I repeat, from today #Windows Support #milestone is completed 🎉
This is means that all crates works on that OS as expected, tests going on CI regularly and that CI-checks marked as required for merge from now.
I’m happy to see the diagnostic namespace finally in a stable release. This is the result of nearly 2 years of work.
I would like to thank the Rust Foundation for funding a part of the work. I also would like to thank @ekuber and @errs for their help and guidance while designing and building this feature.
Only took it a couple of years, but the cc-rs crate will finally use the spectre-mitigated CRT if you're building in a spectre-mitigated VS Command Prompt (or happen to set the correct env var): https://github.com/rust-lang/cc-rs/pull/673
It'll be a while before this flows into the Rust Compiler itself, so in the meantime we did publish a crate to do the same thing: https://crates.io/crates/msvc_spectre_libs
I'm a fan of data sovereignty, decentralization, and Fediverse but discoverability without 3rd party platforms (like Fediverse) is a challenge. I've always liked the idea of webrings and to take back more of the web, I launched one recently with the #SystemCrafters community: https://shom.dev/posts/20240417_starting-a-webring-in-2024/
Thanks to @kern for their excellent Ringfairy generator in Rust which helped knock this off the wishlist and into a real thing. Come join!
Now that I'm on a new instance, I guess I should do an #introduction.
I'm Anna, lesbian extraordinaire. I made a lot of plugins for FFXIV, I made Heliosphere (a website+plugin for FFXIV mods), I've made a pastebin... Just a lot of stuff that's caught my interest.
I use a lot of #rustlang and #csharp. I like to read #fantasy and #scifi on my ereader. I like TTRPGs, video games (#ffxiv), some TV and movies, almost all music, and my girlfriend.
I'm very left-leaning, and I believe everyone should have rights - equitable rights at that. (How is this a lefty thing to say and not just normal, basic compassion?) If you are bigoted in any way, I want nothing to do with you.
I don't know. I think I'm pretty average. If I get safe vibes from you, I'll probably approve your follow request.
I'm easing myself back into work with the goal of offering freelance software engineering consultation and Rust education. More news soon, but in the meantime I have availability to take on a few clients for short-term Rust coaching/advice/mentoring/expert support over the next couple of months. If you're thinking of adopting Rust or are learning Rust and want to deepen you or your team's understanding and become more effective, lets chat! #rustlang
My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. https://boehs.org/node/everything-i-know-about-the-xz-backdoor for a good timeline):
This is going to be an excellent teaching example for advanced supply chain attacks that I will definitely be using in the future - after much more in-depth analysis.
It seems to have been a long game, executed with an impressive sequence of steps and preparation, including e.g. disabling OSSFuzz checks for the particular code path and pressuring the original maintainer into accepting the (malicious) contributions.
Given the luck involved in this case, we need to assume a number of other, currently unknown supply chain backdoors that were successfully deployed with comparable sophistication and are probably active in the field.
Safe(r) languages like #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C++ for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner and automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian#OpenPGP#web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
The winnow library for #RustLang is the most fun I've had writing parsers in my entire life. It's taken a thing that I've always dreaded and turned it into a joy.
I love two things about it:
It uses &mut &[u8], &mut &str, &mut <token stream ref>, etc. That is simply so much nicer to use than consuming a &[u8] and returning a &[u8].
It isn't all-encompassing! it encourages you to interleave imperative and functional code, just like idiomatic Rust in general.