HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randomint64

no profile record

Submissions

[untitled]

1 points·by randomint64·16 days ago·0 comments

[untitled]

1 points·by randomint64·24 days ago·0 comments

Stdx: Rust's Extended Standard Library

github.com
5 points·by randomint64·30 days ago·1 comments

[untitled]

1 points·by randomint64·last month·0 comments

AI "content creators" are getting harder to spot

theverge.com
4 points·by randomint64·last month·0 comments

[untitled]

1 points·by randomint64·last month·0 comments

[untitled]

1 points·by randomint64·last month·0 comments

[untitled]

1 points·by randomint64·last month·0 comments

[untitled]

1 points·by randomint64·last month·0 comments

[untitled]

1 points·by randomint64·last month·0 comments

The problem with Rust for back end services

kerkour.com
3 points·by randomint64·2 months ago·0 comments

Rust is a great fit for the agentic era

kerkour.com
4 points·by randomint64·2 months ago·1 comments

Deep Dive into SHA-3: Understanding Keccak and Sponge Functions

kerkour.com
2 points·by randomint64·2 months ago·0 comments

Smartphones Are Black Holes

kerkour.com
1 points·by randomint64·2 months ago·0 comments

Passwords suck. Can passkeys replace them?

kerkour.com
2 points·by randomint64·2 months ago·0 comments

The limits of Rust, or why you should probably not follow Amazon and Cloudflare

kerkour.com
90 points·by randomint64·2 months ago·87 comments

Like solar, Rust is inevitable

kerkour.com
1 points·by randomint64·2 months ago·0 comments

All databases will eventually be (re)written in Rust

kerkour.com
6 points·by randomint64·2 months ago·1 comments

All databases will eventually be (re)written in Rust

kerkour.com
3 points·by randomint64·2 months ago·0 comments

[untitled]

1 points·by randomint64·3 months ago·0 comments

comments

randomint64
·last month·discuss
Espressif is on fire! And the CPU even has SIMD instructions!

RISC-V cores is a big deal for embedded systems because now compiling for SoCs is only a matter of `rustup target add riscv32imac-unknown-none-elf` instead of downloading half-broken proprietary toolchains and SDKs.

Take a look at https://kerkour.com/introduction-to-embedded-development-wit... and https://kerkour.com/rust-esp32-pentest to get started with modern (Rust ;) embedded development.
randomint64
·3 months ago·discuss
The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key.
randomint64
·3 months ago·discuss
While it's true that API keys are basically prefix + base32Encode(ID + secret), you will want a few more things to make secure API keys: at least versioning and hashing metadata to avoid confused deputy attacks.

Here is a detailed write-up on how to implement production API keys: https://kerkour.com/api-keys
randomint64
·4 months ago·discuss
Sherlock Holmes liked to say "When you have eliminated the impossible whatever remains, however improbable, must be the truth".

The same is true for programming languages. When you have eliminated all the others for their fatal flaws, only Rust remains, so it's not "just a tool", it's the best tool (or less worse, depending on how you like the syntax).

You can read more about the technical reasons here: https://kerkour.com/rust-software-engineering-reliability
randomint64
·5 months ago·discuss
That's right, Signal (https://kerkour.com/signal-app-rust), Proton (https://kerkour.com/proton-apps-rust), Matrix, Wire and many more are using a share, cross-platform Rust core and a platform-dependent UI layer.

But it's not only the security-critical paths, but also most of the business logic (see the 2 posts above).
randomint64
·6 months ago·discuss
For those who want to get started with SIMD programming in Rust, here is a great resource: https://kerkour.com/introduction-rust-simd
randomint64
·8 months ago·discuss
Indeed, Rust's supply chains story is an absolute horror, and there are countless articles explaining what should be done instead (e.g. https://kerkour.com/rust-stdx)

TL;DR: ditch crates.io and copy Go with decentralized packages based directly on and an extended standard library.

Centralized package managers only add a layer of obfuscation that attackers can use to their advantage.

On the other hand, C / C++ style dependency management is even worse than Rust's... Both in terms of development velocity and dependencies that never get updated.