#coreutils — Public Fediverse posts

Hahahahah Rust coreutils packages sort of are generally available. Wanted to poke about with ripgrep. So, sudo apt update && sudo apt install ripgrep, and apt, the affable golden retriever that it is installed it happily. Went to try it out.

man ripgrep… don’t know that.
which ripgrep… nope, you are a ninny.

dpkg -L ripgrep -> /usr/bin/rg.

Hahahahahah. The standard is disappointment. Cheers, bags of mostly water! #linux #rust #coreutils #standards #rotfl

Hahahahah Rust coreutils packages sort of are generally available. Wanted to poke about with ripgrep. So, sudo apt update && sudo apt install ripgrep, and apt, the affable golden retriever that it is installed it happily. Went to try it out.

man ripgrep… don’t know that.
which ripgrep… nope, you are a ninny.

dpkg -L ripgrep -> /usr/bin/rg.

Hahahahahah. The standard is disappointment. Cheers, bags of mostly water! #linux #rust #coreutils #standards #rotfl

Hahahahah Rust coreutils packages sort of are generally available. Wanted to poke about with ripgrep. So, sudo apt update && sudo apt install ripgrep, and apt, the affable golden retriever that it is installed it happily. Went to try it out.

man ripgrep… don’t know that.
which ripgrep… nope, you are a ninny.

dpkg -L ripgrep -> /usr/bin/rg.

Hahahahahah. The standard is disappointment. Cheers, bags of mostly water! #linux #rust #coreutils #standards #rotfl

Hahahahah Rust coreutils packages sort of are generally available. Wanted to poke about with ripgrep. So, sudo apt update && sudo apt install ripgrep, and apt, the affable golden retriever that it is installed it happily. Went to try it out.

man ripgrep… don’t know that.
which ripgrep… nope, you are a ninny.

dpkg -L ripgrep -> /usr/bin/rg.

Hahahahahah. The standard is disappointment. Cheers, bags of mostly water! #linux #rust #coreutils #standards #rotfl

Hahahahah Rust coreutils packages sort of are generally available. Wanted to poke about with ripgrep. So, sudo apt update && sudo apt install ripgrep, and apt, the affable golden retriever that it is installed it happily. Went to try it out.

man ripgrep… don’t know that.
which ripgrep… nope, you are a ninny.

dpkg -L ripgrep -> /usr/bin/rg.

Hahahahahah. The standard is disappointment. Cheers, bags of mostly water! #linux #rust #coreutils #standards #rotfl

@davidgerard

It's the hubris that gets me.

"Look at all this complexity! What purpose does it serve? Let us clear it all away and start fresh, and create a clean, fast replacement for all of this!"

Chesterton's coreutils.

#Chesterton #coreutils #ChestertonsFence

@davidgerard

It's the hubris that gets me.

"Look at all this complexity! What purpose does it serve? Let us clear it all away and start fresh, and create a clean, fast replacement for all of this!"

Chesterton's coreutils.

#Chesterton #coreutils #ChestertonsFence

@davidgerard

It's the hubris that gets me.

"Look at all this complexity! What purpose does it serve? Let us clear it all away and start fresh, and create a clean, fast replacement for all of this!"

Chesterton's coreutils.

#Chesterton #coreutils #ChestertonsFence

@davidgerard

It's the hubris that gets me.

"Look at all this complexity! What purpose does it serve? Let us clear it all away and start fresh, and create a clean, fast replacement for all of this!"

Chesterton's coreutils.

#Chesterton #coreutils #ChestertonsFence

@davidgerard

It's the hubris that gets me.

"Look at all this complexity! What purpose does it serve? Let us clear it all away and start fresh, and create a clean, fast replacement for all of this!"

Chesterton's coreutils.

#Chesterton #coreutils #ChestertonsFence

Erst ständig berichten aka hypen[1], negatives dann aber weitgehend totschweigen – dabei ist es so ein schönes Thema, das sicher viele #Linux-Nutzer interessieren würde.

Das denke ich irgendwie zur bislang extrem dürftigen Medienberichterstattung zum vor knapp einer Woche publizierten Fund von 113 Schwachstellen bei den in Rust geschriebenen uutils #Coreutils – von denen 44 eine CVE-ID erhalten haben [2].

Canonical setzt bei Ubuntu 26.04 daher weiter auf 'cp', 'mv' und 'rm' aus den GNU Coretutils [3].

Wenn ihr mehr dazu wissen wollt, lest auch [4] und [5].

[1] siehe Screenshot von https://www.heise.de/suche?make=&q=uutils&sort=date&sort_by=date unten
[2] https://seclists.org/oss-sec/2026/q2/332
[3] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773
[4] https://infosec.exchange/@lcamtuf/116517194178120536
[5] https://infosec.exchange/@isotopp/116521036597379831

P.S.: Nein, ich bin kein Rust-Hasser, eher im Gegenteil.

Erst ständig berichten aka hypen[1], negatives dann aber weitgehend totschweigen – dabei ist es so ein schönes Thema, das sicher viele #Linux-Nutzer interessieren würde.

Das denke ich irgendwie zur bislang extrem dürftigen Medienberichterstattung zum vor knapp einer Woche publizierten Fund von 113 Schwachstellen bei den in Rust geschriebenen uutils #Coreutils – von denen 44 eine CVE-ID erhalten haben [2].

Canonical setzt bei Ubuntu 26.04 daher weiter auf 'cp', 'mv' und 'rm' aus den GNU Coretutils [3].

Wenn ihr mehr dazu wissen wollt, lest auch [4] und [5].

[1] siehe Screenshot von https://www.heise.de/suche?make=&q=uutils&sort=date&sort_by=date unten
[2] https://seclists.org/oss-sec/2026/q2/332
[3] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773
[4] https://infosec.exchange/@lcamtuf/116517194178120536
[5] https://infosec.exchange/@isotopp/116521036597379831

P.S.: Nein, ich bin kein Rust-Hasser, eher im Gegenteil.

Erst ständig berichten aka hypen[1], negatives dann aber weitgehend totschweigen – dabei ist es so ein schönes Thema, das sicher viele #Linux-Nutzer interessieren würde.

Das denke ich irgendwie zur bislang extrem dürftigen Medienberichterstattung zum vor knapp einer Woche publizierten Fund von 113 Schwachstellen bei den in Rust geschriebenen uutils #Coreutils – von denen 44 eine CVE-ID erhalten haben [2].

Canonical setzt bei Ubuntu 26.04 daher weiter auf 'cp', 'mv' und 'rm' aus den GNU Coretutils [3].

Wenn ihr mehr dazu wissen wollt, lest auch [4] und [5].

[1] siehe Screenshot von https://www.heise.de/suche?make=&q=uutils&sort=date&sort_by=date unten
[2] https://seclists.org/oss-sec/2026/q2/332
[3] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773
[4] https://infosec.exchange/@lcamtuf/116517194178120536
[5] https://infosec.exchange/@isotopp/116521036597379831

P.S.: Nein, ich bin kein Rust-Hasser, eher im Gegenteil.

Erst ständig berichten aka hypen[1], negatives dann aber weitgehend totschweigen – dabei ist es so ein schönes Thema, das sicher viele #Linux-Nutzer interessieren würde.

Das denke ich irgendwie zur bislang extrem dürftigen Medienberichterstattung zum vor knapp einer Woche publizierten Fund von 113 Schwachstellen bei den in Rust geschriebenen uutils #Coreutils – von denen 44 eine CVE-ID erhalten haben [2].

Canonical setzt bei Ubuntu 26.04 daher weiter auf 'cp', 'mv' und 'rm' aus den GNU Coretutils [3].

Wenn ihr mehr dazu wissen wollt, lest auch [4] und [5].

[1] siehe Screenshot von https://www.heise.de/suche?make=&q=uutils&sort=date&sort_by=date unten
[2] https://seclists.org/oss-sec/2026/q2/332
[3] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773
[4] https://infosec.exchange/@lcamtuf/116517194178120536
[5] https://infosec.exchange/@isotopp/116521036597379831

P.S.: Nein, ich bin kein Rust-Hasser, eher im Gegenteil.

Erst ständig berichten aka hypen[1], negatives dann aber weitgehend totschweigen – dabei ist es so ein schönes Thema, das sicher viele #Linux-Nutzer interessieren würde.

Das denke ich irgendwie zur bislang extrem dürftigen Medienberichterstattung zum vor knapp einer Woche publizierten Fund von 113 Schwachstellen bei den in Rust geschriebenen uutils #Coreutils – von denen 44 eine CVE-ID erhalten haben [2].

Canonical setzt bei Ubuntu 26.04 daher weiter auf 'cp', 'mv' und 'rm' aus den GNU Coretutils [3].

Wenn ihr mehr dazu wissen wollt, lest auch [4] und [5].

[1] siehe Screenshot von https://www.heise.de/suche?make=&q=uutils&sort=date&sort_by=date unten
[2] https://seclists.org/oss-sec/2026/q2/332
[3] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773
[4] https://infosec.exchange/@lcamtuf/116517194178120536
[5] https://infosec.exchange/@isotopp/116521036597379831

P.S.: Nein, ich bin kein Rust-Hasser, eher im Gegenteil.

#coreutils #Linux #Rust

#coreutils #Linux #Rust

#coreutils #Linux #Rust

#coreutils #Linux #Rust

#coreutils #Linux #Rust

I wonder who was the very stable genius who decided it would be smart to take Gnu code tested over decades and completely rewrite it in a different language (because of course, there are no other issues to solve in FOSS systems) #coreutils

I wonder who was the very stable genius who decided it would be smart to take Gnu code tested over decades and completely rewrite it in a different language (because of course, there are no other issues to solve in FOSS systems) #coreutils

I wonder who was the very stable genius who decided it would be smart to take Gnu code tested over decades and completely rewrite it in a different language (because of course, there are no other issues to solve in FOSS systems) #coreutils

I wonder who was the very stable genius who decided it would be smart to take Gnu code tested over decades and completely rewrite it in a different language (because of course, there are no other issues to solve in FOSS systems) #coreutils

I wonder who was the very stable genius who decided it would be smart to take Gnu code tested over decades and completely rewrite it in a different language (because of course, there are no other issues to solve in FOSS systems) #coreutils

[Перевод] 44 CVE в uutils: что Rust ловит, а что нет на границе с системой

В апреле 2026 года Canonical раскрыла 44 CVE в uutils . Это переписанная на Rust версия GNU coreutils, которая в Ubuntu идёт по умолчанию с 25.10. Раскрытие пришло из внешнего аудита, заказанного перед релизом 26.04 LTS. Большую часть уязвимостей нашли обычным ревью кода. Ни borrow checker, ни проверки clippy , ни cargo audit не поймали ни одной. Этот аудит, пожалуй, самый чёткий из существующих примеров того, что Rust ловит, а что нет. Самый внятный разбор списка сделал Маттиас Эндлер в посте «Bugs Rust Won’t Catch» от 29 апреля. Эндлер ведёт консалтинг corrode и подкаст Rust in Production ; недавно у него в гостях был Джон Сигер, вице-президент по инженерии в Canonical. Пост построен как разбор того самого раскрытия: 44 CVE распределены по восьми категориям; к большинству приложен git diff фикса. Ниже разберу каркас Эндлера и добавлю два аргумента сверху. Первый: один из мейнтейнеров GNU coreutils в HN-треде показал бенчмарк, на котором рекомендованный Эндлером фикс не выживает. Второй: структурный аргумент про то, что 40 лет наслоённых POSIX-шрамов делают с любой переписью, независимо от языка.

https://habr.com/ru/articles/1031420/

#rust #cve #uutils #coreutils #canonical #ubuntu #toctou #безопасность #системное_программирование

[Перевод] 44 CVE в uutils: что Rust ловит, а что нет на границе с системой

В апреле 2026 года Canonical раскрыла 44 CVE в uutils . Это переписанная на Rust версия GNU coreutils, которая в Ubuntu идёт по умолчанию с 25.10. Раскрытие пришло из внешнего аудита, заказанного перед релизом 26.04 LTS. Большую часть уязвимостей нашли обычным ревью кода. Ни borrow checker, ни проверки clippy , ни cargo audit не поймали ни одной. Этот аудит, пожалуй, самый чёткий из существующих примеров того, что Rust ловит, а что нет. Самый внятный разбор списка сделал Маттиас Эндлер в посте «Bugs Rust Won’t Catch» от 29 апреля. Эндлер ведёт консалтинг corrode и подкаст Rust in Production ; недавно у него в гостях был Джон Сигер, вице-президент по инженерии в Canonical. Пост построен как разбор того самого раскрытия: 44 CVE распределены по восьми категориям; к большинству приложен git diff фикса. Ниже разберу каркас Эндлера и добавлю два аргумента сверху. Первый: один из мейнтейнеров GNU coreutils в HN-треде показал бенчмарк, на котором рекомендованный Эндлером фикс не выживает. Второй: структурный аргумент про то, что 40 лет наслоённых POSIX-шрамов делают с любой переписью, независимо от языка.

https://habr.com/ru/articles/1031420/

#rust #cve #uutils #coreutils #canonical #ubuntu #toctou #безопасность #системное_программирование

[Перевод] 44 CVE в uutils: что Rust ловит, а что нет на границе с системой

В апреле 2026 года Canonical раскрыла 44 CVE в uutils . Это переписанная на Rust версия GNU coreutils, которая в Ubuntu идёт по умолчанию с 25.10. Раскрытие пришло из внешнего аудита, заказанного перед релизом 26.04 LTS. Большую часть уязвимостей нашли обычным ревью кода. Ни borrow checker, ни проверки clippy , ни cargo audit не поймали ни одной. Этот аудит, пожалуй, самый чёткий из существующих примеров того, что Rust ловит, а что нет. Самый внятный разбор списка сделал Маттиас Эндлер в посте «Bugs Rust Won’t Catch» от 29 апреля. Эндлер ведёт консалтинг corrode и подкаст Rust in Production ; недавно у него в гостях был Джон Сигер, вице-президент по инженерии в Canonical. Пост построен как разбор того самого раскрытия: 44 CVE распределены по восьми категориям; к большинству приложен git diff фикса. Ниже разберу каркас Эндлера и добавлю два аргумента сверху. Первый: один из мейнтейнеров GNU coreutils в HN-треде показал бенчмарк, на котором рекомендованный Эндлером фикс не выживает. Второй: структурный аргумент про то, что 40 лет наслоённых POSIX-шрамов делают с любой переписью, независимо от языка.

https://habr.com/ru/articles/1031420/

#rust #cve #uutils #coreutils #canonical #ubuntu #toctou #безопасность #системное_программирование

[Перевод] 44 CVE в uutils: что Rust ловит, а что нет на границе с системой

В апреле 2026 года Canonical раскрыла 44 CVE в uutils . Это переписанная на Rust версия GNU coreutils, которая в Ubuntu идёт по умолчанию с 25.10. Раскрытие пришло из внешнего аудита, заказанного перед релизом 26.04 LTS. Большую часть уязвимостей нашли обычным ревью кода. Ни borrow checker, ни проверки clippy , ни cargo audit не поймали ни одной. Этот аудит, пожалуй, самый чёткий из существующих примеров того, что Rust ловит, а что нет. Самый внятный разбор списка сделал Маттиас Эндлер в посте «Bugs Rust Won’t Catch» от 29 апреля. Эндлер ведёт консалтинг corrode и подкаст Rust in Production ; недавно у него в гостях был Джон Сигер, вице-президент по инженерии в Canonical. Пост построен как разбор того самого раскрытия: 44 CVE распределены по восьми категориям; к большинству приложен git diff фикса. Ниже разберу каркас Эндлера и добавлю два аргумента сверху. Первый: один из мейнтейнеров GNU coreutils в HN-треде показал бенчмарк, на котором рекомендованный Эндлером фикс не выживает. Второй: структурный аргумент про то, что 40 лет наслоённых POSIX-шрамов делают с любой переписью, независимо от языка.

https://habr.com/ru/articles/1031420/

#rust #cve #uutils #coreutils #canonical #ubuntu #toctou #безопасность #системное_программирование

Why does #Canonical wants to replace the fully developed #GNU #coreutils by their newly developed #uutils?
The only difference is, that the uutils are a reimplementation in #RUST of the coreutils, written in #C.
All they obviously do is to put issues into these absolute basic utilities that doesn’t exist in the originals.

To me that makes no sense. The only idea I get why Canonical might do this is to get more control over basic utilities of #Linux.
https://seclists.org/oss-sec/2026/q2/332

Why does #Canonical wants to replace the fully developed #GNU #coreutils by their newly developed #uutils?
The only difference is, that the uutils are a reimplementation in #RUST of the coreutils, written in #C.
All they obviously do is to put issues into these absolute basic utilities that doesn’t exist in the originals.

To me that makes no sense. The only idea I get why Canonical might do this is to get more control over basic utilities of #Linux.
https://seclists.org/oss-sec/2026/q2/332

Why does #Canonical wants to replace the fully developed #GNU #coreutils by their newly developed #uutils?
The only difference is, that the uutils are a reimplementation in #RUST of the coreutils, written in #C.
All they obviously do is to put issues into these absolute basic utilities that doesn’t exist in the originals.

To me that makes no sense. The only idea I get why Canonical might do this is to get more control over basic utilities of #Linux.
https://seclists.org/oss-sec/2026/q2/332

Why does #Canonical wants to replace the fully developed #GNU #coreutils by their newly developed #uutils?
The only difference is, that the uutils are a reimplementation in #RUST of the coreutils, written in #C.
All they obviously do is to put issues into these absolute basic utilities that doesn’t exist in the originals.

To me that makes no sense. The only idea I get why Canonical might do this is to get more control over basic utilities of #Linux.
https://seclists.org/oss-sec/2026/q2/332

Why does #Canonical wants to replace the fully developed #GNU #coreutils by their newly developed #uutils?
The only difference is, that the uutils are a reimplementation in #RUST of the coreutils, written in #C.
All they obviously do is to put issues into these absolute basic utilities that doesn’t exist in the originals.

To me that makes no sense. The only idea I get why Canonical might do this is to get more control over basic utilities of #Linux.
https://seclists.org/oss-sec/2026/q2/332

"Chesterton's Fence":

There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

— https://fs.blog/chestertons-fence/

#ChestertonsFence #CoreUtils #Rewrite #UIDesign

P.S. Credit for introducing me to this term: https://chaos.social/@ChuckMcManis/116517200212865151
cc: @ChuckMcManis

"Chesterton's Fence":

There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

— https://fs.blog/chestertons-fence/

#ChestertonsFence #CoreUtils #Rewrite #UIDesign

P.S. Credit for introducing me to this term: https://chaos.social/@ChuckMcManis/116517200212865151
cc: @ChuckMcManis

"Chesterton's Fence":

There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

— https://fs.blog/chestertons-fence/

#ChestertonsFence #CoreUtils #Rewrite #UIDesign

P.S. Credit for introducing me to this term: https://chaos.social/@ChuckMcManis/116517200212865151
cc: @ChuckMcManis

"Chesterton's Fence":

There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

— https://fs.blog/chestertons-fence/

#ChestertonsFence #CoreUtils #Rewrite #UIDesign

P.S. Credit for introducing me to this term: https://chaos.social/@ChuckMcManis/116517200212865151
cc: @ChuckMcManis

"Chesterton's Fence":

There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.”

— https://fs.blog/chestertons-fence/

#ChestertonsFence #CoreUtils #Rewrite #UIDesign

P.S. Credit for introducing me to this term: https://chaos.social/@ChuckMcManis/116517200212865151
cc: @ChuckMcManis

#meme #programming #CoreUtils #tRUSTmebro

#meme #programming #CoreUtils #tRUSTmebro

#meme #programming #CoreUtils #tRUSTmebro

#meme #programming #CoreUtils #tRUSTmebro

#meme #programming #CoreUtils #tRUSTmebro

Just replaced #uutils #coreutils on #ubuntu (yes, I know) with good old #gnu #coreutils . Why, you ask?

Not because of the dozens of CVEs recently published for the #rust version.

Simply because the uutils man page for date(1) unexpectedly ends after the command options. The [[Format]] section hadn't been (clean-room) finished yet, I guess, or there exists some kind of markdown processing bug maybe, but they (Ubuntu) shipped it that way anyway?

Just replaced #uutils #coreutils on #ubuntu (yes, I know) with good old #gnu #coreutils . Why, you ask?

Not because of the dozens of CVEs recently published for the #rust version.

Simply because the uutils man page for date(1) unexpectedly ends after the command options. The [[Format]] section hadn't been (clean-room) finished yet, I guess, or there exists some kind of markdown processing bug maybe, but they (Ubuntu) shipped it that way anyway?

Just replaced #uutils #coreutils on #ubuntu (yes, I know) with good old #gnu #coreutils . Why, you ask?

Not because of the dozens of CVEs recently published for the #rust version.

Simply because the uutils man page for date(1) unexpectedly ends after the command options. The [[Format]] section hadn't been (clean-room) finished yet, I guess, or there exists some kind of markdown processing bug maybe, but they (Ubuntu) shipped it that way anyway?

Just replaced #uutils #coreutils on #ubuntu (yes, I know) with good old #gnu #coreutils . Why, you ask?

Not because of the dozens of CVEs recently published for the #rust version.

Simply because the uutils man page for date(1) unexpectedly ends after the command options. The [[Format]] section hadn't been (clean-room) finished yet, I guess, or there exists some kind of markdown processing bug maybe, but they (Ubuntu) shipped it that way anyway?

Just replaced #uutils #coreutils on #ubuntu (yes, I know) with good old #gnu #coreutils . Why, you ask?

Not because of the dozens of CVEs recently published for the #rust version.

Simply because the uutils man page for date(1) unexpectedly ends after the command options. The [[Format]] section hadn't been (clean-room) finished yet, I guess, or there exists some kind of markdown processing bug maybe, but they (Ubuntu) shipped it that way anyway?

RE: https://fosstodon.org/@fedora/116482826989761429

For #RustLang afficionados, this release ships a very recent version of #uutils' port of #coreutils too (0.7.0, same as Debian unstable), with a lot more features enabled than previously!

It's also backported to previous #Fedora releases, please give it a whirl. Bug reports welcome against #rust-coreutils on bugzilla.redhat.com