In a recent analysis, Adam Harvey found that among the 999 most popular crates on crates.io, around 17% contained code that do not match their code repository.

How?

• buy compromised cookies or credentials
• typosquatting or misleading create names
• macros

How to solve?
Again, like Go: having a comprehensive standard library.

It should have: base32, base64, bytes, crc32 and crc64, crypto, gzip, hex, http, json, net, rand, regex, tar, tls, uuid, zip, zstd.

How to fix now?

• Use Dev Containers!
• Password manager for the SSH keys and secrets
• fetch the dependencies from source
• audit the dependencies: cargo-audit and cargo-vet

The post landed today on Lobsters

1. Implement the Copy trait
2. Take parameters by reference
3. Use the proper iterator
4. Have closures capturing by value also return the value

Declare identity to be used by other tools, so the information declaration process can be automated.
A bit sad that AI is the main branding of it.

Export to VCF is added: https://hachyderm.io/@ducks/116324991938693684

The related blog post https://jakegoldsborough.com/blog/2026/whoami-spec-declarative-identity/

They use common logic in Rust. The diagram is definitely interesting.

An introduction from unsafe to safe Rust lifetimes

1. Share immutable data in threads
2. Mutex while sharing mutable data

An recommended example is provided in the "[Fearless Concurrency]"(https://blog.rust-lang.org/2017/11/14/Fearless-Concurrency-In-Firefox-Quantum.html) post of Mozilla about the success they has in parallelizing the CSS renderer.

Comme les humains sont assez mauvais à créer des logiciels sans bugs, Rust est grâce au compilateur un très bon moyen d'en éviter un certain nombre.

A feedback about handling errors properly instead of a one big error enum.

It detects ssh_bruteforce, credential_stuffing, port_scan, sudo_abuse, execution_guard, web_scan, user_agent_scanner, suricata_alert, docker_anomaly; integrity_alert, osquery_anomaly, distributed_ssh

wrappers, pgrx, pgdog, ParadeDB, Neon (Postgres in S3)

Indeed Rust is efficient. Postgres also covers a lot of features.

Key features:

• (mostly) Static memory management
• Advanced type system
• LLVM-backed compiler with "write once, run anywhere"
• Open governance and decentralized development

There are drawbacks:

• weird proposals
• the compiler uses a lot of resources
• the syntax can be heavy sometimes
• it's anemic standard library. It's a nightmare of supply chain security. The rust needs an official extended standard library packages for all the most common tasks: base64, crypto, rand, uuid...