Daily Shaarli

All links of one day in a single page.

Yesterday - August 27, 2025

Building a Plugin System for Rust: Native Libraries vs Scripting Language vs WASM vs Rules Engine

Native libraries are hard in Rust; the compiler offers no guarantees about the memory representation of structs; or these structs needs to be FFI-Friendly with unsafe extern "C". There is no sandboxing, so a malicious code could promise the machine; or corrupt the memory silently.
Finally, dynamic library plugins are distributed as compiled code.It's easier to hide backdoors in compiled code. It's also harder to share the code than simple scripts.

There are two main ways to embed JavaScript in a Rust program. The first one is with bindings for the lightweight QuickJS engine, such as rquickjs. Take a look at AWS' LLRT (Low Latency Runtime) for an advanced integration of QuickJS in Rust.

Ho, and did I mention that QuickJS is lightweight? Around 210 KiB of code vs around 40 MiB of code for V8, all while being fast enough for most situations.

My vision of programming is to limit ourselves to two programming languages. A very powerful, secure and fast compiled language for the lower levels of the computing stack, Rust, and a less powerful and slower scripting language for high-level scripting and user interfaces, JavaScript.

Another alternative is WASM. The provided code is already compiled; and the author judges the ecosystem too immature.

The last method is the less powerful: expression engine. It allows to specify a language with some rules, even if it is not turing complete and the result always evaluate to an expression.

So to rank them:

  • scripting language
  • expression engine
  • WASM
  • at the end native libraries
The unexpected productivity boost of Rust

The language can catch subtle errors for large codebases

Med-Gemini, l’IA médicale de Google, a halluciné des ganglions inexistants dans le cerveau - Next
IA TL;DR

Des ressources critiques
https://raindrop.io/guillaume11/ia-tl-dr-55999307

Ainsi que des exemples néfastes:
https://raindrop.io/guillaume11/ia-56132031

Ainsi que des guides, vulgarisations ou réflexions sur le sujet:
https://raindrop.io/guillaume11/comprendre-l-ia-56019219

Merci https://mamot.fr/@burgervege/115101284723572526

GitHub - kickscondor/fraidycat: Follow blogs, wikis, YouTube channels, as well as accounts on Twitter, Instagram, etc. from a single page.

Fraidycat is an app for Linux, Windows or Mac OS X - but which can be accessed from a local browser or a Tor onion site - and is a tool that can be used to follow folks on a variety of platforms. But rather than showing you a traditional 'inbox' or 'feed' view of all the incoming posts - Fraidycat braces itself against this unbridled firehose! - you are shown an overview of who is active and a brief summary of their activity.

Why Organizations Don’t Do User Research and How to Change That - NN/G

"At too many companies, especially larger ones, there is no real benefit to delivering something that really benefits users. Teams are rewarded for building new features, shipping fast, and delivering the latest trends.

By the time something gets rolled out to users and fails to make a positive impact, the people who led the charge have already been promoted or have moved on to build the next big thing that is absolutely going to be a game changer."

(via https://mamot.fr/@burgervege/115095552068867662)

77 malicious apps removed from Google Play Store | Malwarebytes

17 apps installed over 19 million times

L'IA qui souffre ? Sérieusement ? | Intelligence artificielle | Le site de Korben
Raphaël Vinot: "The whole EU age verification …" - Yoyodyne IT socializing

The whole EU age verification app thing is so exhausting. Yes, the tech specs are public, yes, the wallet app is opensource, yes, it could be done in a worse way.

Yet, it is still the newest attempt to answer the question: "can we tech hard enough to avoid having parents talking to their kids?"

And the answer is still no, you can't.

And why the website is on .dev owned by Google? Why not .eu? https://ageverification.dev/

Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers - Socket.dev

The information is relayed on different news website:

It was unveiled with a presentation at the DEFCON 2025 https://marektoth.com/blog/dom-based-extension-clickjacking/

Y'a pas écrit La Porte: „Ceci est un thread de mes shitpost préférés* pour…“ - Eldritch Café

Des shitposts