Bonum Certa Men Certa

Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security

posted by Roy Schestowitz on May 07, 2025,
updated May 08, 2025

Rust in QEMU

Today in IRC someone mentioned GCHQ in relation to what's happening in Ubuntu this year [1, 2]. Ubuntu is removing (piecewise at least) the GPL/copyleft and outsourcing everything to Microsoft (GitHub), i.e. back doors must be assumed at all times, you're in control of nothing and the NSA is in charge (the security chief of GitHub is a decades-long NSA man).

In case it is not obvious, removing the GPL would mean more "blackboxes" (proprietary blobs) based on Ubuntu, where there's zero obligation to show code or reveal what's running. GNU/Linux can more or less become proprietary, just like IBM wants it to. They already push Rust (Microsoft GitHub) into the Linux kernel; some Microsoft staff does this. It also keeps throwing tantrums and public shaming at the project's leader, Linus Torvalds (Microsofters love doing that, it's like a ritual of theirs and he doesn't seem to get it, maybe because the Linux Foundation won't allow him to [1, 2]).

Jim, are you sure Microsoft and Google don't want to sabotage Linux with Rust polygamy?

Rust is always being sold as "Security" (apparently immature and barely tested coded is "secure") and pretty much nothing else!

Sometimes they talk about "Performance", but C can be optimised and they likely compare apples to oranges.

Is the "great replacement" (of free as in freedom) going to spread further? "Perhaps forcing this into Qemu is why their founder is being attacked," a reader said, pointing to this month's communications [1, 2] from Paolo Bonzini (IBM), "a contributor and submaintainer for QEMU."

IBM pays the salary and this is what it wants:

It's been roughly three months since my previous update on the Rust in
QEMU project.  Support for Rust remains experimental, with most of the
past three months spent cleaning up the bindings and making more
functionality available from safe Rust.

As before, this mostly covers what I have looked at, which is making it possible to write devices in safe Rust. Topics such as QAPI and async (block devices) are missing for this reason.
Overall, I'd say the progress is good: most of the missing features mentioned in the previous update have been fixed or at least have a plan for the next few months.

Do we really want experimental code at this crucial/critical level/layer? What is there to gain when the employer does not value security in the first place? It's just some buzzword it uses. It is for sales and lobbying, nothing else.

The official QEMU site says: "Rust in QEMU is a project to enable using the Rust programming language to add new functionality to QEMU. Right now, the focus is on making it possible to write devices that inherit from SysBusDevice in *safe* Rust. Later, it may become possible to write other kinds of devices (e.g. PCI devices that can do DMA), complete boards, or backends (e.g. block device formats)."

Maybe this is very innocent, but they seem to have taken a solid, stable program from a high-profile Frenchman and looked for ways to marry/glue it with GitHub, i.e. Microsoft/NSA. It caused a lot of problems when they did this to Linux, much as we expected all along.

There are already politely-expressed concerns out in the open, for example: "Well, I don't actually have an opinion about which is better: I don't know enough Rust to have a sense of what's more idiomatic or otherwise preferable. My point is the more general one, that we should decide (in all of these cases) which approach is going to work better for us and apply that consistently, now that we have the benefit of having written a couple of device models so we can see what each path looks like."

"These initial devices are going to be the models that other people (perhaps less familiar with Rust) are going to use as patterns when they write other device models. Converging on a consistent structure and way of writing devices now will help those future device authors (including me!), I think."

We already know what this did to Linux. The best known Linux developers openly complained about it, but it was probably "too late" already. Of course the Microsoft people engaged in public outbursts against those developers (e.g. Theodore Ts'o). Watch out, BSD people.

"Rust developers and C developers are generally different people," an associate notes. "Forcing in Rust is one way of forcing out the C developers, and thus the senior project members, or at least reducing their influence and wresting control away from the founders."

Also see:

"the second link is so-so," the associate says, "but the point is that Rust neither helps nor hurts security in and of itself. However, as you already point out, new code means new bugs which is a problem inherent in all new code. So replacing old, secure, polished code with new untested code is going to actually introduce security holes and general bugs."

It should be noted that "Rust people" (which is what they call themselves) cull informed critics and censor them, even when the criticism is about technical and legal issues, nothing even remotely political or abrasive or impolite. In GitHub, many Microsoft critics get censored or even permanently banned/deplatformed (we covered examples in the past). So when one chooses GitHub for a project's hosting one already eliminates many people sceptical of Microsoft or the Microsoft way of "thinking".

Related: Sami Tikkanen Explains Rust Language and Its Goals

It's "the quest of Rusting everything for Total Control" by none other than Microsoft, says someone in IRC today.

How Rust’s standard library was vulnerable for years and nobody noticed

Other Recent Techrights' Posts

Using SLAPPs to Cover Up Sexual Abuse and Strangulation
The exact same legal team of the Serial Strangler from Microsoft and Garrett already has a history fighting against "metoo"
 
Free Software Foundation (FSF) Fund Raiser Goes on
Later this month we'll expose another OSI scandal
EPO Staff Representatives Issue a Warning About Staff's Health and Inadequate Care
Even the EPO's own stakeholders (money sources) are openly protesting against what the EPO became
Links 13/07/2025: Partly Assorted News From Deutsche Welle and CBC
Links for the day
Gemini Links 13/07/2025: Board Games and Battle Styles
Gemini Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 12, 2025
IRC logs for Saturday, July 12, 2025
Plunder at the Second-Largest Institution in Europe
cuts, neglect, health problems, even early deaths
Links 12/07/2025: Political Developments, Attack on Opposition, Climate Actions
Links for the day
Gemini Links 12/07/2025: Melodic Musings and Small Web July
Links for the day
Links 12/07/2025: Jail in China for Homoerotica, South Korea Discriminates Against Old Workers
Links for the day
If Only Everything Was Rewritten in Rust, We'd Have No More Security Issues?
Nope.
Links 12/07/2025: Birdwatching and Fake/Misleading Wall Street 'Valuation' Figures
Links for the day
Gemini Links 12/07/2025: How to Avoid Writing, Apps for Android
Links for the day
EPO Staff Committee on Harassment in the Workplace
slides
Adding the Voice of Writers to UK SLAPP Reform
The journey to repair antiquated (monarchy era) laws will likely be long
EPO Takes More Money From Staff for Speculation (Pensions), Actuarial Study Explains the Impact
"The key change in this year’s Actuarial Study, due to cascading the new “risk appetite” from the financial study, is a significant increase of the total pension contribution rate of 5.7 percentage points, up to a total of 37.8%. This is driven by an unprecedented decrease in the discount rate of 105 bps down to 2.2%."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 11, 2025
IRC logs for Friday, July 11, 2025
Microsoft - Like IBM - Does the "Relocation" Tricks (Start Over Elsewhere, Then Get Sacked by Microsoft)
It is a "low blow" or a "dick move"
After the Free Software Foundation's Campaign to Raise Money Let's See Campaigns to Finish Off Microsoft (Vista 11, GitHub etc.)
Microsoft is in effect collapsing
Your Publications Have No Major Impact Unless or Until You "Get Some Heat"
we're on the right track
Slopwatch: A Cause for Hope, the Hype is Dying
For about a month we showed that becoming a slopfarm - for several weeks - resulted in utter failure and ruin for BetaNews
Links 11/07/2025: Censorship Worsening, 3D Printing Success Stories, UK and France Unite Around Nukes
Links for the day
Gemini Links 11/07/2025: Zorin OS and Scriptonite Updates
Links for the day
Links 11/07/2025: Hardware, Russia, and China
Links for the day
Links 11/07/2025: Intel Collapsing and Microsoft Resorts to Bribery to Push Slop Via Obligatory Education
Links for the day
The EFF Sided With the Team That Strangles Women and Tells Women to Kill Themselves
They say that apathy and inaction are a form of a "stance"
"Nat [Friedman] and [the Serial Strangler From Microsoft] Were Always Exceptionally Close," Says Former Housemate and Colleague
Now Alex (hiding behind another name when that suits him) not only attacks women but also people who merely report what he did to women
Exemplary List of Things That Are Not Artificial Intelligence or Even Intelligence
The "age of AI" or "era of AI" or "AI revolution" mostly boils down to rebranding, just like "the cloud"
New Letter From the European Patent Office Explains How the Office Plots to Grant Many Illegal Patents, a Self-Fulfilling Prophecy of 'Growth'
Open letter to Mr Rowan (VP1) and Mr Aledo Lopez (COO)
Abuse of Process
5RB is employing people who help violent men
What Microsoft's Nat Friedman and Microsoft Lunduke Have in Common
"Get in da car; No time to explain, loser"
Microsoft and IBM Don't Have Much of a Future (They Mostly Pretend at This Point)
IBM and Microsoft are in some ways alike but in many ways different
It's Not Just Twitter (or X.com) That's Dying, Microsoft's Equivalent is Dying Also
Unable to find a business model
GitHub Copilot Can Cause the Bankruptcy of GitHub to Come Sooner and GitHub to be Shut Down Just Like Skype
Some publicly available information suggests that even for each paid subscriber for plagiarism (LLM 'coding') GitHub Copilot still loses more money than it makes
Wayland is Bad for the Planet
If you use Wayland, it'll take you longer to accomplish tasks and you will consume more energy (or battery life)
Legitimising Those Who Sabotage You
Microsoft is a very malicious company
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 10, 2025
IRC logs for Thursday, July 10, 2025
On Microsoft Layoffs
we might be looking at about 60,000 Microsoft layoffs since 2023
EPO Management Already Breaks Its Own Promise (Lie) on "Bringing Teams Together"
This gut-punching move happened just 2 days ago
Gemini Links 11/07/2025: Occupation of 2025 and "Old Man Yells At Soundcloud"
Links for the day
Our Lawsuits Against the 'Cancel Mob' (Ringleaders) Helped Reduce Anti-Free Software Online Abuse
That's not to say that lawsuits are the best way to handle terrible people. But that can help.