Linux is a branch of development of the old unix class of systems. Unix is not necessarily open and free. FOSS is what is classified as open and free software. Unix since its inception was deeply linked to specific industrial private interests, let's not forget all this while we examine the use of linux by left minded activists. FOSS is nice and cool, but it is nearly 99.99% run on non-open and non-free hardware. A-political proposals of crowd-funding and diy construction attempts have led to ultra-expensive idealist solutions reserved for the very few and the eccentric affluent experimenters
Linux vs Windows is cool and trendy, is it? Really is it alone containing any political content? If there is such what is it? So let's examine it from the base.
FOSS, People, as small teams or individuals "producing as much as they can and want" offering what they produced to be shared, used, and modified by anyone, or "as much as they need". This is as much of a communist system of production and consumption as we have experienced in the entirety of modern history. No exchange what so ever, collective production according to ability and collective consumption according to need.
BUT we have corporations, some of them mega-corps, multinationals who nearly monopolize sectors of computing markets, creating R&D departments specifically to produce and offer open and free code (or conditionally free). Why? Firstly because other idiots will join their projects and offer further development (labor), contribute to their projects, for "free", but they still retain the leadership and ownership of the project. Somehow, using their code, without asking why they were willing to offer it in the first place, it is cool to use it as long as we can say we are anti/against/ms-win free.
Like false class consciousness we have fan-boys of IBM, Google, Facebook, Oracle, Qt, HP, Intel, AMD, ... products against MS.
Back when unix would only run on enterprise ultra-expensive large scale systems and expensive workstations (remember Dec, Sun, Sgi, .. workstations that were priced similarly to 2 brand new fast sportscars each) and the PC market was restricted to MS or the alternative Apple crap, people tried and tried to port forms of unix into a PC. Some really gifted hacking experts were able to achieve such marvels, but it was so specific to hardware that the examples couldn't be generalized and utilized massively.
Suddenly this genious Finn and his friends devised a kernel that could make most PC hardware available work and unix with a linux kernel could boot and run.
IBM saw eventually a way back into the PC market it lost by handing dos out to the subcontractors (MS), and saw an opportunity to take over and steer this "project" by promoting RedHat. After 2 decades of behind the scenes guidance since the projected outcome was successful in cornering the market, IBM appeared to have bought RH.
Are we all still anti-MS and pro-IBM,google,Oracle,FB,Intel/AMD?
The bait thrown to dumb fish was an automated desktop that looked and behaved just like the latest MS-win edition.
What is the resistance?
Linus Trovalds and a few others who sign the kernel today make 6figure salaries ALL paid by a handful of computing giants that by offering millions to the foundation control what it does. Traps like rust, telemetry, .. and other "options" are shoved daily into the kernel to satisfy the paying clients' demands and wishes.
And we, in the left are fans of a multimilioner's "team" against a "trilioner's" team. This is not football or cricket, or F1. This is your data in the hands of multinationals and their fellow customer/agencies. Don't forget which welfare system maintains the hierarchy of those industries whether the market is rosy or gray. Do I need to spell out the connection?
Beware of multinationals bearing gifts.
Yes there are healthier alternatives requiring a little more work and study to employ, the quick and easy has a "cost" even when it is FOSS.
.
is there telemetry in the kernel?
why is rust a trap?
rust and maybe go, in a way evade what open and free code really meant (which contains the characteristic of being self contained). Many rust written software demand to the minute release of dependencies, automatically drawn and utilized while you compile the piece of software. First there is no way you can audit this then at any given moment this drawn code can change affecting what you compiled, exponentially making it difficult to audit and certify as secure. It also transfers the responsibility to 2nd and 3rd parties of what the code contains, making it legally impossible for being responsible or being accused of creating back-doors and other weaknesses in software.
But it is modern and it is being pushed everywhere. In general, when you hear buzz words and terms, and technologies, making noise and be utilized everywhere be ware of the trojan.
Facebook which had contributed 0 to the FOSS community, suddenly released zstd which they bought from someone (or so they say) and made him rich. This FOSS within months was incorporated and utilized all across the linux community on very false data supporting its superiority, like publishing comparative compression/decompression numbers of multi-thread software vs a mandated single thread on the competitor. At the end nobody really even used this optimized condition under which zstd has a tiny superiority in speed while still lacking in space (compression/decompression software).
Someone and something drives this "rush", like gold in Columbia river advertised by tool merchants for gold diggers.
At least on the left we should have a bit more critical tendency than anti-windows fan boys clubs. The price you pay to have a usb stick automounted rw as a user automatically upon insertion is one of security and privacy. All this overhead instead of 5lines of script.
Most of the code written nowadays isn't self-contained. And basically it is impossible to do so. I mean, I guess you have some exceptions like the Linux Kernel itself and some low level utilities, but you use libraries and others people code everywhere. In that way, Rust is much better than most other options because it at least lets you pin your dependencies really easily. The idea that everyone who uses some code is auditing it is just ridiculous. You should be able to sure, and in some cases it might be a good idea to do so, at least for parts of your code. But if you are using Linux, did you audit the entire Linux source code? What about C standard libraries. Even just that would take a ridiculous amount of time.
I would also argue that rust isn't pushed everywhere, people just like it because it is a wonderful language. There are much more people who use it in their own projects than do it professionally for example.
I could understand your argument if it was based on how Rust is run, what licenses it uses etc. But this is rather baffling to me. Basically the only thing you mention is the issue of statically linked vs. dynamically linked.
With zstd again not really sure what you are even trying to say. That Facebook had impact on what is used? Ok, so? Zstd is completely open source and if someone decided to use it, that is up to them. I am pretty sure that every software I used that uses zstd also let me use another compression algorithms. And from what I found zstd in some cases is superior to alternatives, but feel free to provide sources, I am sure that I could be incorrect.
yes, you always have some dependencies, even in the lowest form of linux utilities, there is a c library usually (glibc or musl) but the dependencies needed you choose and provide and are specific. Here we have a dynamic process that draws (not always but sometimes) the latest commit from someone's git as a dependency, and a minute later I try to build the same, someone pushes a commit replacing the previous change, and my package builds as well. The two results are not identical, one may contain a backdoor, and we didn't even notice a difference.
When you build from glibc 2.3.4 and I build from the same, it IS the same.
Basically no one uses rust with dependencies from git. Except in some cases when you are working with very unstable software. Everyone just uses versions that are published to crates.io. If you are concerned about reproducibility that is a valid concern but for that cargo is pretty good, or you can use things like nix.
Who says the distribution of glibc 2.3.4 you and I have are the same? It only depends on where you got it from. And even then we can build it with different flags etc. Not really sure how rust is worse in that one. On the contrary, usually when you build software in C/C++ you dynamically link. So you have no idea what version of libraries someone is using or where they got it. In that sense, Rust's approach is actually safer.
Classic trash facebook kind of reaction, dismiss 99points of content so you can show off you can be right on a tiny detail of this one point, nearly irrelevant to the post.
There is an official source for glibc, a specific edition is a specific edition, or a specific commit is what it is, you package it and use it stating the exact source and ver/commit. This DOES NOT change. You don't necesseraly have such control in rust, someone else does. If you don't have reproducability in FOSS it is not really FOSS, it is quick sand and blurry picture painting. If this one application later seems to have a bug you can't really tell whether it is its own bag or some of its dependencies and you will not find 2 systems in the universe that can be identical, because of the crappy rust builds.
Let's get back on topic. Rust is interesting because it is an anormous amount of people working on it, have enormous support by coprorations, are proped by media hype (corporate media hype) ... and just like in the recent past, hide behind a "non-profit" foundation, some large corporation has in its pocket to make it look like FOSS.
Please try to think without reproducing corporate media hype served to the eternally dizzy.
Yes, there is an official source for glibc, but there are also official sources for every single rust package. And yes when you build rust application you pin your dependencies to specific version, you create lock files that even check sha of the source. It seems to me you have never actually used Rust to be honest. If you take your Rust application and build it on two machines using the same lock file, you will get the same result (at least in regard to dependencies).
And even if it didn't, what is your point? C libraries have literally zero mechanisms to control reproducibility. Anything Rust does is better in this way. Currently, there is almost no way to guarantee reproducibility in language. I really wonder why you only take an issue with Rust in this regard and not every C/C++.
There is an argument for reproducibility, but in that case you should hold every project/language to the same standard.
Rust is mainly interesting because it is a really nice language to work in. For example, it is most loved language in stackoverflow surveys for like 7 years in a row. There is a reason for that, it solves many issues of other languages (such as C/C++) while also being much easier to use and provides good performance. You do realize that, for example, lemmy is written in Rust? I would certainly not consider its developers to be part of corporate media.
I would really like to see your sources for the fact that the only reason why Rust is used is corporate media hype. That is something you will have to proof for this argument to hold any weight.
Your point about support by corporation is also not really relevant. Unfortunately, in our current capitalistic system, that is true for basically any programming language/project. There aren't that many projects that have no corporate sponsors. You can have issues with how Rust is run, but that doesn't mean that it is not FOSS. Give some concrete reasons why it is not FOSS other than Rust Foundation (which just holds things like trademarks etc.) has corporate sponsors.
If you don't like Rust, that is fine, but you should provide some evidence for your claims.
I don't have to provide you with an ounce of energy to prove anything to you, when within an m-l community you see nothing of interest in the difference between 2-3 friends writing and providing FOSS and a multinational corporation that strives in selling systems and software providing FOSS. libudev-zero is FOSS, seatd is FOSS, systemd is just a maze of IBM's control on FOSS.
Why isn't s6 receiving any corporate support? By far it is the most superior init system we know. It is portable everywhere and 101% reliable. It has no "will not fix" bugs larking for years. As far as we know s6 has only had a personal offer for the developer to become a highly paid google executive/employee (probably with a huge gallera of programmers in his command). To which offer he wrote a public NO response.
Again, I feel really surprised having to explain such things in such a community, which means that theory and ideology is trapped in a little compartment labeled "political philosophy" hobby, in all other matters we are just day to day liberals with tax-right outs.
Poor Pol Pot must be rolling in his grave, as a figure of speech since decomposing organic matter doesn't move much. His revolver may still be useful though to a blue collar worker or industrial farmer.