veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

292
active users

#rust

103 posts89 participants3 posts today

mention of AI/LLM usage in CTF/infosec

Haven't participated in Capture The Flag (#CTF) competitions in a while, and saw a few new (to me) things after this last one:
* People rely on LLMs a lot, and they are reportedly kinda useful in this specific use case? Paid ones at least.
* Due to the above, solving the tasks without assistance seems to fall out of favour as being slower. You're in advantage if you pay for it.
* A lot more solutions are written in #Rust, rather than #Python or #C.

One of the most off-putting things about #Rust is the complete and utter contempt that most of its community has for #semver: A library that is meant to be used by others should explicitly have a version of 1.0.0 or greater.

0.x.y means that it is not ready for actual productive use:

Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
If your software is being used in production, it should probably already be 1.0.0. If you have a stable API on which users have come to depend, you should be 1.0.0. If you’re worrying a lot about backward compatibility, you should probably already be 1.0.0.
Meanwhile in Rust: “The preferred TLS-library with 186k users, 166 contributers, and 3795 commits is still in version 0.23.26.”

Sorry, I’m not going to use a pre-release cryptography library in production! If this is meant for actual use, give it an according version number!

Also, the custom rules are part of the problem: The notion that you should not have breaking changes when going from 0.1.2 to 0.1.3 is
explicitly in violation to the rules that semver puts down, yet the rust community has set up expectations that this is not the case.

And then there is of course the entire mess with huge numbers of transitive dependencies for everything. I was looking at a json library and it depends on an “itoa”-crate that literally just exists to convert integers to strings. Aka: it introduces a completely new point where someone can create a dependency that includes malware, for essentially no gain.

Compare this with C++, where the generally preferred
json-library has zero dependencies and is in fact single-header-only.

It’s stuff like this that pushes me back to C++ every time I look at rust. Which makes me sad, because I really like many of the high-level ideas behind Rust.
😞

#cplusplus
Semantic VersioningSemantic Versioning 2.0.0Semantic Versioning spec and website

My Easter treat has been to work on my silly hosted-at-home retro website. It now features actual content, animated GIFs, and photos of pineapples!

There's a few dynamic pages under cgi-bin, although they are not actually CGI scripts—they are generated by a Rust program. The dynamic content includes live energy stats, climate info, and memory & uptime info. I still want to fill out the content some more, but I also need to do other things.

home.wezm.net/~wmoore/

📚🤖 Ah, nothing says "cutting-edge innovation" quite like a 7-year-old article on #state #machines in Rust! Dive into this riveting tale of #enums and structures, where #computer scientists bravely pave the way to a "hopeful future" by rehashing #CS101 topics. Seriously, Samuel, enums again? 🙄🔄
hoverbear.org/blog/rust-state- #cuttingedgeinnovation #Rust #programming #science #HackerNews #ngated

hoverbear.orgPretty State Machine Patterns in RustA computer scientist working in open source towards a more hopeful future.

i've just released zizmor v1.6.0!

this release comes with a lot of bugfixes that have accumulated over the last month, plus some big new features:

1. there's a new audit, `forbidden-uses`, which allows users to configure allow/deny policies for third-party actions!
2. the `unpinned-uses` audit has been completely rewritten, and now also supports configuration (e.g. to give your own first-party actions a weaker pinning policy than "must be hashed")
3. there's a new `--format=github` mode, which emits GitHub annotations. these come with quite a few limitations, but may be useful to users who can't use `--format=sarif`!

plus much more; read the full notes here:

woodruffw.github.io/zizmor/rel

woodruffw.github.ioRelease Notes - zizmorAbbreviated change notes about each zizmor release.

#iden Quick-start verified: Creating and sourcing the #python and #rust virtual environments to compile and install, generating an identity, starting the pad manager, and how to import the library in a #jupyter notebook ready to write and read and poke at the test node.

github.com/stevenaleach/iden/b

IDEN - decentralized identity and distributable services. - stevenaleach/iden
GitHubiden/quickstart.md at main · stevenaleach/idenIDEN - decentralized identity and distributable services. - stevenaleach/iden

In #VSCode, the code lenses now include an outline around parts of it (such as "🅁un 🅃ests"). I'm not sure if this is from #Rust analyzer or VS Code itself, as I updated everything last night.

Is there a way to get rid of this outline (likely a border in the CSS)? It is distracting to the point that I'm considering turning off code lenses if it can't be disabled.

daaaaaaaaaaaaaaamn.

Wrote a small tool in #Rust, to split my caddy logs into bad-visitor/sketchy-agent/unclassified parts, do some filtering and anonymization.

Figured it will run a while. It blew through 6Gb of logs in 33 seconds, and that included decompression too.

It's not even an optimized thing, it does it all on a single thread.