HackerTrans
TopNewTrendsCommentsPastAskShowJobs

randomint64

no profile record

Submissions

[untitled]

1 points·by randomint64·16 дней назад·0 comments

[untitled]

1 points·by randomint64·24 дня назад·0 comments

Stdx: Rust's Extended Standard Library

github.com
5 points·by randomint64·30 дней назад·1 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

AI "content creators" are getting harder to spot

theverge.com
4 points·by randomint64·в прошлом месяце·0 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

[untitled]

1 points·by randomint64·в прошлом месяце·0 comments

The problem with Rust for back end services

kerkour.com
3 points·by randomint64·2 месяца назад·0 comments

Rust is a great fit for the agentic era

kerkour.com
4 points·by randomint64·2 месяца назад·1 comments

Deep Dive into SHA-3: Understanding Keccak and Sponge Functions

kerkour.com
2 points·by randomint64·2 месяца назад·0 comments

Smartphones Are Black Holes

kerkour.com
1 points·by randomint64·2 месяца назад·0 comments

Passwords suck. Can passkeys replace them?

kerkour.com
2 points·by randomint64·2 месяца назад·0 comments

The limits of Rust, or why you should probably not follow Amazon and Cloudflare

kerkour.com
90 points·by randomint64·2 месяца назад·87 comments

Like solar, Rust is inevitable

kerkour.com
1 points·by randomint64·2 месяца назад·0 comments

All databases will eventually be (re)written in Rust

kerkour.com
6 points·by randomint64·2 месяца назад·1 comments

All databases will eventually be (re)written in Rust

kerkour.com
3 points·by randomint64·2 месяца назад·0 comments

[untitled]

1 points·by randomint64·3 месяца назад·0 comments

comments

randomint64
·в прошлом месяце·discuss
Espressif is on fire! And the CPU even has SIMD instructions!

RISC-V cores is a big deal for embedded systems because now compiling for SoCs is only a matter of `rustup target add riscv32imac-unknown-none-elf` instead of downloading half-broken proprietary toolchains and SDKs.

Take a look at https://kerkour.com/introduction-to-embedded-development-wit... and https://kerkour.com/rust-esp32-pentest to get started with modern (Rust ;) embedded development.
randomint64
·3 месяца назад·discuss
The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key.
randomint64
·3 месяца назад·discuss
While it's true that API keys are basically prefix + base32Encode(ID + secret), you will want a few more things to make secure API keys: at least versioning and hashing metadata to avoid confused deputy attacks.

Here is a detailed write-up on how to implement production API keys: https://kerkour.com/api-keys
randomint64
·4 месяца назад·discuss
Sherlock Holmes liked to say "When you have eliminated the impossible whatever remains, however improbable, must be the truth".

The same is true for programming languages. When you have eliminated all the others for their fatal flaws, only Rust remains, so it's not "just a tool", it's the best tool (or less worse, depending on how you like the syntax).

You can read more about the technical reasons here: https://kerkour.com/rust-software-engineering-reliability
randomint64
·5 месяцев назад·discuss
That's right, Signal (https://kerkour.com/signal-app-rust), Proton (https://kerkour.com/proton-apps-rust), Matrix, Wire and many more are using a share, cross-platform Rust core and a platform-dependent UI layer.

But it's not only the security-critical paths, but also most of the business logic (see the 2 posts above).
randomint64
·6 месяцев назад·discuss
For those who want to get started with SIMD programming in Rust, here is a great resource: https://kerkour.com/introduction-rust-simd
randomint64
·8 месяцев назад·discuss
Indeed, Rust's supply chains story is an absolute horror, and there are countless articles explaining what should be done instead (e.g. https://kerkour.com/rust-stdx)

TL;DR: ditch crates.io and copy Go with decentralized packages based directly on and an extended standard library.

Centralized package managers only add a layer of obfuscation that attackers can use to their advantage.

On the other hand, C / C++ style dependency management is even worse than Rust's... Both in terms of development velocity and dependencies that never get updated.