Most people I know do seem to “need” one, to pretend to be in a different place so they can watch geo-restricted videos.

Rust Los Angeles: Building Git-LFS Replacements in Rust, Wed, Jan 28, 2026, 6:00 PM | Meetup The Rust ecosystem is exploding right now! New tools, use cases, and companies adopting it at scale. With so many interested in staying up-to-date on these trends, we figur

I will go to the Rust Los Angeles meetup event in Santa Monica tomorrow (Wed) evening: www.meetup.com/rust-los-ang...

little reason for it in most FFI either since the stronger types can be used in FFI.

I don’t remember. I thought it did. But even if not, f(…).into()? Isn’t much worse than f(…)?.

When your FFI functions return a c_int status, you can instead have them return #[repr(transparent)] struct Res(c_int); and then impl From<Res> for Result<(), Error>. This works in stable Rust today.

Vibe coding a Rust MCP proxy in VSCode with GitHub Copilot A hands-off experiment building a Rust-based Model Context Protocol (MCP) proxy tool using only GitHub Copilot agent mode. Covers setup, multi-transport support, and lessons learned from letting Copil...

New blog post! 📰 I tried "vibe coding" in VSCode using GitHub Copilot (Claude Sonnet) to build an MCP proxy tool in Rust — I didn't touch a line of code, just pure agent mode magic 🧙‍♂️ 🚀👇 awakecoding.com/posts/vibe-c...

In NIST DRBGs, the potentially-attacker-controlled “m” is the “additional info” (sp? from memory). Look at how they do it. There seem to be optimized ways of doing it, mostly by using simpler keyed constructs (HMAC, HKDF). And some do other ways, also involving a random component.

This sketch of rejection sampling seems like a strawman with the overly simplistic H(ctr||M) construct. Many implementations do rejection sampling without the leakage you mention, by using more sophisticated constructs. The wording misleadingly, dangerously, implies the bad one is the only one. HTH.

It won’t stop all new lints from firing though, just the ones where the suggestions require newer features. if you don’t want CI to fail on the day a new stable Rust is released, more work is needed.

clippy.toml gives you a way to set the MSRV for clippy lints separately from the MSRV of your crate, right?

Make sure your forum wasn’t hacked to serve different content to people who aren’t logged in and/or who aren’t admins and/or from different IPs than what admins typically use.

Your issuance numbers probably should be adjusted for lifetime. three consecutive 90-day certificates are equivalent to one 270-day certificate, for example.

This is what I've been driving for the past year! It's an exciting time, with Rust making its way into one of the most critical pieces of software: the core crypto library used in Azure and Windows. With Rust, formal verification becomes easier, and so far, no blockers to Rust adoption.

If you refuse to give permission to Parallels to abuse the accessibility features to automate the installation of the update, it will fail to install it (stating the obvious?). But if you go to the macOS developer downloads page, download that system update, and install it manually, it works.

Tried macOS 26 beta in a VM. I like the glass effect. The default icons in dark mode are like the ones on iPhone, but the clear icons look good.

It seems like a stepping stone toward touchscreen Macs. Lots of big UI elements & more of an emphasis on interactivity. Needs refinement of the layering.

As a software developer, I find many aspects of the app’s design to be amazing. It’s actually one the best-designed apps I’ve ever used, especially in sports. Some clunky parts, but overall it is really impressive. It’s been working extremely reliably for me, which is amazing on its own.

Abstract. We present an effective methodology for the formal verification of practical cryptographic protocol implementations written in Rust. Within a single proof framework, we show how to develop machine-checked proofs of diverse properties like runtime safety, parsing correctness, and cryptographic protocol security. All analysis tasks are driven by the software developer who writes annotations in the Rust source code and chooses a backend prover for each task, ranging from a generic proof assistant like F⋆ to dedicated crypto-oriented provers like ProVerif and SSProve Our main contribution is a demonstration of this methodology on Bert13, a portable, post-quantum implementation of TLS 1.3 written in Rust and verified both for security and functional correctness. To our knowledge, this is the first security verification result for a protocol implementation written in Rust, and the first verified post-quantum TLS 1.3 library.

Formal Security and Functional Verification of Cryptographic Protocol Implementations in Rust (Karthikeyan Bhargavan, Lasse Letager Hansen, Franziskus Kiefer, Jonas Schneider-Bensch, Bas Spitters) ia.cr/2025/980

I am watching a lot of baseball. Too much.

@watchmarquee.bsky.social @mlb.com Would love to get the Cubs games in 5.1 audio through MLB.TV.

It seems to be required by the design of core::atomics, like you point out. Presumably it could be upstreamed into libcore proper as well, though I suspect there are some knobs to tweak it that libcore wouldn’t like to expose. Definitely not an easy situation to deal with.

I mean, this needs a new target spec with a new implementation of core sync atomic, right?

Can’t you implement atomics by checking the address of the atomic and using a lock stored in coherent memory that guards some kind of (expensive, slow) coherence protocol built on top of the lock?

Doesn’t that mean that malloc must avoid allocating from PSRAM, or the target much claim no atomics?

It would have been exactly the same as Chrome, except slower to market. That was the problem, and still is the problem with Firefox today.

I wasn’t involved in the decision making. I did seem to be the one who informed decision makers for the first time that the sandbox would still be needed. I remember that very clearly because the surprised—and, it seemed, doomed—look on people’s faces surprised me.

Very early on I think memory safety was seen as a lighter-weight substitute for sandboxing. This was before we realized Servo would have so much legacy code in it, and it was before Spectre/Meltdown made it clear it was impossible even without legacy code. (Not sure what the plan was for the JIT.)

I simply disable the cancel button so I don’t have to worry about it.

It seems like you could make it fail to link in non-text scenarios by having tests link to a library that provides a symbol that it depends on.

It’s the time of year where we re-read ComodoHacker’s pastebin. Props to pastebin.com for keeping this up for all these years. pastebin.com/u/ComodoHacker

Probably for 90%+ it could be like that, regardless of AI. But there’s no way to tell how long the rest will take to get it “perfect enough,” nor to exactly meet the customer’s unknown expectations. Just like we’d expect a decision about programming language syntax to go.