HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randomint64

no profile record

Submissions

[untitled]

1 points·by randomint64·16 hari yang lalu·0 comments

[untitled]

1 points·by randomint64·24 hari yang lalu·0 comments

Stdx: Rust's Extended Standard Library

github.com
5 points·by randomint64·30 hari yang lalu·1 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

AI "content creators" are getting harder to spot

theverge.com
4 points·by randomint64·bulan lalu·0 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

[untitled]

1 points·by randomint64·bulan lalu·0 comments

The problem with Rust for back end services

kerkour.com
3 points·by randomint64·2 bulan yang lalu·0 comments

Rust is a great fit for the agentic era

kerkour.com
4 points·by randomint64·2 bulan yang lalu·1 comments

Deep Dive into SHA-3: Understanding Keccak and Sponge Functions

kerkour.com
2 points·by randomint64·2 bulan yang lalu·0 comments

Smartphones Are Black Holes

kerkour.com
1 points·by randomint64·2 bulan yang lalu·0 comments

Passwords suck. Can passkeys replace them?

kerkour.com
2 points·by randomint64·2 bulan yang lalu·0 comments

The limits of Rust, or why you should probably not follow Amazon and Cloudflare

kerkour.com
90 points·by randomint64·2 bulan yang lalu·87 comments

Like solar, Rust is inevitable

kerkour.com
1 points·by randomint64·2 bulan yang lalu·0 comments

All databases will eventually be (re)written in Rust

kerkour.com
6 points·by randomint64·2 bulan yang lalu·1 comments

All databases will eventually be (re)written in Rust

kerkour.com
3 points·by randomint64·2 bulan yang lalu·0 comments

[untitled]

1 points·by randomint64·3 bulan yang lalu·0 comments

comments

randomint64
·bulan lalu·discuss
Espressif is on fire! And the CPU even has SIMD instructions!

RISC-V cores is a big deal for embedded systems because now compiling for SoCs is only a matter of `rustup target add riscv32imac-unknown-none-elf` instead of downloading half-broken proprietary toolchains and SDKs.

Take a look at https://kerkour.com/introduction-to-embedded-development-wit... and https://kerkour.com/rust-esp32-pentest to get started with modern (Rust ;) embedded development.
randomint64
·3 bulan yang lalu·discuss
The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key.
randomint64
·3 bulan yang lalu·discuss
While it's true that API keys are basically prefix + base32Encode(ID + secret), you will want a few more things to make secure API keys: at least versioning and hashing metadata to avoid confused deputy attacks.

Here is a detailed write-up on how to implement production API keys: https://kerkour.com/api-keys
randomint64
·4 bulan yang lalu·discuss
Sherlock Holmes liked to say "When you have eliminated the impossible whatever remains, however improbable, must be the truth".

The same is true for programming languages. When you have eliminated all the others for their fatal flaws, only Rust remains, so it's not "just a tool", it's the best tool (or less worse, depending on how you like the syntax).

You can read more about the technical reasons here: https://kerkour.com/rust-software-engineering-reliability
randomint64
·5 bulan yang lalu·discuss
That's right, Signal (https://kerkour.com/signal-app-rust), Proton (https://kerkour.com/proton-apps-rust), Matrix, Wire and many more are using a share, cross-platform Rust core and a platform-dependent UI layer.

But it's not only the security-critical paths, but also most of the business logic (see the 2 posts above).
randomint64
·6 bulan yang lalu·discuss
For those who want to get started with SIMD programming in Rust, here is a great resource: https://kerkour.com/introduction-rust-simd
randomint64
·8 bulan yang lalu·discuss
Indeed, Rust's supply chains story is an absolute horror, and there are countless articles explaining what should be done instead (e.g. https://kerkour.com/rust-stdx)

TL;DR: ditch crates.io and copy Go with decentralized packages based directly on and an extended standard library.

Centralized package managers only add a layer of obfuscation that attackers can use to their advantage.

On the other hand, C / C++ style dependency management is even worse than Rust's... Both in terms of development velocity and dependencies that never get updated.