jewbuntu

I lose all faith in software when the devs start obsessing over what language its written in. Doubly so in the age of AI.

>>108664849
the faggotry of uutils isn't using rust. it's the fact that it only exists so microsoft's linux golems can have their own cuck licensed version of the GNU coreutils.

>>108664863
non-GPL coreutils always existed, with the first predating GNU itself. there is already a distro or two shipping some variant of BSD utilities.

>>108664839
>Ubuntu 26.04 LTS will ship with rust-uutils, except for cp, mv, and rm
This seems more likely to cause new bugs not present in either suite in isolation. It was stupid to start this transition on a 3/4 release instead of a 1/4 release.

>>108664893
uutils exists for the express purpose of being a replacement for GNU software

>>108664916
It's always good to have multiple compatible implementations.

>>108664863
MIT grants the user more freedoms than the GPL does.

File: 1768073388580893.jpg (5.5 KB)

5.5 KB JPG

>>108664839
>Ubuntu 26.04 LTS will ship with rust-uutils, except for cp

>>108664924
Must hit hard, we all know how the rust programmers like their cp.

>>108664839

>A bunch of CVE's disclosed (my personal review will be posted in a separate comment)

Okay. I finished checking out the CVE's.

* The number of CVE's related to Rust as an implementation language, or caused
by Rust not delivering on it promises of (memory/thread/type/...) safety,
is..ZERO, unless you count the 3-4 issues related to utf8 vs. bytes, blaming
Rust for using unicode by default.

* The overriding theme is issues around permission handling, path handling,
and TOCTOU. And to a lesser extent, file type issues (symlink, FIFO, ..).

* Many of the attack vectors are a little bit far fetched.

* Some of them (like CVE-2026-35343 and CVE-2026-35378) remind me of the
half-joke "Every software bug can successfully be argued as exploitable".

* One doesn't affect Linux (CVE-2026-35362).

* The most interesting one is perhaps CVE-2026-35368 (chroot container escape
scenario).

* The silliest one, from a coding PoV, is perhaps CVE-2026-35369 (argument
parsing error).

* It's still great that this was done, and that all these bugs/issues were
discovered and fixed (or about to). I'm sure it is also helpful in clarifying
specific and potentially subtle behaviors in the GNU implementation itself,
and other implementations.

Overall, as expected, the findings are a bit inflated and exaggerated in
effect, which is a global problem in the security theater industry. But this
was still a very good job, if looked at from a pure software development lens ;)

>>108665092
Based post

>>108665092
RIDF has arrived.

>>108664839
>switch to rust, still over 70 security issues
>can't get the most basic utils right: cp, mv, rm
>ubuntu mixes implementations for an lts release instead of doing the logical thing: go back to what worked and try this in a non-lts
>>108664923
you mean it grants corps more freedom.

>>108664839
Doing this on an LTS distro first is grade A retarded. I hope it goes to shit.

>>108664922
i'd agree if they went GPL but they didn't. rust troons license literally everything as MIT for no particular reason and canonical is exploiting that for hostile intentions.

>>108665092 (Me)
break down of CVE scores (didn't double-check):
4 High (7.0-7.3)
25 Medium (4.2-6.7)
15 Low (3.3-3.6)

>>108665158
a big chunk of your core system is non-GPL already, with no rewrites or rust involved.

>>108665138
>you mean it grants corps more freedom.
where in MIT are corps mentioned specifically?

>>108664839
>>108665092
good thread

How did they fuck up cp, mv and rm?
Absolute state of rust trannies

>>108665158
we want it all in MIT so corpo can take it and stop fucking everything up. please corpo take it pelase

>>108664839
Ubuntu is hit by the malicious attack

echo "You crab lover"; 
rm -rf /

Security experts explains this is critical vulnerability of legacy code, unlike the new safe rust.
Were the user is asked in rust safe code, about removal, with is also done in a safe manner.
The proven legacy is broken and yet again show, why, the innovate and safe rust crab should put it's a claws in your system.

>>108666149
Already Fixed:

rm --preserve-root can be bypassed via symlink to /
https://github.com/uutils/coreutils/issues/9705

mv loses ownership on cross-device moves
https://github.com/uutils/coreutils/issues/9714

rm: allows dangerous abbreviation of --no-preserve-root option
https://github.com/uutils/coreutils/issues/10188

Not fixed/Fix not merged:

rm -rf ./ and variants silently delete current directory contents
https://github.com/uutils/coreutils/issues/9749

mv copy TOCTOU Race
https://github.com/uutils/coreutils/issues/10015

cp TOCTOU: symlink swap bypasses no-dereference intent
https://github.com/uutils/coreutils/issues/10017

--------

On initial thought, I can see myself pushing for changing the GNU implementation to behave like #9749, instead of "fixing" this in uutils. And that's my BASED take, if i may say so myself, about myself.

>>108666435
dumb bot

>>108666494
thank you for your support

>>108665509
GPLv3 prohibits including GNU coreutils in closed source projects.

>>108664924
shontoes

>>108665158
>for no particular reason
(((they))) want to take linux away from us

>>108667082
they are cli tools, not libraries. there are no "projects" for them to be included in, in that sense.

>>108664839
how about performance? aren't uutils slower and more bloated?

>>108667098
post the output of

lsof  -u $USER -Fn | rg -r '$1' '(.*\.so).*' | sort -u

and let's examine what the (non-rust) libraries loaded in your system right now are licensed under.

>>108664839
Transgender programming language

>>108667161
>aren't uutils slower
not necessarily. there will be use-cases where one is faster than the other. but whichever is slower can theoretically be "fixed".
but if you're relying on coreutils performance somehow, you're doing it wrong.
>and more bloated?
not really.

>>108667226
you won't doxx me that easily :)

>>108667279
filter anything you think is private. or just grep for /usr/

>>108667286
>filter anything you think is private
I already did, which is why I'm not posting what you prompted me to

>>108667302
alright. let's do that for a taste. append this to >>108667226

| rg -i 'lib(python|jpeg|png|bz2|curl|llvm|mesa|xul|x11|wayland|open|ssl|crypto|freetype)'

failing to do so will out you as just another /g/eet wintard

>>108667347
>wintard
kek I've been linux-exclusive for a decade
I also saw the thread of a euro script kiddie getting doxxed yesterday, so I'm not taking any risks

>>108667370
>linux-exclusive for a decade
>scared of lsof and grep

>>108664863
your point doesn't stand because bsdutils exist

>>108664863
There has been multiple permissive rewrites of coreutils. Why are you acting as if uutils was first to do so?

>>108667439
I ran them, but I'm not posting the output, shrimple as

>>108667616
because the other rewrites weren't immediately shoved into a large distro's lts release despite being unready. it's like there's something going on besides "improving the code quality"

>>108668268
>it's like there's something going on besides "improving the code quality"
Yes, Ubuntu fucking sucks. Did it really took you so many years to realize it?

>>108668075
>t. wintard

>>108665509
Ahh yes, the "pretend to misunderstand the argument and/or premise" gambit, straight from the "insufferable leftoid faggot" playbook.

>>108668268
LTS and "improving code quality" are actually contradictory endeavours. Since in the stable distro model, you can't make any significant code changes mid-release.
what you would want from a package, from an LTS perspective, is the least amount of security updates/maintenance possible.
after these audits, which are much easier to do, especially in such a focused manner, on rust code, they can have some confidence that they won't be called in the middle of a random Saturday night* because some serious CVE just dropped, caused by some retarded C bug class.
There are still no guarantees of course. But it's a question of probability and frequency.
----
* yes yes distros have a private repo where they get notified of CVE's before they go public. but the general point stands.

>>108669482
>anon1: MIT grants the user more freedoms than the GPL does.
>(you): you mean it grants corps more freedom.
>anon2: where in MIT are corps mentioned specifically?
>(you): oh yeah? YOU'RE A FAGGOT

>>108669487 (Me)
s/private repo/private mailing list

>>108669512
the pinnacle of /g/

>>108664848
(((they))) actually hate both rust as well as video-generating AI, because it makes (((their job))) much harder.

>>108664839
>real thread instead of e-celeb screencap spam
bump before the potential spam arrives

>we rewrote ur unix utilities in rust bro
>why?
>shut up chud

File: ruster.jpg (73.7 KB)

73.7 KB JPG

>>108664839
That shit is going to be worse than windows 11.
Do not let any of that trash contaminate your machine. All rust binaries are bloated because they contain cp, encrypted and ready to be deployed by the CIA to blackmail targets.

>>108671417
How? Every modern browser is infectes with it and soon the Linux kernel will be too.

>>108665208
That chunk of my core system also isn't a psyop to replace other chunks of my core system.
You dumbass niggas are being disingenuous, if Canonical didn't have poor intentions there would be literally no reason not to just ship the GNU coreutils as normal.

>>108671417
>checks
>gnu coreutils execs + extra lib deps > rust coreutils single exec
sneaking cp in in less binary size! that's some impressive compression scheme.
where is that compression code?

>>108671701
>psyop
>poor intentions
can you outline the purpose, and the rough steps of this evil plan?

>>108667501
retard
https://github.com/uutils/bsdutils

>>108672133
anon was referring to bsd coreutils implementations, not a project literally named "bsdutils", dumb search engine tard

File: crazyy.jpg (37.4 KB)

37.4 KB JPG

>>108664839
>Partnered Zellic, a top-tier security research firm.
You mean, they didn't just throw an Anthropic LLM at it? They actually had humans, with brains, work on this? What a revolutionary concept!

>>108664839
ok but when is the xubuntu iso up? lubuntu is already up. should i just switch to lubuntu?

>>108672778
ask here >>108670207

File: glowie.jpg (230.3 KB)

230.3 KB JPG

>>108671825

>>108664839
Well I did a full clean reinstall on my laptop with the new buntu. After setting all my shit up again from scratch I can say: I didn't notice a single difference. Not in performance nor in utility. Everything worked fine. I don't know what the fuss is about.

File: pepesuit.gif (39.6 KB)

39.6 KB GIF

>>108664839
>* Canonical decided to commission an independent external security audit.
>* Partnered Zellic, a top-tier security research firm.
>* The audit was conducted in two phases (both completed). With the first focusing on high-priority utilities.

That only confirms that shit is compromised.

>>108673466
you wouldn't have been surprised if you realized that the "fuss" came mostly from nocoders, the majority of which don't even use any kind of linux system.

bump in case pre-Shabbat spam arrives soon

>>108665509
yes hello I do not give a fuck if ti does or doesn't, but I care that your logic is shit
you don't need to mention a group specifically to favour them
>anyone who can reach a fruit without assistance or tools can take it for free
favours taller people without explicitly mentioning them
>you can use it for anything ,even re-package and sell it as something else
if you consider making money on something as a better position than merely using it, then people in a position to monetize it would be more favoured

>>108664893
And none of them are as comprehensive.

>>108672610
how do mouthbreathing retards like you even get past the captcha, read the fucking repo.
Im not going to spoonfeed you nigger

>>108675387
freebsd tools for example are more than decent. and adding missing gnu-isms to them would have been infinitely easier than starting a project in rust from scratch. unless we're pretending that gnu people would have found ways to have a fit about it being derivative of their work.
maybe you only had experience with deliberately lightweight options like busybox!

>Check the security company that audited it
>Works mostly with crypto shit known to get "security audited" stickers and get pwned a week later
Curious.

>>108675438
Ok. Then do it. Otherwise I don't care. I use uutils on Windows and it generally just works the way I expect it to (GNU).

>>108675365
>you can use it for anything ,even re-package and sell it as something else
this is allowed by the GPL btw, as long as a "promise" of providing source code retaining attribution is provided.
it's ironic, but not surprising, that of all arguments you could have made, you picked that one.

>>108675448
i think you misunderstood or didn't follow the chain of comments back enough.
me and other anons were just refuting the silly license based conspiracy theory regarding uutils, mostly pushed by tech illiterate e-celeb grifters.

>>108675458
I know

>>108675476
>mostly pushed by tech illiterate e-celeb grifters.
ah yes, the /v/ gambit, everything i don't like is youtuber groupthink

>>108665208
I only use FSF distros you shit eater
>>108664922
When government jews want to destroy free standards they say "competition is good, we need more competing standards!" When the jewish government software has become commonplace, as with systemd, they say "there are too maby standards, just use ours, and no we refuse to make it portable or cross compatoble just build for our system and make all your spftware exclusive to our standard"

>>108675580
>I only use FSF distros you shit eater
post the output of this and let's go through the libraries one by one. if the browser you use is not called firefox, adjust accordingly:

lsof -p `pidof -S',' firefox` -Fn | rg -r '$1' 'n(.*\.so)(\b.*|$)'| sort -u

this will only cover libraries loaded by the browser you used to post your comment. yet, it will be more than enough "fun".
hopefully you're not yet another wintard /g/eet larping, like another anon from earlier.

>>108675580
what is "free standards"?
and what distinguishes them from "not free standards"?
what "standards" are not backed by bureaucracy shared by "governments" (national and international bodies)?
and what "not free standard" is systemd?
and how did talk about "implementations" turn into "standards"?

>>108664893
>>108665092

Shalom rabbi

>>108675882
>IzzatBot is too late to the party
>>108670391

>>108676034
>you must be a pajeet for hating the small hats and trannies

ok nigger

>>108676052
>izzat intelligence strikes again

>>108673466
Yep. Talked to multiple people who upgraded. Zero issues reported.

test

>>108665138
The gpl only benefits megacorps giving them an unfair advantage against smaller companies.
As megacorps can just not respect it and can afford lawyers fees, but they also got the workforce to just write their own in house alternatives to pm any foss software.

>>108679633
>megacorps can just not respect it and can afford lawyers fees
Wrong, IP law is clear cut and large companies that get caught violating the GPL have been successfully sued over it.
>they also got the workforce to just write their own in house alternatives to pm any foss software.
Who cares?

>>108679670
>IP law is clear cut and large companies that get caught violating the GPL have been successfully sued over it.
Ok, so when will Microsoft be sued for WSL? They included Linux as part of their OS. You know, the thing GPL was meant to protect against.

>inb4 uhh, but that's not GPL violation
Yeah, because they are big corp and can afford making a hypervisor to bypass GPL restrictions. Smaller companies could never do this.

>>108679670
>have been successfully sued over it.
lmao, that's why there are literal wall of shames against megacorps not respecting it because that's the best they can do
>who cares
Retard, megacorps having extra advantages over smaller companies / individual is a bad thing.

>>108679670
>Who cares?
Do you realize what thread we are in? We had uutils seething thread every day for like a year now.

>>108679711
WSL doesn't violate the GPL.
>>108679734
>lmao, that's why there are literal wall of shames against megacorps not respecting it because that's the best they can do
Take two seconds to google "GPL lawsuit".
>Retard, megacorps having extra advantages over smaller companies / individual is a bad thing.
Life is unfair like that.

>>108679823
I'm probably wrong, please correct me, isn't WSL a custom written Linux or something or at least not stock I remember reading something like this. Since it is written for Windows NT it must have some different licensing not sure if it violated but it could for example. I'm probably yapping about random, but can someone at least answer or correct me

>>108679823
>WSL doesn't violate the GPL.
Exactly my point.

>>108679880
WSL1 was a compatibility layer that emulates Linux syscalls (and was also the biggest pile of dogshit you can even imagine). WSL2 is just headless Hyper-V virtual machines. Microsoft publishes the patches they use to make the Linux kernel run under it.
>>108679883
It literally doesn't, anon.

>>108679880
It's good old Linux. The trick was to put it behind x86 virtualization instead of linking against it. That's something GPL no longer protects against.

>>108679918
>It literally doesn't, anon.
I know. That's why I said:
>>inb4 uhh, but that's not GPL violation
>Yeah, because they are big corp and can afford making a hypervisor to bypass GPL restrictions. Smaller companies could never do this.
In >>108679711

>>108679918
>>108679936
thanks anons. i have actually used it before. does it sit on the NT kernel as a traditional application written for windows since its behind virt or somethng different? since its hyper v

>>108679823
>Take two seconds to google "GPL lawsuit".
You are literally proving my point that it doesn't affect megacorps and only smaller players.
No megacorps ever loose anything if consequence.
>life is unfair
And you are Jewish.

>>108680467
of consequence*

>>108679711
>>108679936
https://github.com/microsoft/WSL

>rewrite a ton of super mature software
>have big distros use it
This is really just a cult.

>>108681844
>ton
can you point to 10 examples of super mature software with drop-in-replacement rewrites?
can you point to 1 example where those doing the rewrites pushed for distros to use them?

>>108681844
Fortunately, this is just another retarded Canonical NIH decision that no one else will adopt.
Kinda funny how Mint started off as an entirely pointless project but now does a lot of work to unfuck these asinine choices.

>>108664839
When ubuntu sent out their last release advert to us, even thought that i unsubscribed from all their mailing lists, i wrote back and told them that i will never use Ubuntu ever again, because of all the trust lost thanks to uutils.
And i told them that we will sue them if they keep harassing us.

There is no way to fix this.
I don't give a flying fuck if the Rust troons are responsible for this, or if it is Canoncial that rushed it.
You don't push unfinished buggy garbage on a fucking stable release of an enterprise distribution.
That is a total no-go. A drop-out criteria. Nothing they could do can fix this.
uutils could be perfect over night, and i would not use Ubuntu again.

>>108684153
>>108684174
>actually, the rust troons never claimed that uutils is stable!

File: google-agpl.png (533.4 KB)

533.4 KB PNG

>>108680467

>>108686798
who are you quoting?

>>108686806
jewgle being terrified of AGPL will never cease to amuse me

>>108664839
>real thread instead of e-celeb screencap spam
i must say, i didn't think this was going to work.
i'm pleasantly surprised.

>>108669482
Don't bother. It's the same RDF schizo that's been samefagging any rust-related thread for a while.

>* Ubuntu 26.04 LTS will ship with rust-uutils, except for cp, mv, and rm, because of remaining issues.
>* Ubuntu 26.10 is planned to ship 100% rust-coreutils.
lmao why couldn't they wait??

File: SCP_SafeItalianRaspberryCrab_20260426.jpg (11.9 KB)

11.9 KB JPG

>>108664839
>* 113 (73+40) total issues identified.
Pretty dire situation: evidence of continued deception against delicious electronic crabs... the vulnerability affects mostly the hypervisor and cannot make it through the stack
>>108666431
Takes at least a day for the echo to reach the public servers with all that room-roof going on behind the scenes, you can't beat that. The crab-claws will be groping for hours.

>>108692615
The troons needed to justify their jobs I guess.