Trifecta Tech Foundation - Blog & News

Three years of Rusty sudo

Marc Schoolderman — Fri, 24 Apr 2026 00:00:00 +0000

Almost three years ago, sudo-rs was announced to the world</a>. Just last week, it became the default sudo</code> implementation in the Ubuntu LTS release Resolute Raccoon</a>. Now is a good time to reflect.

Rust should have stable tail calls Folkert de Vries — Tue, 14 Apr 2026 00:00:00 +0000 Tail calls in Rust have been talked about for a long time, but especially from the outside it looks like very little progress has been made. Let's change that! Fixing our own problems in the Rust compiler Folkert de Vries — Mon, 30 Mar 2026 00:00:00 +0000 In our data compression projects, we use Rust where C is traditionally used. During the work, we've hit limitations in Rust itself and in the surrounding tooling. Over the years, we've become increasingly comfortable with fixing these issues ourselves. Ubuntu to adopt ntpd-rs as the default time synchronization client and server Erik Jonkers — Thu, 26 Mar 2026 00:00:00 +0000 March 26, 2026 – Ubuntu is set to adopt ntpd-rs by default. We're thrilled to announce that in upcoming releases, Ubuntu will be adopting ntpd-rs as the default time synchronization client and server. Video: Securing time with NTS (FOSDEM26) Unknown — Sun, 01 Feb 2026 00:00:00 +0000 The Network Time Protocol is generally used completely unprotected, much like the web was before HTTPS. Ruben explains how we aim to push adoption of secure time (NTS) using pools of NTS servers. zlib-rs: a stable API and 30M downloads Folkert de Vries — Tue, 27 Jan 2026 00:00:00 +0000 Since the first release in April 2024, zlib-rs has come a long way. It has seen major adoption over the last year, and, we're proud to say, is now feature complete. We've released zlib-rs 0.6, the first version with a stable and complete API</a>. Video: sudo-rs and beyond (Ubuntu Summit 25.10) Marc Schoolderman — Tue, 13 Jan 2026 00:00:00 +0000 After sudo-rs was included in the 25.10 release of Ubuntu</a>, Marc was invited to the Ubuntu Summit to talk about the design choices that shaped sudo-rs. You can now watch the recording of the talk. Calling for memory safety incentives in EU cybersecurity policies Hugo van de Pol — Wed, 17 Dec 2025 00:00:00 +0000 Today we publish the statement "Improving Europe's cybersecurity posture through memory safety", calling on European and national policymakers to provide clear incentives and support for the large-scale adoption of memory-safe technology. Emulating avx-512 intrinsics in Miri Folkert de Vries — Tue, 09 Dec 2025 00:00:00 +0000 Recently we've started work on using more avx512</code> features in zlib-rs</a>. The avx512</code> family of target features provides SIMD intrinsics that use 512-bit vectors (double the size of avx2</code>, which uses 256-bit vectors). These wider intrinsics can speed up certain algorithms dramatically. Support the call for Memory Safety incentives in EU cybersecurity policies Hugo van de Pol — Wed, 12 Nov 2025 00:00:00 +0000 With the upcoming Cyber Resilience Act in the EU mandating a secure-by-design development process, we urge organisations and individuals to support our statement "Improving Europe's cybersecurity posture through memory safety". Canonical releases Ubuntu 25.10 with sudo-rs as the default sudo Unknown — Thu, 09 Oct 2025 00:00:00 +0000 Canonical announced the release of Ubuntu 25.10, codenamed "Questing Quokka". The introduction of Trifecta Tech Foundation's memory-safe sudo delivers many benefits compared to the traditional implementation. For users, a reduced attack surface in the sudo tool will improve Ubuntu’s overall security posture. Frequently Asked Questions about sudo-rs Marc Schoolderman — Tue, 07 Oct 2025 00:00:00 +0000 With sudo-rs coming to Ubuntu 25.10</a>, the core team has collected and published the Frequently Asked Questions about sudo-rs. They will be updated if user curiosity calls for it. Improving state machine code generation Folkert de Vries — Tue, 09 Sep 2025 00:00:00 +0000 Over the past couple of months, Björn and I have been working on improving state machine code generation</a> in the rust compiler, a rust project goal for 2025H1. In late June, PR 138780</a> was merged, which adds #![feature(loop_match)]</code>. ntpd-rs now supports version 5 of the Network Time Protocol Ruben Nijveld — Fri, 11 Jul 2025 00:00:00 +0000 Our Network Time Protocol implementation, ntpd-rs</a>, now provides experimental support of NTP version 5. It is available in the latest release</a>. bzip2 crate switches from C to 100% rust Folkert de Vries — Tue, 17 Jun 2025 00:00:00 +0000 Today we published bzip2</code> version 0.6.0</code>, which uses our rust implementation of the bzip2 algorithm, libbz2-rs-sys</code>, by default. The bzip2</code> crate is now faster and easier to cross-compile. SIMD in zlib-rs (part 2): compare256 Folkert de Vries — Mon, 26 May 2025 00:00:00 +0000 In part 1</a> of the "SIMD in zlib-rs" series, we've seen that, with a bit of nudging, autovectorization can produce optimal code for some problems. But that does not always work: with SIMD clever programmers can still beat the compiler. Memory-safe sudo to become the default in Ubuntu Erik Jonkers — Tue, 06 May 2025 00:00:00 +0000 May 6, 2025 – Ubuntu 25.10 is set to adopt sudo-rs by default. Sudo-rs is a memory-safe reimplementation of the widely-used sudo</code> utility, written in the Rust programming language. SIMD in zlib-rs (part 1): Autovectorization and target features Folkert de Vries — Tue, 15 Apr 2025 00:00:00 +0000 I'm fascinated by the creative use of SIMD instructions. When you first learn about SIMD, it is clear that doing more multiplications in a single instruction is useful for speeding up matrix multiplication. But how can all of these weird instructions be used to solve problems that aren't just arithmetic? Translating bzip2 with c2rust Folkert de Vries — Mon, 10 Mar 2025 00:00:00 +0000 Over the past couple of months we've been hard at work on libbzip2-rs</a>, a 100% Rust drop-in compatible implementation the bzip2 compression and decompression functionality. zlib-rs is faster than C Folkert de Vries — Tue, 25 Feb 2025 00:00:00 +0000 We've released version 0.4.2</a> of zlib-rs</a>, featuring a number of substantial performance improvements. We are now (to our knowledge) the fastest api-compatible zlib implementation for decompression, and beat the competition in the most important compression cases too. Trifecta Tech Foundation joins Nonprofit Cyber Unknown — Mon, 24 Feb 2025 00:00:00 +0000 The first coalition of cybersecurity nonprofits focused on tangible results welcomes the addition of four new members: PuntoGal, Internet Security Research Group, Trifecta Tech Foundation, and The Retired Investigators Guild. The fastest WASM zlib Folkert de Vries — Tue, 19 Nov 2024 00:00:00 +0000 This year we started work on zlib-rs</a>, an implementation of Zlib</a> in Rust, with the goal of maintaining excellent performance while introducing memory safety. Trifecta Tech Foundation is the new home for memory safe zlib Erik Jonkers — Thu, 07 Nov 2024 00:00:00 +0000 Today we're pleased to announce that the recently developed open source memory safe implementation of zlib – zlib-rs</a> – initiated by ISRG's Prossimo project</a> now has a new long-term home at our Trifecta Tech Foundation. Enabling pools in NTS Ruben Nijveld — Wed, 30 Oct 2024 00:00:00 +0000 We previously talked about how secure time is required for a safe internet</a>. We mentioned how we want to increase the adoption of NTS, the secure time synchronization standard built on top of NTP. For this, we proposed to develop a public NTS pool. In this article, we expand on what pooling is, and what is required to enable an NTS pool. ISPCS paper: Estimating noise for clock-synchronizing Kalman filters Unknown — Fri, 04 Oct 2024 00:00:00 +0000 Our Statime project now provides strong synchronization performance and accurate synchronization error estimates. David's paper, soon to be published by the IEEE, describes our Kalman-based approach. Sovereign Tech Fund invests in Pendulum Unknown — Sat, 10 Aug 2024 00:00:00 +0000 Sovereign Tech Fund will support our effort to build modern and memory-safe implementations of the Network Time Protocol (NTP) and the Precision Time Protocol (PTP). Current zlib-rs performance Folkert de Vries — Thu, 08 Aug 2024 00:00:00 +0000 Our zlib-rs</code></a> project implements a drop-in replacement for libz.so</code>, a dynamic library that is widely used to perform gzip (de)compression. A new home for memory safe sudo/su Unknown — Wed, 17 Jul 2024 00:00:00 +0000 Today we're pleased to announce that an open source memory safe implementation of sudo/su — sudo-rs — has a new long-term home at the Trifecta Tech Foundation. Trifecta Tech Foundation: Open infrastructure software in the public interest Erik Jonkers — Mon, 15 Jul 2024 00:00:00 +0000 Today, we are proud to announce the Trifecta Tech Foundation. Statime vs Linux PTP: Comparison of precision Unknown — Mon, 08 Jul 2024 00:00:00 +0000 We're happy and proud to report that the Dutch National Metrology Institute measured performance for Statime comparable to Linux PTP! More Memory Safety for Let’s Encrypt: Deploying ntpd-rs Unknown — Mon, 24 Jun 2024 00:00:00 +0000 When we look at the general security posture of Let’s Encrypt, one of the things that worries us most is how much of the operating system and network infrastructure is written in unsafe languages like C and C++. Want more Rust? Break the cycle! Unknown — Mon, 17 Jun 2024 00:00:00 +0000 How? By oxidizing education. That's right: introduce Rust in higher education making sure more students enter the job market. A safe Internet requires secure time Unknown — Fri, 24 May 2024 00:00:00 +0000 The internet has a hole at the bottom of its trust stack, and we need to do something about it. In particular, the internet needs secure time synchronization to fortify the security of our digital world. On Rust, Memory Safety, and Open Source Infrastructure Unknown — Sun, 19 May 2024 00:00:00 +0000 Addressing memory safety in critical infrastructure is a complex issue with multiple approaches. The Sovereign Tech Fund supports several initiatives, including Pendulum's memory safe Network Time Protocol, that is highlighted in this article. Providing official Fedora Linux RPM packages for ntpd-rs and sudo-rs Unknown — Thu, 09 May 2024 00:00:00 +0000 Memory safe NTP and sudo are now in Fedora Linux. flate2 release v1.0.29 with new `zlib-rs` feature Unknown — Sun, 28 Apr 2024 00:00:00 +0000 With the new zlib-rs feature, a new backend is enabled that brings in a SIMD-accelerated Rust implementation. Rust makes DNS and time software more secure Unknown — Wed, 17 Apr 2024 00:00:00 +0000 SIDN writes about vital software for critical internet infrastructure reimplemented in memory safe languages. The article lists sudo-rs and Pendulum as prime examples of employing Rust for Rust for critical software. xz incident shows the need for structural change Unknown — Thu, 04 Apr 2024 00:00:00 +0000 At Sovereign Tech Fund, we're following the xz incident closely and listening to the many voices in the FOSS maintainer community. Sudo-rs dependencies: when less is better Unknown — Thu, 07 Mar 2024 00:00:00 +0000 Trifecta Tech Foundation maintainer Ruben Nijveld offers his perspective here on one of the greatest challenges we faced when developing software that can be widely adopted: Rust crate dependencies. Testing sudo-rs and improving sudo along the way Unknown — Wed, 28 Jun 2023 00:00:00 +0000 Faced with the task of re-implementing sudo, one of the questions that came up early on was: how do we verify that sudo-rs behaves just like the original sudo? Re-implementing Sudo in Rust Unknown — Wed, 17 May 2023 00:00:00 +0000 A drop-in replacement for all common modern use cases of sudo. Two core Unix-like utilities, sudo and su, are getting rewrites in Rust Unknown — Mon, 01 May 2023 00:00:00 +0000 Two of the most fundamental tools of the modern Unix-like command line, sudo and su, are being rewritten in the modern language Rust as part of a wider effort to get critical but aging infrastructure pieces replaced by memory-safe counterparts.