MSRC-Security-Research
QMetaObject crate for Rust
MSRC-Security-Research | QMetaObject crate for Rust | |
---|---|---|
9 | 20 | |
1,292 | 601 | |
0.4% | 1.2% | |
5.1 | 6.5 | |
7 months ago | 2 months ago | |
Python | Rust | |
Creative Commons Attribution 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MSRC-Security-Research
-
A reactionary take on memory safety
You’ll find more primary sources across different organizations that all arrive at the 60 - 70% number. But what really grinds my gears here is that you take a piece from the article you’re criticizing and pretend that it’s a quote from Matt Miller.
It’s actually quite easy to find a primary source here because the slides from the talk that the article is based on are available: https://github.com/microsoft/MSRC-Security-Research/blob/mas...
To quote from those slides: „~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues“.
-
Zig and Rust
> It's still bizarre though that Rust is capturing such ridiculous mindshare.
I don't think it's that bizarre. The two big headline features that bring Rust such popularity are: #1 "70% of bugs are memory-safety bugs" [1] and Rust can help solve those, and #2 C/C++ have a couple of package manager solutions - none of which have critical mass and Rust "comes with" cargo.
Those two make me really eager to continue experimenting with Rust.
> It seems to be a temporary low-level programming zeitgeist driven by YouTube and Reddit recommendation algorithms to an audience that has never done it and probably never will.
This is some weird gatekeep-y kinda thing. Most of us didn't start out with low-level programming. Wouldn't it have been odd and frustrating for someone to tell your younger self that you have "never written C and probably never will"?
[1] https://github.com/microsoft/MSRC-Security-Research
-
Will Carbon Replace C++?
https://github.com/microsoft/MSRC-Security-Research/blob/mas...
- How CastGuard Works [BHUSA 2022]
-
Arm releases experimental CHERI-enabled Morello board
Windows is likely a big task for the same reasons as SMAP (https://github.com/microsoft/MSRC-Security-Research/blob/mas...). XNU should be comparable to FreeBSD, which CheriBSD is a fork of, as both use Mach's VM for memory management and have a bunch of shared code in various places, but userspace is more of an unknown quite how much effort it'd be (you'll need to port Objective-C and, now, Swift, for example). For Chromium we have ported WebKit, so I'd imagine Blink isn't too dissimilar. V8 is likely interesting, though we have a version of WebKit's JSC JIT for Morello, which gives confidence in V8 being doable.
- Security Analysis of CHERI ISA
- Security Analysis of Cheri ISA [pdf]
-
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
A related post from Google Security Blog[0]:
> "A recent study[1] found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on security issues in the ubiquitous `curl` command line tool showed that 53 out of 95 bugs would have been completely prevented by using a memory-safe language. [...]"
[0]: https://security.googleblog.com/2021/02/mitigating-memory-sa...
[1]: https://github.com/Microsoft/MSRC-Security-Research/blob/mas...
-
Rust for Windows
Here is some of the internal advocacy going on at Microsoft.
- Managed languages if you can afford a GC
- Rust
- C++ with Core Guidelines
https://github.com/microsoft/MSRC-Security-Research/tree/mas...
Note that there are still some teams like Azure Sphere and Azure RTOS, which are only providing C based SDKs, so no everyone is on the same wave length.
QMetaObject crate for Rust
-
9 years of Apple text editor solo dev
You can use Rust with QML[1].
QML is actually pretty amazing. I've been building my block editor[2] view entirely in QML while the model is in C++. This separation of logic and presentation works great. And yes, there are some crashes sometimes (that I find quite easy to debug thanks to the built-in debugger), but take for example a similar app that's built with Rust and Dart[3], in my testing there were still memory leaks that caused my computer to hang. It's better to know you have a bug than for it to be hidden from you.
I agree with parent commenter, saying these cross-platform frameworks will end up supporting the least common denominator set of features. But I found with external open source libraries, the community is catching up very fast. For example, you want the awesome translucency macOS apps have for your Qt app? Here you go[4]. Many such cases. It's also pretty straightforward to add your own custom OS-dependent code, especially so, if someone already open sourced his approach. I recently wanted to move the traffic light buttons on macOS for my app, but couldn't figure the Objective-C code for that. I ended up looking at either Tauri or Electron source code and found my answer.
[1] https://github.com/woboq/qmetaobject-rs
[2] https://www.get-plume.com/
[3] https://www.appflowy.io/
[4] https://github.com/stdware/qwindowkit
-
I like rust but want to use Qt.
I just used qmetaobject-rs and my experience with Qt/QML. There's the QML book from Qt if you're just starting, which is pretty nice https://www.qt.io/product/qt6/qml-book
- GUI development with Rust and GTK 4
-
Made my first app in Rust! A notification daemon for Linux :)
qmetaobject is probably the most mature Qt Rust binding at the moment. It uses the cpp crate to embed C++ inline in Rust to create its bindings. There are some people using it and it does get some maintenance, but it's not under active development since the original author is now working on Slint.
- QT for Rust?
-
Using KConfig with Rust
The bindings currently use the git version of qttypes since I had to merge some upstream changes that are needed for these bindings. So they are not ready for prime time just yet.
-
CXX-Qt: safe Rust bindings for Qt
There are a bunch of bindings with different language, but even the ones that are officially supported like PySide will still be second class citizen and awkward to use.
Automated binding generation will never give you idiomatic API in whatever language. And if you want an idiomatic library that wraps Qt, it's going to take a huge amount of work.
Which is why I think restricting to QML makes sense because that's a much smaller API surface. That was the ambition behind my previous crate that exposes QML to rust: https://github.com/woboq/qmetaobject-rs/
But now I've moved on to another GUI project: Slint https://github.com/slint-ui/slint
-
Why does Rust code compile into a single executable binary?
Whisperfish does this with Qt: https://github.com/woboq/qmetaobject-rs/issues/102
-
Announcing Gyroflow - an advanced video stabilization tool written in Rust with GPU acceleration and cross-platform UI
What do you want to know? It's pretty easy thanks to the amazing work of guys behind qmetaobject-rs.
-
Using KI18n with Rust and Qml
This is probably the portion that I found the most difficult. The README of qmetaobject-rs gives us a basic idea of the build script, so I started with that. Here is my starting script
What are some alternatives?
rust-zmq - Rust zeromq bindings.
Slint - Slint is a toolkit to efficiently develop fluid graphical user interfaces for any display: embedded devices and desktop applications. We support multiple programming languages, such as Rust, C++ or JavaScript. [Moved to: https://github.com/slint-ui/slint]
wuffs - Wrangling Untrusted File Formats Safely
slint - Slint is a declarative GUI toolkit to build native user interfaces for Rust, C++, or JavaScript apps.
PowerShell - PowerShell for every system!
wxRust - A Rust binding of the wxWidgets cross platform toolkit.
windows-rs - Rust for Windows
ritual - Use C++ libraries from Rust
Cargo - The Rust package manager
Rust Qt Binding Generator git - Generate bindings to use Rust code in Qt and QML
winapi-rs - Rust bindings to Windows API
Native Windows GUI - A light windows GUI toolkit for rust