cap-std
Cargo
cap-std | Cargo | |
---|---|---|
12 | 264 | |
621 | 11,985 | |
0.6% | 1.1% | |
6.6 | 10.0 | |
about 1 month ago | 3 days ago | |
Rust | Rust | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cap-std
-
Rust Library Team Aspirations | Inside Rust Blog
I believe you mean capability based, like cap-std.
-
A Performance Evaluation on Rust Asynchronous Frameworks
There might be another reason to prefer async-std right now: the Bytecode Alliance is working on a version of std with support for capability-based security (called cap-std: https://github.com/bytecodealliance/cap-std ), and their async version is based on async-std (called cap-async-std: https://github.com/bytecodealliance/cap-std/tree/main/cap-async-std ). Given the clout that the Bytecode Alliance has, async-std might end up carving a niche out in the Wasm domain.
-
Backdooring Rust crates for fun and profit
Would love to see something like this implemented around creating a Process in cap-std ( https://github.com/bytecodealliance/cap-std/issues/190 )
-
Scripting Languages of the Future
I think it's not discussed enough how things like language features shape how library APIs are formed. People usually seem to only consider the question "how would I use this feature?" and not "how would the standard library look like with this feature?", which is surprising given how much builtin libraries affect the pleasantness of a language.
One of the things I'm excited to see is the cap-std project for Rust [0] given what Pony [1] has demonstrated is possible with capabilities. I'm also hoping that languages like Koka [2] and OCaml [3] will demonstrate interesting use cases for algebraic effects.
[0] https://github.com/bytecodealliance/cap-std
[1] https://www.ponylang.io/discover
[2] https://koka-lang.github.io
[3] https://github.com/ocaml-multicore/effects-examples
- Is using crates more safe than using npm?
-
Why WebAssembly is innovative even outside the browser
I'm not sure you could hack the control flow when running bytecode on the JVM, but I strongly doubt that. (The JVM is "high-level" as pointed out previously and doesn't execute ASM like code. So there is no of the attack surface you have to care on the ASM level).
And capabilities are anyway something that belongs into the OS — and than programs need to be written accordingly. The whole point of the capability-security model is that you can't add it after the fact. That's why UNIX isn't, and never will be, a capability secure OS.
But "sanboxing" some process running on a VM is completely independent of that!
WASM won't get you anything beyond a "simple sanbox" ootb. Exactly the same as you have in the other major VM runtimes.
If you want capability-secure Rust, there is much more to that. You have to change a lot of code, and use an alternative std. lib¹. Of course you can't than use any code (or OS functionality) when it isn't also capability-secure. Otherwise the model breaks.
To be capability-secure you have actually to rewrite the world…
¹ https://github.com/bytecodealliance/cap-std
-
Security review of "please", a sudo replacement written in Rust
The type system could definitely help. There's all sorts of things we can do. One really cool project is https://github.com/bytecodealliance/cap-std
- Preparing rustls for wider adoption
- cap-std: Capability-oriented version of the Rust standard library
-
First class I/O
On the topic of unsafe being used to describe raw file descriptors, on one hand, there is a sense in which file descriptors are pointers, into another memory. They can leak, dangle, alias, or be forged, in exactly the same way. On the other, there is an open issue about this.
Cargo
-
Surprisingly Powerful – Serverless WASM with Rust Article 1
Installing Trunk happens through Cargo. Remember, Cargo is more than a package manager, it also supports sub-commands.
-
Understanding Dependencies in Programming
Dependency Management in Other Languages: We've discussed Python and Node.js in this article, but dependency management is a universal concept in programming. Exploring how you handle dependencies in other languages like Java, C#, or Rust could be beneficial. (I think Rust's cargo is an excellent example of a package manager.)
- Cargo Script
-
Scriptisto: "Shebang interpreter" that enables writing scripts in compiled langs
Nice hack! Would it have been possible back then to use cargo to pull in some dependencies?
The clean solution of cargo script is here: https://github.com/rust-lang/cargo/issues/12207
-
Making Rust binaries smaller by default
Yes, I am sure this is going to be a part of Rust 1.77.0 and it will release on 21st March. I say that because of the tag in the PR (https://github.com/rust-lang/cargo/pull/13257#event-11505613...).
I'm no expert on Rust compiler development, but my understanding is that all code that is merged into master is available on nightly. If they're not behind a feature flag (this one isn't), they'll be available in a full release within 12 weeks of being merged. Larger features that need a lot more testing remain behind feature flags. Once they are merged into master, they remain on nightly until they're sufficiently tested. The multi-threaded frontend (https://blog.rust-lang.org/2023/11/09/parallel-rustc.html) is an example of such a feature. It'll remain nightly only for several months.
Again, I'm not an expert. This is based on what I've observed of Rust development.
-
You can't do that because I hate you
The author provides very surface-level criticism of two Rust tools, but they don't look into why those choices were made.
With about five minutes of my time, I found out:
wrap_comments was introduced in 2019 [0]. There are bugs in the implementation (it breaks Markdown tables), so the option hasn't been marked as stable. Progress on the issue has been spotty.
--no-merge-sources is not trivial to re-implement [1]. The author has already explained why the flag no longer works -- Cargo integrated the command, but not all of the flags. This commit [2] explains why this functionality was removed in the first place.
Rust is open source, so the author of this blog post could improve the state of the software they care about by championing these issues. The --no-merge-sources error message even encourages you to open an issue, presumably so that the authors of Cargo can gauge the importance of certain flags/features.
You could even do something much simpler, like adding a comment to the related issues mentioning that you ran into these rough edges and that it made your life a little worse, or with a workaround that you found.
Alternatively, you can continue to write about how much free software sucks.
[0]: https://github.com/rust-lang/rustfmt/issues/3347
[1]: https://github.com/rust-lang/cargo/pull/10344
[2]: https://github.com/rust-lang/cargo/commit/3842d8e6f20067f716...
-
Cargo has never frustrated me like npm or pip has. Does Cargo ever get frustrating? Does anyone ever find themselves in dependency hell?
You try to use it as a part of multi-language project, with an external build tool to tie it all together, and you discover that --out-dir flag is still not stabilized over some future compatibility concerns.
- State of Mozilla
-
Learning Rust by Building a CLI App
To create a new application we'll use cargo (a build tool and also a package manager for Rust. It is used for scaffolding new library/binary projects). So in your projects folder, you can run this command in your terminal:
-
Leaving Haskell Behind
> ...but at the end of the day Cargo is the reason that Rust is popular.
FWIW, maybe that's true for you, but there are numerous other advantages to the language for which many people choose to use Rust--some even "despite" Cargo: you see Google having had to put in way way WAY too much work to get Bazel working for Rust :/--that it honestly feels a bit like belittling an extremely important language to make this claim so flippantly.
> You can set a default build target for a Cargo project with two lines of configuration, no nightly features necessary...
This doesn't work as, as soon as you start setting target-specific options, it infects the host build, as they incorrectly modelled the problem as some kind of map from targets to flags. If you don't believe me, on your Linux computer, try cross-compile something complicated that will runs on a "least common denominator" Linux distribution, such as CentOS 7.
> Can you clarify what this is referring to?
Sure. I've Googled rust cargo target host bugs for you (which, FWIW, finds a number of bugs I've filed or have talked about, but it isn't as if I have a list anywhere). Note that one of these bugs is "closed", but I still provide them for context as a patch might have been merged but (as you'll find out if you read through all of these) it isn't stable.
https://github.com/rust-lang/cargo/issues/8147
https://github.com/rust-lang/cargo/issues/3349
https://github.com/rust-lang/cargo/pull/9322
https://github.com/rust-lang/cargo/issues/9453
https://github.com/rust-lang/cargo/pull/9753
The result of this work being left incomplete is that increasingly large numbers of "serious" projects--things I'd expect people in packaging land to have heard of, such as BuildRoot--are being forced to set the ridiculous environment variable __CARGO_TEST_CHANNEL_OVERRIDE_DO_NOT_USE_THIS="nightly" in order to get access to a flag that makes Cargo sort of work.
(And yet, I often see people surprised at how long it is taking for various of the more important clients to fully get into using Rust, as the safety issues are so severe from continuing to use C/C++: as you made the contention that you believe the reason why people use Rust is Cargo, I will say the opposite: the reason why we don't see more Rust is also Cargo.)
What are some alternatives?
godot-wasm-engine
RustCMake - An example project showing usage of CMake with Rust
watt - Runtime for executing procedural macros as WebAssembly
Clippy - A bunch of lints to catch common mistakes and improve your Rust code. Book: https://doc.rust-lang.org/clippy/
cargo2nix - Granular builds of Rust projects for Nix
RustScan - 🤖 The Modern Port Scanner 🤖
rusty-wacc-viewer
opencv-rust - Rust bindings for OpenCV 3 & 4
cargo-supply-chain - Gather author, contributor and publisher data on crates in your dependency graph.
overflower - A Rust compiler plugin and support library to annotate overflow behavior
effects-examples - Examples to illustrate the use of algebraic effects in Multicore OCaml
crates.io - The Rust package registry