in other news: software has bugs
Not my software.
No tests, no users, no bugs.
see Ivan? Dead code cannot have bugs
The other day o spent a bunch of time carefully dissecting and then rewriting some code from the guy before me.
Turns out that code was never used, he just didn’t remove it or comment it out.
That was a good use of a couple hours.
One of the new devs spent a week refactoring some code that was removed from main the same day he checked out. We told him to focus on a specific set of scripts, but he wanted to go there extra mile. Poor soul
I’ve spent days on trivial mistakes so a couple of hours mean nothing to me
It’s not a bug, it’s in production so it’s a feature
Changelog version 0.15.2
- Fixed typo
- Addressed excessive memory usage
- Introduced the ability to retrieve password from memory
Mozilla, where Rust was originally conceived, have already talked about this risk factor ages ago when they were still working on Servo. Reimplementing battle-tested software in a different language can result in logic bugs being introduced, which no programming language can really prevent. Many times they will actually reintroduce bugs that have already been historically fixed in the original implementation. This doesn’t invalidate the benefits of moving to a very memory safe language, it just needs to be taken into consideration when determining whether it’s worth the risk or the effort.
Honestly I have no idea whether sudo-rs is a good idea or not, but I have my doubts that any of the other people (especially the very vocal kind) chiming in on this do. Any time Rust is involved in the Linux community, a lot of vocal critics with very little knowledge of the language or programming in general seem to appear.
This is why its generally better to only write new code in more memory safe langs instead of rewriting everything
The counterpoint is that, especially with FOSS that does not receive much (if any) corporate backing, developer retention and interest is an important factor.
If I’m donating some of my free time to a FOSS project I’d rather not slug through awful build systems, arcane mailing lists, and memory unsafe languages which may or may not use halfway decent - often homebrew - manual memory management patterns. If the project is written in Rust, it’s a pretty clear indicator that the code will be easily readable, compilable, and safer to modify.
I do think there are long-term benefits in many cases, it just depends on available resources. There are plenty of projects that desperately need a rewrite for maintenance reasons alone so you might as well examine if language switch is worth it. It’s not like there aren’t a lot of success stories, even if there’s projects like sudo-rs where we’re, at best, not sure if there’s tangible benefits.
It’s a generally applicable lesson in why it’s NOT a good idea to change things for the sake of it though (chesterton’s fence, but where most of the actual bits of fence are invisible).
I think a key difference is that firefox is a eternally evolving codebase that has to do new stuff frequently. It may have been painful but it’s worth it to bite the bullet for the sake of the large volume of ongoing changes.
For sudo/coreutils, I feel like those projects are more ‘settled’ and unlikely to need a lot of ongoing work, so the risk/benefit analysis cuts a different way.
There’s still nothing wrong with reimplementations. It’s like saying don’t build houses because you’ll have to make repairs.
It’s more like saying “why tear down that house and try to build one just like it in the same spot?”
So the conversation goes:
“when it was first built, it had asbestos and lead paint and all sorts of things we wouldn’t do today”
“but all that was already fixed 20 years ago, there’s nothing about it’s construction that’s really known to be problematic anymore”
“But maybe one day they’ll decide copper plumbing is bad for you, and boy it’ll be great that it was rebuilt with polybutylene plumbing!”
Then after the house is built it turns out that actually polybutylene was a problem, and copper was just fine".
I feel like that comparison is a bit skewed, given that the original house (sudo, without the rs) was never torn down.
Furthermore, rather than something easily replaceable or shallow, the language used is pretty integral to the software. Rather than paint, it would be like the building is made with untreated timber for framing. There might be termites that threaten the integrity of the building.
If the building is unimportant you may not bother with the cost. But if it is somewhat important, reconstructing with better materials could be worth it even if new mistakes could be made during construction.
I don’t know.
Where can I download a house?
You wouldn’t…
Hey, I say that a lot when people ask me if I would buy a house instead of an appartment.
Canonical should really wake up and stop thinking that rewriting in rust is a magical way to remove bugs.
Sure the rust rewrite will surely be easier to maintain and less error prone (Assuming the code is idiomatic), but you can’t rewrite software maturity.
They should put it behind a checkbox instead of shoving it down anyone’s throat. They are literally testing in prod
We have yet to see if they’ll stick to the Rust implementations for 26.04. If you’re running non-LTS Ubuntu in prod, that’s not on Canonical…
If we expect software like sudo to stick around for decades to come, a transition phase like this might very well be worth the investment.
IMO if you’re running Ubuntu at all in prod you already fucked up.
Real professionals use LFS, obvs
Oh dear god I think you are joking but I know people who seriously do LFS as their production setup and get pissy anytime people say they are doing it wrong if they want to work with anyone else in the industry.
PSA: If you think that people use Rust because it lets you write without bugs do yourself a favor and don’t comment on anything Rust related. You will avoid sounding stupid.
I think the criticism is more about deciding to try to re-implement a long standing facility in rust that has, by all accounts, been ‘finished’ for a long time.
About the only argument for those sorts of projects is the resistance to the sorts of bugs that can become security vulnerabilities, and this example highlights that rewrites in general (rust or otherwise) carry a risk of introducing all new security issues on their own, and that should be weighed against the presumed risks of not bothering to rewrite in the first place.
New projects, heavy feature development, ok, fine, Rust to make that easier. Trying to start over to get to the same place you already are, needs a bit more careful consideration, especially if the codebase in question has been scrutinized to death, even after an earlier reputation of worrisome CVEs that had since all been addressed.
In other comment I linked two vulnerabilities in sudo discovered in 2025, one of which was “hiding” for 12 years. So yeah, “finished” for a long time…
Finished means it’s feature complete according to the specification and feature frozen. It says nothing of bugs. Bugs are ethereal qualities, subject to opinion and criteria chosen for triage. Sudo is finished, it does what is meant to do. Does it do it bug free? For the most part it does. Doesn’t mean there aren’t any bugs left. But no new bugs are expected to be introduced by active development. Any bugs that arise, and it has been the case for a long time, will be old bugs that haven’t been discovered yet.
no, I think people who write comments along the lines of “C bad, Rust good, why use C” are idiots. And if that makes me sound stupid - oh, well. Like I ever cared
Both things can be true and I’ve seen way way more comments along the lines of “there are bugs in Rust so it’s pointless” then “don’t use C”.
True. How dares anyone touch holy graal of C :)
I am one of the people that believe in the technical superiority of rust.
What differentiates me though, is that I also believe in the superiority of C, the superiority of Java, of Javascript, ALL WITHIN THEIR RELATIVE DOMAINS HAVE STRENGTHS AND WEAKNESSES.
I like my crypto libraries in C. I like my desktop applications in rust and I like my web pages with simple, hand-written javascript. Or none is fine too.
I think it’s an acceptable choice to use rust for core utilities, though not necessarily exclusively, but I think we’re a far way off, where we should widely adopt it. It’s not very mature yet.
What? New software doesn’t have the same level of battle testing that 30 year old software, with billions of deployments had? What does that matter? It’s memory safe, guys! That means it can’t have any bugs!
I don’t think I’ve seen more vocal sponsors of any language except Rust. With the high barrier to entry and relatively greater developer effort, I am curious to see what place it occupies in over the long term.
I think Rust applications requires lower developer effort than C. C is a simpler language, but that means more work for developers to build their applications on it. The “rewrite everything in Rust” thing does seem weird though. I personally like the more elegant languages like Haskell, but I guess those aren’t really systems programming languages.
Sometimes an old legacy project have things that are dated but also years and years of bug fixes, improvements many not really documented. Starting a new project to replace it, will have regressions it’s impossible to not
And it was a memory bug even. Just not a very common one.
Inb4 the same bug also exists on the original
