Making Rust supply chain attacks harder with Cackle

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Rfc Rust rfc-process

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • ioccc-obfuscated-c-contest

    IOCCC International Obfuscated C code contest entries

    • A semi-automated system that compares old unsafe code to new unsafe code would likely be really helpful here - say, a LLM prompted to investigate whether the new unsafe blocks are a significant difference in scope and documented intent from the old unsafe blocks. Unless the winners of https://www.ioccc.org/ are among your attackers, it's a pretty solid line of defense.

  • rfcs

    RFCs for changes to Rust

    • This is a really overwrought alternative to just breaking up `std` and listing which new libraries one wants in the regular [depenencies] section.

    https://github.com/rust-lang/rfcs/pull/1133 Yeah definitely I haven't been wanting this for years...

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • semver-trick

    How to avoid complicated coordinated upgrades

    • Let's say crate B depends on crate A with a pinned dependency, and uses one of its types in a public interface.

    Crate C depends on them both. It now can't bring in updates to A until B does, and when B updates that's a breaking change, so it better bump its major version.

    Take a look at this teick, for example, for foundational crates updating their major version: https://github.com/dtolnay/semver-trick

    Now imagine that being an issue every single patxh update.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Generics in Rust: murky waters of implementing foreign traits on foreign types

    2 projects | dev.to | 3 Jun 2024

  • Ask HN: What April Fools jokes have you noticed this year?

    1 project | news.ycombinator.com | 1 Apr 2024

  • Rust to add large language models to the standard library

    1 project | news.ycombinator.com | 1 Apr 2024

  • Why does Rust choose not to provide `for` comprehensions?

    1 project | news.ycombinator.com | 11 Mar 2024

  • Coroutines in C

    4 projects | news.ycombinator.com | 25 Feb 2024