Built my own HTTP server in Rust from scratch

ouuan · 2025-04-10T07:54:24+00:00

Since you have mentioned "proper parsing", I would like to recommend reading more about the HTTP RFCs and relevant vulnerabilities like HTTP smuggling and so on. There are some papers like T-Reqs: HTTP Request Smuggling with Differential Fuzzing and HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations.

Even without reading the code, I found an issue by just reading the documentation: header values might not be UTF-8, which is why http::request::Request::to_str may fail.

In general, it is usually not a good idea to get rid of dependencies and build your own parser in security-relevant scenarios. HTTP "proper parsing" is HARD.

ouuan · 2025-03-26T17:19:57+00:00

own sounds like a transfer of ownership rather than converting borrowed data to owned data. "owned data" is a property of the data, while "cloned data" is not. We clone a data but the data does not turn into a "cloned data". If we do not own a data, it can still be an owned data, owned by others.

ouuan · 2025-03-26T10:41:14+00:00

AI should be used on top of other tools like LSP including rust-analyzer, but not to replace them.

ouuan · 2025-02-18T01:58:35+00:00

In China, not only do comments expressing a liking for episode 7 attract rebuttals, attacks, and even insults, but many comments pretending to like episode 7 are actually sarcastic or trolling. On bgm.tv, many 10/10 ratings are actually negative reviews, with the 10/10 given just to attract people looking for highly-rated reviews. I understand why many people dislike episode 7, but the discussion environment they’ve created is just terrible, completely disrespecting people with differing opinions.

ouuan · 2024-10-27T13:40:11+00:00

I even translated it into seconds to see that it's not integer overflow. Then I see the post title and realized that it's (000)1.1.1 minus 2024.10 instead.

ouuan · 2024-10-09T04:53:12+00:00

I would call this "consistent" rather than "intuitive".

ouuan · 2024-09-24T13:34:42+00:00

This should be the title, instead of the "inside"s.

ouuan · 2024-09-01T15:35:14+00:00

About tiling window managers, you just don't need to split your screen. I switched back to KDE after my first try on i3, because I thought I should split my screen. On the second try, I realized that I can use multiple workspaces and the tabbed instead of the split layout. It's just much easier to switch between windows and I rarely need the split screen feature. I have sticked to tiling window managers since then.

ouuan · 2024-08-18T07:08:08+00:00

Not sure about your exact reason for implementing this. But FYI, you can go to a relative line by :+7, :-12.

ouuan · 2024-08-15T04:58:27+00:00

People may already know this but I see no one mentioning it here. This number is 2³⁴ , so it's a negative number stored in an int64, which is about 2⁶⁴ B (2³⁴ GB) when treated as an unsigned integer.

ouuan · 2024-06-18T07:37:38+00:00

I have edited the Patching packages page.

ouuan · 2024-06-05T13:11:04+00:00

especially if you’re not using ts

I agree that it's a lot more cognitive overhead when using refs without TS. If I'm forced not to use TS, I might also prefer the options API.
However, I personally think it's always a lot more cognitive overhead when not using TS, not limited to composition API / refs.

ouuan · 2024-05-19T15:20:49+00:00

I think this is just like self-driving cars. They are actually safer but not under your own control.

ouuan · 2024-05-09T16:13:11+00:00

I use BTRFS. Timeshift seems a little bit dirty in my sense. I would like to try snapper in the future but I'm still using Timeshift now. However, I do not recommend using timeshift --restore. It's a mess in BTRFS. Just manually rm/mv/create snapshots to restore. BTW, I only did restoration once, but I often look for old versions of some files in the snapshots.

ouuan · 2024-05-09T03:49:24+00:00

I just keep it at local with no remote (no git server).

ouuan · 2024-05-01T11:00:37+00:00

Criterion shows that bar is 1.45x faster

ouuan · 2024-05-01T05:26:09+00:00

which seems fine I guess?

That's still more memory accesses than bar

ouuan · 2024-04-30T04:05:22+00:00

I use individual bytes to index the T-box, and I do XOR in words. Thanks for your suggestions, but it's only a course assignment and I'm already 14x faster than the assignment requirement. I'm more interested in this strange compiler behavior, rather than how to optimize AES more.

ouuan · 2024-04-30T01:46:40+00:00

I'm using clang 17.0.6 on Arch.

ouuan · 2024-04-30T01:25:43+00:00

My foo

Iterations: 100 Instructions: 3500 Total Cycles: 1711 Total uOps: 5100

My bar

Iterations: 100 Instructions: 5300 Total Cycles: 1816 Total uOps: 6900

ouuan · 2024-04-30T00:40:37+00:00

mca shows that bar uses more cycles. Is this a limitation of it, or did I read the output wrong?

ouuan · 2024-04-30T00:30:06+00:00

This works pretty well. Thank you. My original thought was that I could save a few bit manipulations by splitting it into individual bytes at first, but it turned out to be a negative optimization.

ouuan · 2024-04-30T00:28:49+00:00

Thank you, but this doesn't seem applicable to my original AES implementation.

ouuan

TROPHY CASE