Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.vms > #378785

Re: No Country for Old System Administrators

From cross@spitfire.i.gajendra.net (Dan Cross)
Newsgroups comp.os.vms
Subject Re: No Country for Old System Administrators
Date 2026-05-07 14:22 +0000
Organization PANIX Public Access Internet and UNIX, NYC
Message-ID <10ti76v$9t7$1@reader1.panix.com> (permalink)
References <10t685f$2ilti$1@dont-email.me> <10tft85$hu8$1@reader1.panix.com> <zvadnQ3POdq2nGH0nZ2dnZfqnPednZ2d@giganews.com> <10ti0vj$21brr$1@dont-email.me>

Show all headers | View raw

In article <10ti0vj$21brr$1@dont-email.me>,
Simon Clubley  <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote:
>On 2026-05-06, Dennis Boone <drb@ihatespam.msu.edu> wrote:
>> > I don't think you understand the point.  It is being claimed,
>> > without evidence, that the directions for installing `rustup`
>> > are a "security issue."
>>
>> The problem here isn't really rustup.  A better objection to "curl|bash"
>> is that it normalizes a habit of failing to think critically and act
>> carefully.
>
>And that is _exactly_ the point I am making.

Is it, though?  It sounds like you're making a specious claim
about a group of people asserting something that they are not
actually saying, and then using their recommended method for
installing a toolchain as evidence for a conclusion you drew
from that strawman.

>This is what I see on that installation page:
>
>|Using rustup (Recommended)
>|
>|It looks like you're running macOS, Linux, or another Unix-like OS. To
>|download Rustup and install Rust, run the following in your terminal,
>|then follow the on-screen instructions. See "Other Installation
>|Methods" if you are on Windows.
>|
>|curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
>
>I never even read that other page because they said it was for Windows
>but I now see they have actually been forced to say the exact same thing
>as I have just done (but they have buried it on something they described
>as a Windows-only page).

The text at the bottom of that page says:

|Other installation methods
|
|The installation described above, via rustup, is the preferred
|way to install Rust for most developers.  However, Rust can be
|installed via other methods as well.
|
|[LEARN MORE](https://forge.rust-lang.org/infra/other-installation-methods.html)

Nothing in that text says, "windows only."

>I stand by my original comments, especially after reading that "Windows"-only
>page.

Presumably you are referring to the part of the text that you
quoted above that reads, "See 'Other Installation Methods' if
you are on Windows."

First, that does not say "only if you are on windows."  It
merely says that if you're using Windows, do this instead of
that.  No one is forcing you to use rustup if you don't want to
or do not feel comfortable doing so.

Second, if you are serious about security, and want to approach
it with the mental mindset you are advocating, shouldn't you
read more than the first paragraph of the installation
instructions?

>I also stand by my approach that security is a frame of mind, and which
>cannot be replaced by some claimed "magic" tool. Tools can help (and are
>required), but that's all they can do (and they are not magic).

So you have traced the the source-level provenance of all
software running on your computer and audited it for bugs,
right?  :-D

Jokes aside, you seem to be implying that someone has suggested
that e.g. Rust is a "magic tool" for solving security problems
and that it can replace one's mental model of security.  I don't
think anyone in a position of authority with respect to Rust has
ever said that.

The claims they do make are that the requirements imposed by
using the safe subset of Rust eliminate several categories of
common programming errors related to type and memory safety.  To
the extent that intersects with "security" at all, those errors
are frequently associated with security vulnerabilities, and so
programs written in safe Rust are free from those kinds of
vulnerabilities as a side-effect.  Furthermore, safe rust and
the standard library provide enough functionality for the vast
majority of programming needs; most Rust programmers will never
have to type `unsafe` into a program in their careers.

But it does not follow that Rust programs are free from _all_
security vulnerabilities, and no one claims that they are; at
least no one who understands these things at more than a cursory
level[*].

You can obviously write Rust programs with security
vulnerabilities.  And rust is not perfect: I could go into some
of the problems that _I_ see in the language, if you like, but
I'm striving for brevity here.

I realize that the claims mentioned above are bold, and I truly
believe that one _should_ approach them with a healthy dose of
skepticism (I did and I'm glad for it).  But to dismiss Rust, or
anything for that matter, out of hand because you don't like the
recommended toolchain installation process is not skepticism.

I encourage you to look at an alternative installation method
and explore it for yourself before drawing conclusions.

	- Dan C.

[*] An admitted problem with the larger Rust ecosystem is that
it tends to attract rabid Lawrence-style fanboys who oversell it
and make specious claims about its capabilities; these do not
stand up to scrutiny.  But that is not the fault of the language
any more than it is Linux's fault that Lawrence is so obnoxious
and uninformed in his advocacy for it.  In any event, "there are
people who like this and behave like jerks about it on the
Internet, therefore it must suck" is poor logic.

Further, without making an effort to understand the presumed
threat model, asserting that the installation process is
evidence of "bad security" or a cavalier attitude towards
security from the larger project, is specious at best.

Back to comp.os.vms | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

No Country for Old System Administrators Subcommandante XDelta <vlf@star.enet.dec.com> - 2026-05-03 11:25 +1000
  Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-02 22:08 -0400
    Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-03 06:43 +0000
    Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-04 01:02 +0000
  Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-03 06:45 +0000
    Re: No Country for Old System Administrators bill <bill.gunshannon@gmail.com> - 2026-05-03 08:59 -0400
      Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 11:53 -0400
      Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 12:10 -0400
        Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 13:24 -0400
          Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 19:27 -0400
            Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 20:28 -0400
              Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-04 02:26 +0000
                Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-03 22:46 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 23:29 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 23:39 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-04 11:17 -0400
        Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-04 02:24 +0000
        Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 13:02 +0000
          Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-05 16:10 -0400
            Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 16:29 -0400
              Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-05 21:59 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 18:43 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-05 23:04 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:13 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:41 -0400
                Re: No Country for Old System Administrators kludge@panix.com (Scott Dorsey) - 2026-05-05 21:47 -0400
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 22:17 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-06 04:17 +0000
                Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-06 09:29 -0400
                Re: No Country for Old System Administrators Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-06 21:20 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 12:55 +0000
                Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-06 12:46 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 17:36 +0000
              New language features Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-06 12:44 +0000
      Safer programming languages Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 12:24 +0000
    Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-03 13:28 -0400
    Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-05 12:59 +0000
      Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-05 21:30 +0000
        Re: No Country for Old System Administrators Arne Vajhøj <arne@vajhoej.dk> - 2026-05-05 19:05 -0400
          Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-06 17:20 +0000
            Re: No Country for Old System Administrators drb@ihatespam.msu.edu (Dennis Boone) - 2026-05-07 03:04 +0000
              Re: No Country for Old System Administrators Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2026-05-07 12:36 +0000
                Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-07 14:22 +0000
              Re: No Country for Old System Administrators cross@spitfire.i.gajendra.net (Dan Cross) - 2026-05-07 13:00 +0000

csiph-web