automaxprocs
trophy-case
Our great sponsors
| automaxprocs | trophy-case | |
|---|---|---|
| 6 | 14 | |
| 3,746 | 392 | |
| 2.3% | 1.3% | |
| 6.0 | 2.8 | |
| 2 months ago | 9 days ago | |
| Go | ||
| MIT License | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
automaxprocs
-
Go, Containers, and the Linux Scheduler
We use https://github.com/uber-go/automaxprocs after we joyfully discovered that Go assumed we had the entire cluster's cpu count on any particular pod. Made for some very strange performance characteristics in scheduling goroutines.
-
Senior engineer here trying to pick up Go for jobs. What resources can you recommend me to cover as much ground as possible
Follow notable issues on https://github.com/golang/go to understand such things like why https://github.com/uber-go/automaxprocs was created.
-
Shouldn't have happened: A vulnerability postmortem
AFAIK, it hasn't changed, this exact situation with cgroups is still something I have to tell fellow developers about. Some of them have started using [automaxprocs] to automatically detect and set.
[automaxprocs]: https://github.com/uber-go/automaxprocs
trophy-case
-
Rust from a security perspective, where is it vulnerable?
You could check cargo-fuzz trophy case, which is a list of issues that have been found via fuzzing.
-
capnproto-rust: out-of-bound memory access bug
I've added it to the trophy case.
-
Looking for simple rust programs to crash
The same fuzzing techniques applied to Rust yielded a lot of bugs as well. But in Rust's case only 7 out of 340 fuzzer-discovered bugs, or 2%, were memory corruption issues. Naturally, all of the memory corruption bugs were in unsafe code.
-
Fuzzcheck (a structure-aware Rust fuzzer)
If you have found any bugs with this tool, perhaps add them to the Rust fuzz trophy case?
-
Rust is more portable than C for pngquant/libimagequant
Source: https://github.com/rust-fuzz/trophy-case (over 40 of those are just from me).
-
Rust takes a major step forward as Linux's second official language
But to bring some data, check out the fuzz trophy case. It shows that failures in Rust are most often assertions/panics (equivalent to C++ exception) with memory corruption being relatively rare (it's not never—Rust isn't promising magic—but it's a significant change).
-
Shouldn't have happened: A vulnerability postmortem
You need to read the list more carefully.
• The list is not for Rust itself, but every program every written in Rust. By itself it doesn't mean much, unless you compare prevalence of issues among Rust programs to prevalence of issues among C programs. For some context, see how memory unsafety is rare compared to assertions and uncaught exceptions: https://github.com/rust-fuzz/trophy-case
• Many of the memory-unsafety issues are on the C FFI boundary, which is unsafe due to C lacking expressiveness about memory ownership of its APIs (i.e. it shows how dangerous is to program where you don't have the Rust borrow checker checking your code).
• Many bugs about missing Send/Sync or evil trait implementations are about type-system loopholes that prevented compiler from catching code that was already buggy. C doesn't have these guarantees in the first place, so lack of them is not a CVE for C, but just how C is designed.
-
Which self hosted password manager?
Well, it's more than 15 years old, and the ratio of critical security bugs to normal bugs found by fuzzers is lower for rust, which i know is not a perfect metric but it's at least a decent indication that it is actually safer. Source: https://github.com/rust-fuzz/trophy-case and https://lcamtuf.coredump.cx/afl/#bugs . Plus, speaking as somebody who does programming as a hobby, it does have some nice features( lifetimes, the way references work and being more explicit about duplication of data, etc.) in terms of memory management that even if they don't 100% prevent critical bugs at least help. But idk, in the grand scheme of things rust is still a new language, so i get the concern.
-
Add experimental fuzz test support for Go 1.17
Fuzzing is still very relevant in Rust. It tends to find panics rather than segfaults, but that's still bugs.
-
Dependency on rust removes support for a number of platforms
To add data on the Rust side:
https://github.com/rust-fuzz/trophy-case
there are a few Rust ASN implementations. They've been caught running out of memory and having arithmetic overflows, but no segfaults or use-after-frees. Rust doesn't prevent all problems, but things that slip through tend to be less severe.
What are some alternatives?
diem - Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.
go-fuzz - Randomized testing for Go
rfcs - RFCs for changes to Rust
gccrs - GCC Front-End for Rust
BLAKE3 - the official Rust and C implementations of the BLAKE3 cryptographic hash function
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]
go-perfbook - Thoughts on Go performance optimization
sudo - Utility to execute a command as another user
go - The Go programming language
rustc_codegen_gcc - libgccjit AOT codegen for rustc
mrustc - Alternative rust compiler (re-implementation)
cryptography - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.