language
Our great sponsors
bad_actor_poc | language | |
---|---|---|
12 | 146 | |
322 | 2,554 | |
- | 1.8% | |
0.0 | 8.9 | |
almost 3 years ago | 2 days ago | |
Rust | TeX | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bad_actor_poc
-
Why is `const fn` different from other “const” things?
I'm not suggesting people in this thread are wrong, but working for a security company gives a slightly different perspective. For example, there's really nothing stopping a rogue crate from exporting your private keys, just by using VS code. I wasn't thinking about this when I helped write that proposal, though.
- Did somebody play around with macros yet?
-
todo-or-die!
Having less tools that can do things like https://github.com/lucky/bad_actor_poc is a relief.
-
Workspace Trust in VS Code
Code execution that may not be so obvious could be the preLaunchTask that runs before starting the app and can run a build that has an extra task executing arbitrary code unrelated to the build. What about the npm module that steals your crypto wallet private keys? Make a simple edit and a malicious linter is loaded from the node_modules folder, instead of the one that is installed globally. Even reading the code can be deceptive, attackers can use Unicode hacks to hide malicious code in plain sight. Heck, you don't even have to open any source code to be owned.
- lucky/bad_actor_poc - Stealing secrets with Rust Macros proof-of-concept via VSCode: This shows a trivial example of exfiltrating secrets just by the developer opening up the source
- Visual Studio Code May 2021
-
Carnet: A Tool for Sandboxing Cargo and Buildscripts
https://github.com/lucky/bad_actor_poc is one example
-
Fixated on end-user security, FOSS developers neglect their own...
It turns out that because Rust can execute code at compile time, simply opening a Rust source file in an editor with code completion support can cause a virus to be installed on my computer. Apparently I can't trust anything but basic text editors anymore...
- Using Rust Macros to exfiltrate secrets
language
- Why do we have to put the const keyword in Flutter?
-
Playing around with Extension Types
I noticed that I can enable inline-class as an experiment to play with Extension Types. You need to also add sdk: ^3.3.0-0 to your pubspec.yaml.
- Entendendo Algoritmos: Recursão
-
Dart 3.1 and a retrospective on functional style programming in Dart
Current syntax is not all that bad if you are going to do OO and add various helper methods on `Message` and its subclasses, but if you just want to define your data and no behavior / helpers - then it is exceedingly verbose.
[1]: https://github.com/dart-lang/language/issues/3021
-
Macro example for Flutter widgets
Reference
-
HTML template languages?
A future version of Dart will probably support macros which should make this all a bit easier to use, similar to how Swift 5.9 works which makes already fantastic use of its new macro capabilities by integrating mobx (or solidjs) like reactivity into SwiftUI by a harmlessly looking @Obervable annotation.
-
What’s New in Swift 5.9?
Coming from a Dart context here where that team is also looking at adding Macros to the language. It was really interesting to compare and contrast some of the approaches https://github.com/dart-lang/language/blob/main/working/macr...
-
Build clean & concise UI components with Flutter similar to styled-components in React Native
Yes, that needs a bit of boilerplate for the constructor declaration and the extra build method, but I personally don't mind and with implicit constructors this will become much easier. Also, you get a performant UI as Flutter knows to not redraw widgets that didn't change.
-
A Guide to State Management in Flutter | Mobile App Development
I know that it would be nice not to use the generator at all, but we have to wait until static metaprogramming is implemented in dart. https://github.com/dart-lang/language/issues/1482
-
Why is Swift so slow (timeout) in compiling this code?
I implemented a prototype version of the algorithm in that paper when exploring exhaustiveness checking for pattern matching in Dart.
I found it pretty easy to understand, but also really easy to get it to generate huge combinatorially large spaces. Some careful memoization and deduplication helped, but even so I never got the performance to a state I considered acceptable.
Instead, I went with Luc Maranget's classic approach and figured out a way to adapt it to a language with subtyping (with a ton of work from Johnni Winther to figure out all of the hard complex cases around generics):
https://github.com/dart-lang/language/blob/main/accepted/fut...
The performance (in the prototype!) was dramatically better. You can always make pattern matching go combinatorial, but I haven't seen any real-world switches get particularly slow with our approach yet, and we have some fairly large tests of matching on tuples of enums.
What are some alternatives?
carnet - A Tool for Sandboxing Cargo and Buildscripts
sdk - The Dart SDK, including the VM, dart2js, core libraries, and more.
Visual Studio Code - Visual Studio Code
freezed - Code generation for immutable classes that has a simple syntax/API without compromising on the features.
macro_prototype - A very basic prototype of macros using build_runner
quicktype - Generate types and converters from JSON, Schema, and GraphQL
code-it-later-rs - Filter crumbs you left in comments of code to remind where you were
Flutter - Flutter makes it easy and fast to build beautiful apps for mobile and beyond
security - Embargoed security issues that will be made public after a fix is made available. Use https://github.com/nim-lang/security/security
gallery - Flutter Gallery was a resource to help developers evaluate and use Flutter
const-eval - home for proposals in and around compile-time function evaluation
conduit - Dart HTTP server framework for building REST APIs. Includes PostgreSQL ORM and OAuth2 provider.