Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security
Today in IRC someone mentioned GCHQ in relation to what's happening in Ubuntu this year [1, 2]. Ubuntu is removing (piecewise at least) the GPL/copyleft and outsourcing everything to Microsoft (GitHub), i.e. back doors must be assumed at all times, you're in control of nothing and the NSA is in charge (the security chief of GitHub is a decades-long NSA man).
In case it is not obvious, removing the GPL would mean more "blackboxes" (proprietary blobs) based on Ubuntu, where there's zero obligation to show code or reveal what's running. GNU/Linux can more or less become proprietary, just like IBM wants it to. They already push Rust (Microsoft GitHub) into the Linux kernel; some Microsoft staff does this. It also keeps throwing tantrums and public shaming at the project's leader, Linus Torvalds (Microsofters love doing that, it's like a ritual of theirs and he doesn't seem to get it, maybe because the Linux Foundation won't allow him to [1, 2]).
Rust is always being sold as "Security" (apparently immature and barely tested coded is "secure") and pretty much nothing else!
Sometimes they talk about "Performance", but C can be optimised and they likely compare apples to oranges.
Is the "great replacement" (of free as in freedom) going to spread further? "Perhaps forcing this into Qemu is why their founder is being attacked," a reader said, pointing to this month's communications [1, 2] from Paolo Bonzini (IBM), "a contributor and submaintainer for QEMU."
IBM pays the salary and this is what it wants:
It's been roughly three months since my previous update on the Rust in QEMU project. Support for Rust remains experimental, with most of the past three months spent cleaning up the bindings and making more functionality available from safe Rust.
As before, this mostly covers what I have looked at, which is making it possible to write devices in safe Rust. Topics such as QAPI and async (block devices) are missing for this reason.
Overall, I'd say the progress is good: most of the missing features mentioned in the previous update have been fixed or at least have a plan for the next few months.
Do we really want experimental code at this crucial/critical level/layer? What is there to gain when the employer does not value security in the first place? It's just some buzzword it uses. It is for sales and lobbying, nothing else.
The official QEMU site says: "Rust in QEMU is a project to enable using the Rust programming language to add new functionality to QEMU. Right now, the focus is on making it possible to write devices that inherit from SysBusDevice in *safe* Rust. Later, it may become possible to write other kinds of devices (e.g. PCI devices that can do DMA), complete boards, or backends (e.g. block device formats)."
Maybe this is very innocent, but they seem to have taken a solid, stable program from a high-profile Frenchman and looked for ways to marry/glue it with GitHub, i.e. Microsoft/NSA. It caused a lot of problems when they did this to Linux, much as we expected all along.
There are already politely-expressed concerns out in the open, for example: "Well, I don't actually have an opinion about which is better: I don't know enough Rust to have a sense of what's more idiomatic or otherwise preferable. My point is the more general one, that we should decide (in all of these cases) which approach is going to work better for us and apply that consistently, now that we have the benefit of having written a couple of device models so we can see what each path looks like."
"These initial devices are going to be the models that other people (perhaps less familiar with Rust) are going to use as patterns when they write other device models. Converging on a consistent structure and way of writing devices now will help those future device authors (including me!), I think."
We already know what this did to Linux. The best known Linux developers openly complained about it, but it was probably "too late" already. Of course the Microsoft people engaged in public outbursts against those developers (e.g. Theodore Ts'o). Watch out, BSD people.
"Rust developers and C developers are generally different people," an associate notes. "Forcing in Rust is one way of forcing out the C developers, and thus the senior project members, or at least reducing their influence and wresting control away from the founders."
Also see:
- How Rust’s standard library was vulnerable for years and nobody noticed
- Why the Rust Programming Language Is Not a Silver Bullet for Automotive Security
"the second link is so-so," the associate says, "but the point is that Rust neither helps nor hurts security in and of itself. However, as you already point out, new code means new bugs which is a problem inherent in all new code. So replacing old, secure, polished code with new untested code is going to actually introduce security holes and general bugs."
It should be noted that "Rust people" (which is what they call themselves) cull informed critics and censor them, even when the criticism is about technical and legal issues, nothing even remotely political or abrasive or impolite. In GitHub, many Microsoft critics get censored or even permanently banned/deplatformed (we covered examples in the past). So when one chooses GitHub for a project's hosting one already eliminates many people sceptical of Microsoft or the Microsoft way of "thinking". █
Related: Sami Tikkanen Explains Rust Language and Its Goals
It's "the quest of Rusting everything for Total Control" by none other than Microsoft, says someone in IRC today.
