Dan Lorenc, from Google’s Infrastructure Security Team:

Software written in unsafe languages often contains hard-to-catch bugs that can result in severe security vulnerabilities, and we take these issues seriously at Google. That’s why we’re expanding our collaboration with the Internet Security Research Group to support the reimplementation of critical open-source software in memory-safe languages.

Notice he said “expanding our collaboration”, which must mean they’ve been doing this for a bit, but I wasn’t aware of the effort? An uplifting trend, regardless. Work is well underway:

The new Rust-based HTTP and TLS backends for curl and now this new TLS library for Apache httpd are an important starting point in this overall effort. These codebases sit at the gateway to the internet and their security is critical in the protection of data for millions of users worldwide.

Stoked for the Rust community!

Today, on behalf of the Rust Core team, I’m excited to announce the Rust Foundation, a new independent non-profit organization to steward the Rust programming language and ecosystem, with a unique focus on supporting the set of maintainers that govern and develop the project.

Also, Mozilla has “transferred all trademark and infrastructure assets, including the crates.io package registry,” to the Rust Foundation.

David Hamp-Gonsalves created a really cool use for your old Kindle:

Second hand Kindles are waiting in drawers for someone to repurpose them into something great. Boasting large e-ink screens, wifi connectivity and ARM processors they are an amazing hacking platform.

In my case I created an information panel summarizing my day such as my calendar, surf and weather forecast, garbage schedule, school closures, etc. My favorite part is that any extra space is filled with a random Pokémon sprite which my kids(not me) like to come check in on.

Built with Rust plus some serverless backend data collection bits.

Stork is two things. First, it’s an indexer: it indexes your loosely-structured content and creates a file that you can upload to your web server. Second, it’s a JavaScript + WebAssembly frontend for that index file: Stork will hook into an <input> on your web page, download the index you’ve specified, and display the best search results immediately to your user, as they type. The precomputed index and WebAssembly frontend module make the entire Stork engine very good, and very fast.

Mundane is backed by BoringSSL (Google’s fork of OpenSSL that is used in Chrome, Android, et al) and is built to be “difficult to misuse, ergonomic, and performant (in that order)”.

Crush is an attempt to make a traditional command line shell that is also a modern programming language. It has the features one would expect from a modern programming language like a type system, closures and lexical scoping, but with a syntax geared toward both batch and interactive shell usage.

Check out the overview of features right here.

The Servo Project is excited to announce that it has found a new home with the Linux Foundation. Servo was incubated inside Mozilla, and served as the proof that important web components such as CSS and rendering could be implemented in Rust, with all its safety, concurrency and speed. Now it’s time for Servo to leave the nest!

The project’s governance has also changed. It now has a board and a TSC (technical steering committee). They’ve also set up their community/chat on Zulip, which is new to me and looks… interesting.

Used to be written in Python, but is now 100% Rust.

dog is a command-line DNS client, like dig.
It has colourful output, understands normal command-line argument syntax, supports the DNS-over-TLS and DNS-over-HTTPS protocols, and can emit JSON.

The only downside is that (for now) you have to build it from source if you want to use it.

Ox is a code editor. It was written in Rust using ANSI escape sequences. It assists developers with programming by providing several tools to speed up and make programming easier and a refreshing alternative to heavily bloated and resource hungry editors such as VS Code and JetBrains. Ox is lightweight so it can be used on older computers.

Bear in mind, this is a personal project and is nowhere near ready to replace your existing tools just yet.

Ox is stealing good ideas from existing editors and provides a rundown of what that means in the README. It works on Linux, macOS, and Windows via WSL.

This web server for static assets is “blazing fast” and executable with a single binary, but what excites me about it is the simplistic, singular config file: binserve.json

{
  "directory_listing": false,
  "enable_logging": true,
  "error_pages": {
    "404": "404.html"
  },
  "follow_symlinks": false,
  "routes": {
    "/": "index.html",
    "/example": "example.html"
  },
  "server": {
    "host": "127.0.0.1",
    "port": 1337
  },
  "static_directory": "static",
  "template_variables": {
    "load_static": "/static/",
    "name": "Binserve"
  }
}

By switching from Node.js to Rust, we improved some memory issue and embrassed the concept of ownership. Which is according to The Rust Book, Rust’s most unique feature.

A Native Implemented Function is implemented in C (or Rust when using Rustler) and can be called from Elixir or Erlang just like any other function. It’s the simplest and fastest way to run native code from Erlang but it does come with a caveat: a crash in a NIF can bring down the whole BEAM. This makes Rust a safer option than C for implementing NIFs as its type system and ownership model guarantee memory and thread-safety.

Wow – huge thanks to Lauren Tan for pulling together all the links that summarize RustConf 2020!

All the talks, all the links…all in one place. PRs are welcome too.

The Rust core team has addressed the concerns raised by the significant changes at Mozilla.

On Tuesday, August 11th 2020, Mozilla announced their decision to restructure the company and to lay off around 250 people, including folks who are active members of the Rust project and the Rust community. Understandably, these layoffs have generated a lot of uncertainty and confusion about the impact on the Rust project itself. Our goal in this post is to address those concerns. We’ve also got a big announcement to make, so read on!

gix is a command-line interface (CLI) to access git repositories. It’s written to optimize the
user-experience, and perform as good or better than the canonical implementation.

Furthermore it provides an easy and safe to use API in the form of various small crates for implementing your own tools in a breeze.

The author describes this as “idiomatic, modern, lean, fast, safe, & pure” but that was too many superlatives to put in the headline. It does look nice, though. I dig the libraries + CLI that leverages them approach. Demo video on Asciinema.

A solid interview with Steve Klabnik from the Rust core team:

We sat down with Steve to hear from him first-hand about his professional activities at the moment, the design success of Rust, a little about the “full-stack” development hype, and overcoming burnouts.

Bevy has the following design goals:

• Capable: Offer a complete 2D and 3D feature set
• Simple: Easy for newbies to pick up, but infinitely flexible for power users
• Data Focused: Data-oriented architecture using the Entity Component System paradigm
• Modular: Use only what you need. Replace what you don’t like
• Fast: App logic should run quickly, and when possible, in parallel
• Productive: Changes should compile quickly … waiting isn’t fun

Before you get too excited, a word of warning 🚨

Bevy is still in the very early stages of development. APIs can and will change (now is the time to make suggestions!). Important features are missing. Documentation is sparse. Please don’t build any serious projects in Bevy unless you are prepared to be broken by api changes constantly.

This looks like a great resource, but seems targeted at folks who’ve already dipped their toes in to the water. For first-timers, the maintainers of Rustlings suggest the official book and Rust By Example.

You’re still gonna want Nmap, but RustScan drastically speeds up the first step (scans all 65k ports in less than a minute) and then pipes its data to Nmap.

dijo is a habit tracker. It is curses-based, it runs in your terminal. dijo is scriptable, hook it up with external programs to track events without moving a finger. dijo is modal, much like a certain text editor.

pgx is a framework for developing PostgreSQL extensions in Rust and wants to make that process as idiomatic and safe as possible. Currently, pgx supports Postgres v10, v11, and v12.

If this interests you, check out the examples directory that shows you how to work with arrays, errors, strings, and more.

While I like the acronym so, this tool would actually be better described as se: an interface to the StackExchange network. In particular one thing that differentiates it from similar tools is that you can simultaneously search any number of sites in the StackExchange network

This is part 3 of a three part series from Sheshbabu Chinnakonda introducing the Rust language to JavaScript developers — this one is focused on functions and control flow.

When Shesh kicked off this series he said, “I find it easier to understand something new if it was explained in terms of something I already know. I thought there might be others like me.”

BTW, here are links to the others from this series:

• Tooling Ecosystem Overview
• Variables and Data Types

No matter how much investment software companies may put into tooling and training their developers, “C++, at its core, is not a safe language,” said Ryan Levick, Microsoft cloud developer advocate, during the AllThingsOpen virtual conference last month, explaining, in a virtual talk, why Microsoft is gradually switching to Rust to build its infrastructure software, away from C/C++. And it is encouraging other software industry giants to consider the same.

This sounds SO familiar, as heard from Josh Aas recently on The Changelog (listen here).

We certainly should not be writing any new code in C and C++. The opportunity for vulnerabilities – I mean, it absolutely will have vulnerabilities, and we need to get that type of code away from our networks to start with, and then probably away from most other things, too… So I would hope that in 10-20 years we think it’s crazy to be deploying major (or maybe even minor) pieces of software that are written in languages that are not memory-safe.

So we’re trying to remove code written in C and C++ from our infrastructure at Let’s Encrypt. I think that’s just a basic part of diligence applied to secure infrastructure. If your stack is some giant pile of C++ or C at the network edge, followed by OpenSSL written in C, followed by a Linux kernel written in C, glibc - your whole pathway has got all this code that you just know is full of security holes. It absolutely is. You just can’t claim that those are even close to secure systems. They’re absolutely not. We’re gonna look back on this and say “That was crazy. We have better options today.”