feddit.org

1,574 readers
517 users here now

Wir sind eine deutsch- und englischsprachige Lemmy Community und entwickelten uns aus feddit.de heraus.

Feddit.org dient als Reddit-Alternative im Fediverse.

Wir sehen uns als einen selbstbestimmten Raum, außerhalb der Kontrolle kommerzieller Tech-Unternehmen.

Netiquette wird vorausgesetzt. Gepflegt wird ein respektvoller Umgang - ohne Hass, Hetze, Diskriminierung.

Alternative Oberflächen:

Werden euch Posts/Kommentare nicht angezeigt?

Diese Community ist spendenfinanziert und wird von der Fediverse Foundation unterstützt.

Serverregeln

Wir tolerieren kein diskriminierendes Verhalten und keine Inhalte, die die Unterdrückung von Mitgliedern marginalisierter Gruppen fördern oder befürworten. Diese Gruppen können durch eine der folgenden Eigenschaften gekennzeichnet sein (obwohl diese Liste natürlich unvollständig ist):

ethnische Zugehörigkeit
Geschlechtsidentität oder Ausdruck
sexuelle Identität oder Ausdruck
körperliche Merkmale oder Alter
Behinderung oder Krankheit
Nationalität, Wohnsitz, Staatsbürgerschaft
Reichtum oder Bildung
Religionszugehörigkeit, Agnostizismus oder Atheismus

Wir tolerieren kein bedrohliches Verhalten, Stalking und Doxxing. Wir tolerieren keine Belästigungen, einschließlich Brigading, Dogpiling oder jede andere Form des Kontakts mit einem Benutzer, der erklärt hat, dass er nicht kontaktiert werden möchte.

Sei respektvoll. Alle sind hier willkommen.
Kein Rassismus, Sexismus, Ableismus, Homophobie, oder anderweitige Xenophobie
Wir tolerieren kein Mobbing, einschließlich Beschimpfungen, absichtliches Misgendering oder Deadnaming.
Wir dulden keine gewalttätige nationalistische Propaganda, Nazisymbolik oder die Förderung der Ideologie des Nationalsozialismus.
Aktionen, die diese Instanz oder ihre Leistung beschädigen sollen, können zur sofortigen Sperrung des Kontos führen.
Provokationen können nach Ermessen der Moderation entfernt werden
Toxisches Verhalten wird nicht geduldet
Keine Werbung
Kein Spam
Keine Pornografie / Adult Content
In Deutschland, Österreich oder Schweiz illegale Inhalte werden gelöscht und können zur sofortigen Sperrung des Accounts führen.

Attribution

This text was partly adapted and modified from chaos.social. It is free to be adapted and remixed under the terms of the CC-BY (Attribution 4.0 International) license.

Datenschutzerklärung

TOM

We are a German and English-speaking Lemmy community that evolved from feddit.de.

Feddit.org serves as a Reddit alternative in the Fediverse.

We see ourselves as a self-determined space, outside the control of commercial tech companies.

Netiquette is expected. A respectful interaction is maintained - without hate, harassment, discrimination.

Alternative UIs:

Are you missing posts/comments?

Serverrules

We do not tolerate discriminatory behavior or content that promotes or advocates the oppression of members of marginalized groups. These groups may be characterized by any of the following (though this list is of course incomplete):

ethnicity
gender identity or expression
sexual identity or expression
physical characteristics or age
disability or illness
nationality, residency, citizenship
wealth or education
religious affiliation, agnosticism, or atheism

We do not tolerate threatening behavior, stalking, and doxxing. We do not tolerate harassment, including brigading, dogpiling, or any other form of contact with a user who has stated that they do not wish to be contacted.

Be respectful. Everyone is welcome here.
No racism, sexism, ableism, homophobia, or other xenophobia
We do not tolerate bullying, including name-calling, intentional misgendering, or deadnaming.
We do not tolerate violent nationalist propaganda, Nazi symbolism or the promotion of the ideology of National Socialism.
Actions intended to damage this instance or its performance can lead to immediate blocking of the account.
Provocations can be removed at the discretion of the moderators
Toxic behavior will not be tolerated
No advertising
No spam
No pornography / adult content
Content that is illegal in Germany, Austria or Switzerland will be deleted and can lead to an immediate ban of the account.

Attribution

This text was partly adapted and modified from chaos.social. It is free to be adapted and remixed under the terms of the CC-BY (Attribution 4.0 International) license.

Data-Protection-Policy

TOM

This community is powered by donations and supported by Fediverse Foundation.

founded 2 months ago

ADMINS

Rust has a HUGE supply chain security problem | Sylvain Kerkour | July 2, 2024 (kerkour.com)

submitted 2 months ago by ericjmorey@programming.dev to c/rust@lemmy.ml

6 comments fedilink

cross-posted from: https://programming.dev/post/16349359

July 2, 2024

Sylvain Kerkour writes:

Rust adoption is stagnating not because it's missing some feature pushed by programming language theory enthusiasts, but because of a lack of focus on solving the practical problems that developers are facing every day.

... no company outside of AWS is making SDKs for Rust ... it has no official HTTP library.

As a result of Rust's lack of official packages, even its core infrastructure components need to import hundreds of third-party crates.

cargo imports over 400 crates.

crates.io has over 500 transitive dependencies.

...the offical libsignal (from the Signal messaging app) uses 500 third-party packages.

... what is really inside these packages. It has been found last month that among the 999 most popular packages on crates.io, the content of around 20% of these doesn't even match the content of their Git repository.

...how I would do it (there may be better ways):

A stdx (for std eXtended) under the rust-lang organization containing the most-needed packages. ... to make it secure: all packages in stdx can only import packages from std or stdx. No third-party imports. No supply-chain risks.

[stdx packages to include, among others]:

gzip, hex, http, json, net, rand

Read Rust has a HUGE supply chain security problem

Submitter's note:

I find the author's writing style immature, sensationalist, and tiresome, but they raise a number of what appear to be solid points, some of which are highlighted above.

Rust has a HUGE supply chain security problem | Sylvain Kerkour | July 2, 2024 (kerkour.com)

submitted 2 months ago by ericjmorey@programming.dev to c/rust@programming.dev

26 comments fedilink

July 2, 2024

Sylvain Kerkour writes:

Rust adoption is stagnating not because it's missing some feature pushed by programming language theory enthusiasts, but because of a lack of focus on solving the practical problems that developers are facing every day.

... no company outside of AWS is making SDKs for Rust ... it has no official HTTP library.

As a result of Rust's lack of official packages, even its core infrastructure components need to import hundreds of third-party crates.

cargo imports over 400 crates.

crates.io has over 500 transitive dependencies.

...the offical libsignal (from the Signal messaging app) uses 500 third-party packages.

... what is really inside these packages. It has been found last month that among the 999 most popular packages on crates.io, the content of around 20% of these doesn't even match the content of their Git repository.

...how I would do it (there may be better ways):

A stdx (for std eXtended) under the rust-lang organization containing the most-needed packages. ... to make it secure: all packages in stdx can only import packages from std or stdx. No third-party imports. No supply-chain risks.

[stdx packages to include, among others]:

gzip, hex, http, json, net, rand

Read Rust has a HUGE supply chain security problem

Submitter's note:

I find the author's writing style immature, sensationalist, and tiresome, but they raise a number of what appear to be solid points, some of which are highlighted above.