If #xz were a Go or Rust dependency, you wouldn’t have a single copy of xz library on your system, but many, #xzbackdoor hidden in every executable that uses it. Distros would have to rebuild all packages using that lib (not just the lib itself), which could take days or weeks, and users would have to update them all, downloading tens or hundreds of megabytes.
If you install binaries directly from vendors/devs, it’s even worse – you wouldn’t even know which ones are affected and you’d (1/3)
Now do you see the value of #Linux distros and dynamic linking? Please, stop this insane “single binary” mantra and work with distros, not against them.
If #rustlang wants to replace C, devs need to acknowledge this and start providing dynamically linkable libraries with stable ABI. (3/3)
A blog post about my experience teaching #Rust at my university 🎓
Highlight from the summary:
"If students without much experience (some of them had only one lecture about Python) can learn the basics in 5 days, then I think that developers should stop calling Rust complicated"
Hrmm, #rustnationuk24 it's only 10:15 and one of the speakers already dunking on PHP 🙄 I thought the #rustlang community was supposed to be welcoming, but apparently not.
Rust 101 is a #university course that introduces #rustlang to computer science students, and is available for anyone who wants to teach Rust. Don't hesitate to contact us if you'd like some help setting up the course for your students!
🦀 Starting in #rustlang 1.73.0 (to be released on October 5th), panic!() and assert_eq!() messages will be a bit easier to read: unnecessary quotes and punctuation have been removed, and the message itself will appear its own line. ✨
Do you use #rustlang? Do you like a bug free type system, traits, and const generics? Go grab your (or your employer's!) credit card and go sponsor Boxy to keep making these things possible.
Rustc devs like Boxy need your support to maintain Rust for you.
Auditing your dependencies, or relying on external audits, adds an important layer of protection.
It's not a silver bullet against bad dependencies as there's no such thing. However adding more layers of protection makes attackers' lives harder and this is one of them.
I'm easing myself back into work with the goal of offering freelance software engineering consultation and Rust education. More news soon, but in the meantime I have availability to take on a few clients for short-term Rust coaching/advice/mentoring/expert support over the next couple of months. If you're thinking of adopting Rust or are learning Rust and want to deepen you or your team's understanding and become more effective, lets chat! #rustlang
If I wanted to incentivize people to try and exploit Hubris, what should I do? What would you want to see?
While open source, the system is mostly used by Oxide, a for-profit company, so I would expect "am I doing this for free" to come up. Explicit threat model is also good. What else?
We've hired firms for this but with mixed results (they mostly know C). I wanna open it to everyone else. I would be delighted to give guidance.
today I've heard for the first time about the #RigelA open-source screen reader project for #Windows written in #RustLang. Unfortunately only Readme has an English version, all other documents and code comments are in chinese, but the project seems very promising. Use Google Translate or another translator if you, like me, don't speak Chinese. https://gitcode.net/mzdk100/rigela
I’m happy to see the diagnostic namespace finally in a stable release. This is the result of nearly 2 years of work.
I would like to thank the Rust Foundation for funding a part of the work. I also would like to thank @ekuber and @errs for their help and guidance while designing and building this feature.