that's the case to some extent, as the shortage of people with programming skills that has led to the ridiculously high wages for the software industry is slowly evaporating, but gatekeeping the industry isn't some kind of pro-labour move, it's just selfish.
No one's forcing you.
Every time a language starts taking off, people want to rewrite everything in their language. Rust just has the performance and a few advantages that make it arguably better than C for the things C does, which is a bit cool I guess.