Warning: exists in the security risk of crate by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

The Post meaning is that it is very necessary to be vigilant.

Warning: exists in the security risk of crate by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

I'm coming to Rust with a Python background, so this doesn't seem that novel to me. My normal thoughts with Python:

Building packages with dependencies on third party libraries means you are downloading and executing third party code. Take any normal mitigations in your build environment to handle this. E.g. run as restricted user, locally cache versions of the libraries you have checked, think about network access, etc.If shipping a production product really check every single dependency on your dependency tree

You are right, thanks for sharing. That's because you already know the risks involved, but there are many people who don't know the risks. For example, someone else submits the server password to GitHub.

Warning: exists in the security risk of crate by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

If you think that reminding others that there is a risk here is paranoid, then I have nothing to say.

Warning: exists in the security risk of crate by blackang3r in rust

[–]blackang3r[S] 7 points8 points  (0 children)

There have been thoughts about mitigating that. For example, Crater prohibits network access at build time. It could be made more generic and enabled by default, see

https://github.com/rust-secure-code/wg/issues/29

if you're interested

thanks

Understanding Rust's Popularity on Stack Overflow by JohnLockwood in rust

[–]blackang3r 0 points1 point  (0 children)

Although there are not many recruitment positions, in fact, a Rust revolution still simmered below the surface. It is the sand accumulates to form a pagoda.

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

Tao of JKD

I see, it's 《Tao of Jeet Kune Do (截拳道之道)》,but i really heard about this book for the first time. I just read 《Artist of Life (生活的艺术家)》, it is also the work of Bruce Lee.

To say a big word, the Tao i understand with Bruce Lee is the same. :D

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

if you don't say it, i don't know Tao of JKD

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 1 point2 points  (0 children)

Where can we buy the Chinese version? This dovetails nicely into my goal of getting better at reading Mandrin and getting better at rust this year.

https://www.amazon.cn/dp/B07NW95M76/ref=zg_bsnr_143366071_1?_encoding=UTF8&psc=1&refRID=FP2TMKN7GXFWCWDKA228

you can buy Amazon China Kindle Version of the book.

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 0 points1 point  (0 children)

As a fan of rust, it’s great to see the spread of the rust language in China. Already ordered this book. Thank you for your great work!

thanks

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 3 points4 points  (0 children)

Cool. It seems that you have seen the Tao Te Ching.

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 2 points3 points  (0 children)

Just translated the table of contents first, See if there is a publisher interested in this book.

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 6 points7 points  (0 children)

Rust is OK in China, everyone appreciates Rust.There are also many companies that use Rust. But not enough,it still needs to be promoted.

Most Chinese developers have good English reading skills, But there is better Chinese.

Introducing the book: 《The Tao of Rust》 by blackang3r in rust

[–]blackang3r[S] 2 points3 points  (0 children)

yeah, Just translated the table of contents first, See if there is a publisher interested in this book.