#rust
Réalisation à partir de ferrailles pêchées à l'aimant.
#photo #photographie #foto #photography #art #myphoto #mywork #vincentpample #pechealaimant #fer #iron #rouille #rust
Open Source is about enabling users "Amazon, Microsoft, Google" and the White House, want to help make Open Source more secure... [caption id="attachment_26251" align="alignnone" width="430"] https://www.youtube.com/watch?v=U-8KopUKMzA\[/caption\] https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: "White House OSS Mobilization Plan" 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: "The OpenSSF is[...]
#linux #gnu #gnulinux #opensource #administration #sysops #dev #c #development #rust #go #google #security #itsec #cybersec #cybersecurity #kernel #linus #torvalds #mozilla #licence #licencing #patents #patent
Originally posted at: https://dwaves.de/2022/05/16/rust-vs-go-open-source-is-about-enabling-users-rust-lang-will-complement-c-around-the-gnu-linux-kernel-for-better-safety-amazon-microsoft-google-and-the-white-house-want-to-make-open-sour/
Independent public audit of Vodozemac, a native Rust reference implementation of Matrix end-to-end encryption
Open Source is about enabling users
“Amazon, Microsoft, Google” and the White House, want to help make Open Source more secure…
- https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html
-
- src of src: “White House OSS Mobilization Plan”
- 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/
- 2020: “The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by:
- building a broader community with targeted initiatives and best practices
- It combines efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.
- Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.
- Open source software has become pervasive in data centers, consumer devices and services, representing its value among technologists and businesses alike.
- Because of its development process, open source that ultimately reaches end users has a chain of contributors and dependencies.
- It is important that those responsible for their user or organization’s security are able to understand and verify the security of this dependency chain.” (src linuxfoundation.org)
so far so good eh?
How will this exactly play out? What will be the “modi operandi”? (Pentagon & JP Morgan Bank, are interested in making the software supply chain more secure, as the IT of banks (!!!) not very good (say the banks THEMSELVES (that fired a lot of IT staff to save on money))
Just an idea for the govs & big corps with the money:
- put up a “Open Source” “kickstarter” like website
- where companies & gov can put up their requirements
- Open Source developers either accept to tackle those requirements
- or:
- post their own projects & investors can allocate their resorces to Open Source
- ABSOLUTE transparency is critical here, not a “pay to play” “taking power” “taking over” “Open Source” “influencing” sealing deals behind closed doors.
long version:
https://peertube.co.uk/w/jKvQozs7xDqpQvbwQFdKbF
The Star Trek economy: will it ever exist?
Afaik Dutch historian Rutger Bregman confirms in his book “Humankind: A Hopeful History” (BE WARNED: it is a realist’s thriller!), that “the nature” of humans (also under constant development), is as such, that only a small percentage are reckless “psychopaths”,
the majority of mankind rather wants to help each other, than shoot each other.
Rust “second in command” around the GNU Linux Kernel
Because Rust lang promises improvements around cyber/itsecurity (no more buffer over/underruns), it might become “second in command” around the Kernel.
The cons: Rust is more C++ than C, which might be a problem for the (long term) C nerds.
Unless (Linus?) & Greg (or someone else) wants to develop a brand new “C” “2.0” lang + compiler designed around security…
Unless Google wants to change it’s Go lang licence…
…Rust it is.
Is Go (a more C like) alternative?
(2018: developer Voit wrote a Network driver (GNU Linux kernel module) in Go)
https://www.net.in.tum.de/fileadmin/bibtex/publications/theses/2018-ixy-go.pdf
C ixy vs Go ixy: performance (only) “10% slower then the C implementation under optimal circumstance” (optimal meaning: system’s CPU needs fast single threading)
“One of the biggest problem during development was low-level memory management.”
“Specifically register access has proven itself to be difficult in Go”
“On the other hand we were surprised about the garbage collection.”
“Originally named as the reason why Go is nor suited for systems programming, our analysis has proven otherwise”
“easier to read and does not require much understanding of the language itself in order to understand the code, especially compared to some C constructs like function pointer, pointer casting and other more intricate operations” (src)
the Go lang licencing MumboJumbo:
“Copyright (c) 2009 The Go Authors. All rights reserved.”
“Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
“AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.”
that’s not all… there is more licencing mumbojumbo for all those Free Software Foundation & lawyerzzz:
‘Additional IP Rights Grant (Patents)’
‘”This implementation” means the copyrightable works distributed by Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import, transfer and otherwise run, modify and propagate
the contents of this implementation of Go,
where such license applies only to those patent claims,
both currently owned or controlled by Google and acquired in the future,
licensable by Google that are necessarily infringed by this implementation of Go.
This grant does not include claims that would be infringed only as a consequence of further modification of this implementation.
If you or your agent or exclusive licensee institute or order or agree to the institution of patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that this implementation of Go or any code incorporated within this implementation of Go constitutes direct or contributory patent infringement,
or inducement of patent infringement, then any patent rights granted to you under this License for this implementation of Go shall terminate as of the date such litigation is filed.’
src: https://raw.githubusercontent.com/golang/go/master/PATENTS
While the sources of the Go lang are indeed accessible via github, it’s licence is neither GPL 2.0 nor GPL 3.0 nor Apache licence nor MIT licence and thus questionable if:
- Google can be trusted (?)
- the Go lang licence is “compact” but (currently) not at all Open Source compatible (not a word about if modifcations are allowed)
- why did Google not simply pick a “well known” Open source licence? https://opensource.org/licenses
One fine day, Google might to decide, to change the licence, and from this to:
- stop providing the (latest) source code (the old one yes, not the new one)
- re-distribute Go only in it’s binary form
- charge licence fees for it’s usage
- it is called: “building up dependencies, then cashing in on something that used to be free” (as Oracle did with Java)
- until it was out of the testing-phase
- and every developer and every company was using it/became dependant on it
- it is called: “building up dependencies, then cashing in on something that used to be free” (as Oracle did with Java)
Next problem: Rust (src here) was started by Mozilla, is used by Mozilla for Firefox, but Mozilla has build up financial dependencies to Google.
(Rust in contrast is licenced under MIT & Apache licence https://www.rust-lang.org/policies/licenses)
While this is all not really: K.I.S.S (the UNIX philosophy of Keep it Super Simple)
No dispair, just do your best.
Sticking to the default?
The problem is that systems designed & “Made in the 1970s” (C compiler, Phones, Mail), were not designed around security (because it was not really a problem in those days).
So…
- unless Google won’t change the Go lang licence to something Open Source compatible
- unless Linus & Greg or someone else wants to build a C 2.0 around security, Rust is it.
The Go lang licencing problem is the ZFS Oracle licencing problematic all over again:
In other words: Licences (money) have more than once, instead of enabling developers & users, have hindered developers & users.
Another company that M$ successfully killed by buying it…
Another example how Microsoft successfully made this planet worse:
IT WAS AN EXCELLENT learning platform, with high quality video learning courses with…
- 2000 courses in German
- 1200 courses in Spanish
- 1300 courses in French
- 500 courses in Japanese (as of September 2017)
- 0 in English? (a bit strange, but this company was from Austria and has focused on the EU market, that might be one reason)
Microsoft bought it up… now it is… dead? MS killed it. #wtf?
Now a high quality Video2Brain Rust videos would be needed (luckily – again – Youtube volunteers are chipping in THANKS! (MS maybe transfer some money to them? eh? thanks!))
PS: so that’s my take, could not ask that question via…
stackoverflow.com and serverfault.com suck and DESPERATELY needs competition
#linux #gnu #gnulinux #opensource #administration #sysops #dev #c #development #rust #go #google #security #itsec #cybersec #cybersecurity #kernel #linus #torvalds #mozilla #licence #licencing #patents #patent
Originally posted at: https://dwaves.de/2022/05/16/rst-vs-go-open-source-is-about-enabling-users-rust-lang-will-complement-c-around-the-gnu-linux-kernel-for-better-safety-amazon-microsoft-google-and-the-white-house-want-to-make-open-sourc/
dheijl/swyh-rs: Stream What You Hear written in rust, inspired by SWYH.
swyh-rs implements the idea behind the original SWYH (see https://www.streamwhatyouhear.com/, source repo https://github.com/StreamWhatYouHear/SWYH) in Rust. It allows you to stream the music you're currently playing on your PC (Windows and Linux supported) to an UPNP/DLNA/OPenHome compatible music player (a "Renderer").
practical little tool to stream the whole audio from the desktop
#rust #windows #linux #audio #dlna #chromecast
Erste Entscheidung im Fall Baldwin | DW | 21.04.2022
Vor sechs Monaten wurde Kamerafrau Halyna Hutchins am Set des Westerns "Rust" erschossen. Produzent und Hauptdarsteller Alec Baldwin steht seither in der Kritik. Nun gibt es eine Geldstrafe - wegen Fahrlässigkeit.#AlecBaldwin #Rust #HalynaHutchins #Western
Erste Entscheidung im Fall Baldwin | DW | 21.04.2022
So it ended up that all cool history to have #rust into the #Linux kernel to improve security and yada yada... It was just the another excuse to erase the #GPL from the #GNU #coreutils and therefore removing the world GNU from Linux and settling up, once and forever, the eternal dilemma about Linxu vs GNU/Linux.
Congratulation folks, the creativity and the effort you put to deceive users to and to obliterate the GNU components in everything related with #opensource is unprecedented! 👏👏👏
Rust-Written Replacement To GNU Coreutils Progressing, Some Binaries Now Faster - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Rust-Coreutils-Jan-2022
Пишем код на языке RUST
Канал Russian OSINT и интервью с Аркадием Бухом: https://www.youtube.com/watch?v=pzQI1aDnJAc
Мой код и сопутствующие ссылки: https://t.me/black_triangle_tg/2030
=======
"Спасти мир" и поддержать канал можно тутЬ:
DonatePay: https://new.donatepay.ru/@triangle
Анонимно криптовалютами: https://notabug.org/Black_Triangle/safe_world
=====
https://t.me/aliexpress_hacker - хакерское с AliExpress
https://t.me/komp_ali - компьютерное барахло с Ali
https://t.me/hi_anon - личный блог
https://t.me/open_source_friend - интересный софт
▲ https://www.youtube.com/channel/UCYf_gVlTuMFodRQDsxUdAYg
Пишем код на языке RUST
#lang_ru #ru #чёрныйтреугольник #blacktriangle #чёрный_треугольник
Rust Dev Lang - how to view onboard html based documentation (man page) - The Rust Standard Library
# will open [file:///home/user/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/share/doc/rust/html/std/index.html](file:///home/user/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/share/doc/rust/html/std/index.html) in browser
<span style="color: #00ffff;">rustup doc --std
</span>
which looks like:
of course there is an online version: https://doc.rust-lang.org/std/
#linux #gnu #gnulinux #opensource #administration #sysops #rust #rust-lang #rustlang #devrust #rustdev
Originally posted at: https://dwaves.de/2021/12/27/rust-dev-lang-how-to-view-onboard-html-based-documentation-man-page-the-rust-standard-library/