HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randomint64

no profile record

Submissions

[untitled]

1 points·by randomint64·há 16 dias·0 comments

[untitled]

1 points·by randomint64·há 24 dias·0 comments

Stdx: Rust's Extended Standard Library

github.com
5 points·by randomint64·há 30 dias·1 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

AI "content creators" are getting harder to spot

theverge.com
4 points·by randomint64·mês passado·0 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

[untitled]

1 points·by randomint64·mês passado·0 comments

The problem with Rust for back end services

kerkour.com
3 points·by randomint64·há 2 meses·0 comments

Rust is a great fit for the agentic era

kerkour.com
4 points·by randomint64·há 2 meses·1 comments

Deep Dive into SHA-3: Understanding Keccak and Sponge Functions

kerkour.com
2 points·by randomint64·há 2 meses·0 comments

Smartphones Are Black Holes

kerkour.com
1 points·by randomint64·há 2 meses·0 comments

Passwords suck. Can passkeys replace them?

kerkour.com
2 points·by randomint64·há 2 meses·0 comments

The limits of Rust, or why you should probably not follow Amazon and Cloudflare

kerkour.com
90 points·by randomint64·há 2 meses·87 comments

Like solar, Rust is inevitable

kerkour.com
1 points·by randomint64·há 2 meses·0 comments

All databases will eventually be (re)written in Rust

kerkour.com
6 points·by randomint64·há 2 meses·1 comments

All databases will eventually be (re)written in Rust

kerkour.com
3 points·by randomint64·há 2 meses·0 comments

[untitled]

1 points·by randomint64·há 3 meses·0 comments

comments

randomint64
·mês passado·discuss
Espressif is on fire! And the CPU even has SIMD instructions!

RISC-V cores is a big deal for embedded systems because now compiling for SoCs is only a matter of `rustup target add riscv32imac-unknown-none-elf` instead of downloading half-broken proprietary toolchains and SDKs.

Take a look at https://kerkour.com/introduction-to-embedded-development-wit... and https://kerkour.com/rust-esp32-pentest to get started with modern (Rust ;) embedded development.
randomint64
·há 3 meses·discuss
The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key.
randomint64
·há 3 meses·discuss
While it's true that API keys are basically prefix + base32Encode(ID + secret), you will want a few more things to make secure API keys: at least versioning and hashing metadata to avoid confused deputy attacks.

Here is a detailed write-up on how to implement production API keys: https://kerkour.com/api-keys
randomint64
·há 4 meses·discuss
Sherlock Holmes liked to say "When you have eliminated the impossible whatever remains, however improbable, must be the truth".

The same is true for programming languages. When you have eliminated all the others for their fatal flaws, only Rust remains, so it's not "just a tool", it's the best tool (or less worse, depending on how you like the syntax).

You can read more about the technical reasons here: https://kerkour.com/rust-software-engineering-reliability
randomint64
·há 5 meses·discuss
That's right, Signal (https://kerkour.com/signal-app-rust), Proton (https://kerkour.com/proton-apps-rust), Matrix, Wire and many more are using a share, cross-platform Rust core and a platform-dependent UI layer.

But it's not only the security-critical paths, but also most of the business logic (see the 2 posts above).
randomint64
·há 6 meses·discuss
For those who want to get started with SIMD programming in Rust, here is a great resource: https://kerkour.com/introduction-rust-simd
randomint64
·há 8 meses·discuss
Indeed, Rust's supply chains story is an absolute horror, and there are countless articles explaining what should be done instead (e.g. https://kerkour.com/rust-stdx)

TL;DR: ditch crates.io and copy Go with decentralized packages based directly on and an extended standard library.

Centralized package managers only add a layer of obfuscation that attackers can use to their advantage.

On the other hand, C / C++ style dependency management is even worse than Rust's... Both in terms of development velocity and dependencies that never get updated.