Bonum Certa Men Certa

Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security

posted by Roy Schestowitz on May 07, 2025,
updated May 08, 2025

Rust in QEMU

Today in IRC someone mentioned GCHQ in relation to what's happening in Ubuntu this year [1, 2]. Ubuntu is removing (piecewise at least) the GPL/copyleft and outsourcing everything to Microsoft (GitHub), i.e. back doors must be assumed at all times, you're in control of nothing and the NSA is in charge (the security chief of GitHub is a decades-long NSA man).

In case it is not obvious, removing the GPL would mean more "blackboxes" (proprietary blobs) based on Ubuntu, where there's zero obligation to show code or reveal what's running. GNU/Linux can more or less become proprietary, just like IBM wants it to. They already push Rust (Microsoft GitHub) into the Linux kernel; some Microsoft staff does this. It also keeps throwing tantrums and public shaming at the project's leader, Linus Torvalds (Microsofters love doing that, it's like a ritual of theirs and he doesn't seem to get it, maybe because the Linux Foundation won't allow him to [1, 2]).

Jim, are you sure Microsoft and Google don't want to sabotage Linux with Rust polygamy?

Rust is always being sold as "Security" (apparently immature and barely tested coded is "secure") and pretty much nothing else!

Sometimes they talk about "Performance", but C can be optimised and they likely compare apples to oranges.

Is the "great replacement" (of free as in freedom) going to spread further? "Perhaps forcing this into Qemu is why their founder is being attacked," a reader said, pointing to this month's communications [1, 2] from Paolo Bonzini (IBM), "a contributor and submaintainer for QEMU."

IBM pays the salary and this is what it wants:

It's been roughly three months since my previous update on the Rust in
QEMU project.  Support for Rust remains experimental, with most of the
past three months spent cleaning up the bindings and making more
functionality available from safe Rust.

As before, this mostly covers what I have looked at, which is making it possible to write devices in safe Rust. Topics such as QAPI and async (block devices) are missing for this reason.
Overall, I'd say the progress is good: most of the missing features mentioned in the previous update have been fixed or at least have a plan for the next few months.

Do we really want experimental code at this crucial/critical level/layer? What is there to gain when the employer does not value security in the first place? It's just some buzzword it uses. It is for sales and lobbying, nothing else.

The official QEMU site says: "Rust in QEMU is a project to enable using the Rust programming language to add new functionality to QEMU. Right now, the focus is on making it possible to write devices that inherit from SysBusDevice in *safe* Rust. Later, it may become possible to write other kinds of devices (e.g. PCI devices that can do DMA), complete boards, or backends (e.g. block device formats)."

Maybe this is very innocent, but they seem to have taken a solid, stable program from a high-profile Frenchman and looked for ways to marry/glue it with GitHub, i.e. Microsoft/NSA. It caused a lot of problems when they did this to Linux, much as we expected all along.

There are already politely-expressed concerns out in the open, for example: "Well, I don't actually have an opinion about which is better: I don't know enough Rust to have a sense of what's more idiomatic or otherwise preferable. My point is the more general one, that we should decide (in all of these cases) which approach is going to work better for us and apply that consistently, now that we have the benefit of having written a couple of device models so we can see what each path looks like."

"These initial devices are going to be the models that other people (perhaps less familiar with Rust) are going to use as patterns when they write other device models. Converging on a consistent structure and way of writing devices now will help those future device authors (including me!), I think."

We already know what this did to Linux. The best known Linux developers openly complained about it, but it was probably "too late" already. Of course the Microsoft people engaged in public outbursts against those developers (e.g. Theodore Ts'o). Watch out, BSD people.

"Rust developers and C developers are generally different people," an associate notes. "Forcing in Rust is one way of forcing out the C developers, and thus the senior project members, or at least reducing their influence and wresting control away from the founders."

Also see:

"the second link is so-so," the associate says, "but the point is that Rust neither helps nor hurts security in and of itself. However, as you already point out, new code means new bugs which is a problem inherent in all new code. So replacing old, secure, polished code with new untested code is going to actually introduce security holes and general bugs."

It should be noted that "Rust people" (which is what they call themselves) cull informed critics and censor them, even when the criticism is about technical and legal issues, nothing even remotely political or abrasive or impolite. In GitHub, many Microsoft critics get censored or even permanently banned/deplatformed (we covered examples in the past). So when one chooses GitHub for a project's hosting one already eliminates many people sceptical of Microsoft or the Microsoft way of "thinking".

Related: Sami Tikkanen Explains Rust Language and Its Goals

It's "the quest of Rusting everything for Total Control" by none other than Microsoft, says someone in IRC today.

How Rust’s standard library was vulnerable for years and nobody noticed

Other Recent Techrights' Posts

The EPO, Europe's Largest Patent Office, Admits Outsourcing to Microsoft Slop
Their sole goal is to make more money
The Better the Understanding or the More Nations Understand the Threat Posed by Microsoft, the Faster It'll be Eradicated
We believe that the thing to advocate is self-hosting and Free software... A lack of simplicity or absence of alternatives is a form of vendor lock-in
 
Microsoft's "FUD-as-a-Service" (Against Linux) Not Functioning Well
This is the kind of contribution companies like Microsoft and Google have to offer to society
Software Freedom is "Activism" Because the Corporate Agenda Revolves Around Bribery, Deceit, and Betrayal
At the end Software Freedom will win because it's on the same side as truth and lawfulness
Links 16/06/2025: EchoLeak and NASA Teaming up With India
Links for the day
A Week of Sunlight
They say transparency is like sunlight to a vampire
"Linux" Sites That Went Astray
there are even worse things than shutdowns
Links 16/06/2025: Climate, Wildfires, Breaches, and Monopolies
Links for the day
Links 16/06/2025: Summer in Finland and Misunderstandings
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 15, 2025
IRC logs for Sunday, June 15, 2025
Gemini Links 15/06/2025: Rainy Season and OpenDocument Format (ODF)
Links for the day
Links 15/06/2025: Military Games, Parade, and Actions
Links for the day
Links 15/06/2025: Windows TCO, Openwashing, and Wars
Links for the day
Gemini Links 15/06/2025: "AI Fatigue and Crappiness"
Links for the day
When Abusive Law Firms (Working for Microsofters Against Us) Assert That Someone Writing in Social Media About Himself is Confidential Information
There was no reason to throw "GDPR" into 2 SLAPPs; they know it, but the goal was to increase the cost of a Defence and lessen the incentive to challenge the SLAPPs
Microsoft Attack Dogs Against Watchdogs and Guard Dogs in Software
Last year Microsofters hired attack dogs or "guns for hire"
Slop Cannot Replace Domain Expertise
All this "AI" hype (it's not even intelligence, it's all a misnomer, as many of us have insisted all along) will fizzle and be written off as a failed experiment
IBM's Fresh 'PIPs' (Action Before Layoffs)
At times like these, even once-reputable employers resort to PIPs and other procedures/tricks for denial of workers' rights
Microsoft is a Problem Not Just for Denmark
Every country should consider what Denmark is doing, why Denmark is doing it, and then do the same
The Slopfarms' Self Detonation
If more sites like BetaNews go under, then maybe we can still salvage some of the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 14, 2025
IRC logs for Saturday, June 14, 2025
Links 14/06/2025: FDA Changes Priorities, Cassette Data Storage From The 1970s
Links for the day
Gemini Links 14/06/2025: Steam Next Fest and Thoughts on Gemini
Links for the day
Site/Datacentre Maintenance Next Week
speed things up
Bulgaria: GNU/Linux Near 10%
The Bulgarian market seems to be changing
I Never Spoke to BetaNews. But BetaNews Wants to Ensure I Never Will, Either.
Sometimes just the reluctance to talk about it can say a great deal
Throwing Money at Lawyers Can't Stop Us (It Never Did)
Even just trying to censor things can result in the opposite of the desired outcome
Online Search or Large Search Engines Aren't Working Anymore
business models that directly compete with interests of Web users
Holidays and Breaks
I've hardly taken any long breaks since I got married
Danish OpenDocument Freedom
"year of Linux"
Links 14/06/2025: Wars and L.A. Distortion Effect
Links for the day
BetaNews Has More or Less Died After Experiments With LLM Slop, Is Linuxsecurity Next?
It doesn't seem like BetaNews knows what it's doing, let alone what it talks about
Gemini Links 14/06/2025: Historic Ada Design and GeminiSpace.Club to Expire
Links for the day
Links 14/06/2025: India Plane Crash and Middle-Eastern War
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 13, 2025
IRC logs for Friday, June 13, 2025