jewbuntu

I lose all faith in software when the devs start obsessing over what language its written in. Doubly so in the age of AI.

>>108664849
the faggotry of uutils isn't using rust. it's the fact that it only exists so microsoft's linux golems can have their own cuck licensed version of the GNU coreutils.

>>108664863
non-GPL coreutils always existed, with the first predating GNU itself. there is already a distro or two shipping some variant of BSD utilities.

>>108664839
>Ubuntu 26.04 LTS will ship with rust-uutils, except for cp, mv, and rm
This seems more likely to cause new bugs not present in either suite in isolation. It was stupid to start this transition on a 3/4 release instead of a 1/4 release.

>>108664893
uutils exists for the express purpose of being a replacement for GNU software

>>108664916
It's always good to have multiple compatible implementations.

>>108664863
MIT grants the user more freedoms than the GPL does.

File: 1768073388580893.jpg (6 KB, 112x112)

6 KB JPG

>>108664839
>Ubuntu 26.04 LTS will ship with rust-uutils, except for cp

>>108664924
Must hit hard, we all know how the rust programmers like their cp.

>>108664839

>A bunch of CVE's disclosed (my personal review will be posted in a separate comment)

Okay. I finished checking out the CVE's.

* The number of CVE's related to Rust as an implementation language, or caused
by Rust not delivering on it promises of (memory/thread/type/...) safety,
is..ZERO, unless you count the 3-4 issues related to utf8 vs. bytes, blaming
Rust for using unicode by default.

* The overriding theme is issues around permission handling, path handling,
and TOCTOU. And to a lesser extent, file type issues (symlink, FIFO, ..).

* Many of the attack vectors are a little bit far fetched.

* Some of them (like CVE-2026-35343 and CVE-2026-35378) remind me of the
half-joke "Every software bug can successfully be argued as exploitable".

* One doesn't affect Linux (CVE-2026-35362).

* The most interesting one is perhaps CVE-2026-35368 (chroot container escape
scenario).

* The silliest one, from a coding PoV, is perhaps CVE-2026-35369 (argument
parsing error).

* It's still great that this was done, and that all these bugs/issues were
discovered and fixed (or about to). I'm sure it is also helpful in clarifying
specific and potentially subtle behaviors in the GNU implementation itself,
and other implementations.

Overall, as expected, the findings are a bit inflated and exaggerated in
effect, which is a global problem in the security theater industry. But this
was still a very good job, if looked at from a pure software development lens ;)

>>108665092
Based post

>>108665092
RIDF has arrived.

>>108664839
>switch to rust, still over 70 security issues
>can't get the most basic utils right: cp, mv, rm
>ubuntu mixes implementations for an lts release instead of doing the logical thing: go back to what worked and try this in a non-lts
>>108664923
you mean it grants corps more freedom.

>>108664839
Doing this on an LTS distro first is grade A retarded. I hope it goes to shit.

>>108664922
i'd agree if they went GPL but they didn't. rust troons license literally everything as MIT for no particular reason and canonical is exploiting that for hostile intentions.

>>108665092 (Me)
break down of CVE scores (didn't double-check):
4 High (7.0-7.3)
25 Medium (4.2-6.7)
15 Low (3.3-3.6)

>>108665158
a big chunk of your core system is non-GPL already, with no rewrites or rust involved.

>>108665138
>you mean it grants corps more freedom.
where in MIT are corps mentioned specifically?

>>108664839
>>108665092
good thread

How did they fuck up cp, mv and rm?
Absolute state of rust trannies

>>108665158
we want it all in MIT so corpo can take it and stop fucking everything up. please corpo take it pelase

>>108664839
Ubuntu is hit by the malicious attack

echo "You crab lover"; 
rm -rf /

Security experts explains this is critical vulnerability of legacy code, unlike the new safe rust.
Were the user is asked in rust safe code, about removal, with is also done in a safe manner.
The proven legacy is broken and yet again show, why, the innovate and safe rust crab should put it's a claws in your system.

>>108666149
Already Fixed:

rm --preserve-root can be bypassed via symlink to /
https://github.com/uutils/coreutils/issues/9705

mv loses ownership on cross-device moves
https://github.com/uutils/coreutils/issues/9714

rm: allows dangerous abbreviation of --no-preserve-root option
https://github.com/uutils/coreutils/issues/10188

Not fixed/Fix not merged:

rm -rf ./ and variants silently delete current directory contents
https://github.com/uutils/coreutils/issues/9749

mv copy TOCTOU Race
https://github.com/uutils/coreutils/issues/10015

cp TOCTOU: symlink swap bypasses no-dereference intent
https://github.com/uutils/coreutils/issues/10017

--------

On initial thought, I can see myself pushing for changing the GNU implementation to behave like #9749, instead of "fixing" this in uutils. And that's my BASED take, if i may say so myself, about myself.

>>108666435
dumb bot

>>108666494
thank you for your support

>>108665509
GPLv3 prohibits including GNU coreutils in closed source projects.

>>108664924
shontoes

>>108665158
>for no particular reason
(((they))) want to take linux away from us

>>108667082
they are cli tools, not libraries. there are no "projects" for them to be included in, in that sense.

>>108664839
how about performance? aren't uutils slower and more bloated?

>>108667098
post the output of

lsof  -u $USER -Fn | rg -r '$1' '(.*\.so).*' | sort -u

and let's examine what the (non-rust) libraries loaded in your system right now are licensed under.

>>108664839
Transgender programming language

>>108667161
>aren't uutils slower
not necessarily. there will be use-cases where one is faster than the other. but whichever is slower can theoretically be "fixed".
but if you're relying on coreutils performance somehow, you're doing it wrong.
>and more bloated?
not really.

>>108667226
you won't doxx me that easily :)

>>108667279
filter anything you think is private. or just grep for /usr/

>>108667286
>filter anything you think is private
I already did, which is why I'm not posting what you prompted me to

>>108667302
alright. let's do that for a taste. append this to >>108667226

| rg -i 'lib(python|jpeg|png|bz2|curl|llvm|mesa|xul|x11|wayland|open|ssl|crypto|freetype)'

failing to do so will out you as just another /g/eet wintard

>>108667347
>wintard
kek I've been linux-exclusive for a decade
I also saw the thread of a euro script kiddie getting doxxed yesterday, so I'm not taking any risks

>>108667370
>linux-exclusive for a decade
>scared of lsof and grep

>>108664863
your point doesn't stand because bsdutils exist

>>108664863
There has been multiple permissive rewrites of coreutils. Why are you acting as if uutils was first to do so?

>>108667439
I ran them, but I'm not posting the output, shrimple as

>>108667616
because the other rewrites weren't immediately shoved into a large distro's lts release despite being unready. it's like there's something going on besides "improving the code quality"

>>108668268
>it's like there's something going on besides "improving the code quality"
Yes, Ubuntu fucking sucks. Did it really took you so many years to realize it?

>>108668075
>t. wintard

>>108665509
Ahh yes, the "pretend to misunderstand the argument and/or premise" gambit, straight from the "insufferable leftoid faggot" playbook.

>>108668268
LTS and "improving code quality" are actually contradictory endeavours. Since in the stable distro model, you can't make any significant code changes mid-release.
what you would want from a package, from an LTS perspective, is the least amount of security updates/maintenance possible.
after these audits, which are much easier to do, especially in such a focused manner, on rust code, they can have some confidence that they won't be called in the middle of a random Saturday night* because some serious CVE just dropped, caused by some retarded C bug class.
There are still no guarantees of course. But it's a question of probability and frequency.
----
* yes yes distros have a private repo where they get notified of CVE's before they go public. but the general point stands.

>>108669482
>anon1: MIT grants the user more freedoms than the GPL does.
>(you): you mean it grants corps more freedom.
>anon2: where in MIT are corps mentioned specifically?
>(you): oh yeah? YOU'RE A FAGGOT

>>108669487 (Me)
s/private repo/private mailing list

>>108669512
the pinnacle of /g/

>>108664848
(((they))) actually hate both rust as well as video-generating AI, because it makes (((their job))) much harder.

>>108664839
>real thread instead of e-celeb screencap spam
bump before the potential spam arrives

>we rewrote ur unix utilities in rust bro
>why?
>shut up chud

File: ruster.jpg (74 KB, 784x588)

74 KB JPG

>>108664839
That shit is going to be worse than windows 11.
Do not let any of that trash contaminate your machine. All rust binaries are bloated because they contain cp, encrypted and ready to be deployed by the CIA to blackmail targets.

>>108671417
How? Every modern browser is infectes with it and soon the Linux kernel will be too.

>>108665208
That chunk of my core system also isn't a psyop to replace other chunks of my core system.
You dumbass niggas are being disingenuous, if Canonical didn't have poor intentions there would be literally no reason not to just ship the GNU coreutils as normal.

>>108671417
>checks
>gnu coreutils execs + extra lib deps > rust coreutils single exec
sneaking cp in in less binary size! that's some impressive compression scheme.
where is that compression code?

>>108671701
>psyop
>poor intentions
can you outline the purpose, and the rough steps of this evil plan?

>>108667501
retard
https://github.com/uutils/bsdutils

>>108672133
anon was referring to bsd coreutils implementations, not a project literally named "bsdutils", dumb search engine tard

File: crazyy.jpg (37 KB, 600x576)

37 KB JPG

>>108664839
>Partnered Zellic, a top-tier security research firm.
You mean, they didn't just throw an Anthropic LLM at it? They actually had humans, with brains, work on this? What a revolutionary concept!

>>108664839
ok but when is the xubuntu iso up? lubuntu is already up. should i just switch to lubuntu?

>>108672778
ask here >>108670207

File: glowie.jpg (230 KB, 1267x785)

230 KB JPG

>>108671825

>>108664839
Well I did a full clean reinstall on my laptop with the new buntu. After setting all my shit up again from scratch I can say: I didn't notice a single difference. Not in performance nor in utility. Everything worked fine. I don't know what the fuss is about.

File: pepesuit.gif (40 KB, 1080x800)

40 KB GIF

>>108664839
>* Canonical decided to commission an independent external security audit.
>* Partnered Zellic, a top-tier security research firm.
>* The audit was conducted in two phases (both completed). With the first focusing on high-priority utilities.

That only confirms that shit is compromised.

>>108673466
you wouldn't have been surprised if you realized that the "fuss" came mostly from nocoders, the majority of which don't even use any kind of linux system.

bump in case pre-Shabbat spam arrives soon

>>108665509
yes hello I do not give a fuck if ti does or doesn't, but I care that your logic is shit
you don't need to mention a group specifically to favour them
>anyone who can reach a fruit without assistance or tools can take it for free
favours taller people without explicitly mentioning them
>you can use it for anything ,even re-package and sell it as something else
if you consider making money on something as a better position than merely using it, then people in a position to monetize it would be more favoured

>>108664893
And none of them are as comprehensive.

>>108672610
how do mouthbreathing retards like you even get past the captcha, read the fucking repo.
Im not going to spoonfeed you nigger

>>108675387
freebsd tools for example are more than decent. and adding missing gnu-isms to them would have been infinitely easier than starting a project in rust from scratch. unless we're pretending that gnu people would have found ways to have a fit about it being derivative of their work.
maybe you only had experience with deliberately lightweight options like busybox!

>Check the security company that audited it
>Works mostly with crypto shit known to get "security audited" stickers and get pwned a week later
Curious.

>>108675438
Ok. Then do it. Otherwise I don't care. I use uutils on Windows and it generally just works the way I expect it to (GNU).

>>108675365
>you can use it for anything ,even re-package and sell it as something else
this is allowed by the GPL btw, as long as a "promise" of providing source code retaining attribution is provided.
it's ironic, but not surprising, that of all arguments you could have made, you picked that one.

>>108675448
i think you misunderstood or didn't follow the chain of comments back enough.
me and other anons were just refuting the silly license based conspiracy theory regarding uutils, mostly pushed by tech illiterate e-celeb grifters.

>>108675458
I know

>>108675476
>mostly pushed by tech illiterate e-celeb grifters.
ah yes, the /v/ gambit, everything i don't like is youtuber groupthink

>>108665208
I only use FSF distros you shit eater
>>108664922
When government jews want to destroy free standards they say "competition is good, we need more competing standards!" When the jewish government software has become commonplace, as with systemd, they say "there are too maby standards, just use ours, and no we refuse to make it portable or cross compatoble just build for our system and make all your spftware exclusive to our standard"