quinn
advisory-db
Our great sponsors
quinn | advisory-db | |
---|---|---|
23 | 37 | |
3,449 | 852 | |
2.7% | 3.9% | |
9.0 | 9.2 | |
1 day ago | 6 days ago | |
Rust | ||
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
quinn
-
Why HTTP/3 is eating the world
Since it lives on top of UDP, I believe all you need is SOCK_DGRAM, right? The rest of QUIC can be in a userspace library ergonomically designed for your programming language e.g. https://github.com/quinn-rs/quinn - and can interoperate with others who have made different choices.
Alternately, if you need even higher performance, DPDK gives the abstractions you'd need; see e.g. https://dl.acm.org/doi/abs/10.1145/3565477.3569154 on performance characteristics.
-
Async rust – are we doing it all wrong?
> Making things thread safe for runtime-agnostic utilities like WebSocket is yet another price we pay for making everything multi-threaded by default. The standard way of doing what I'm doing in my code above would be to spawn one of the loops on a separate background task, which could land on a separate thread, meaning we must do all that synchronization to manage reading and writing to a socket from different threads for no good reason.
Why so? Libraries like quinn[1] define "no IO" crate to define runtime-agnostic protocol implementation. In this way we won't suffer by forcing ourselves using synchronization primitives.
Also, IMO it's relatively easy to use Send-bounded future in non-Send(i.o.w. single-threaded) runtime environment, but it's almost impossible to do opposite. Ecosystem users can freely use single threaded async runtime, but ecosystem providers should not. If you want every users to only use single threaded runtime, it's a major loss for the Rust ecosystem.
Typechecked Send/Sync bounds are one of the holy grails that Rust provides. Albeit it's overkill to use multithreaded async runtimes for most users, we should not abandon them because it opens an opportunity for high-end users who might seek Rust for their high-performance backends.
-
quicssh-rs Rust implementation SSH over Quic proxy tool
quicssh-rs is quicssh rust implementation. It is based on quinn and tokio
-
The birth of a package manager [written in Rust :)]
Regarding Quinn, I had a blast this week resurrecting an old PR. Looking forward to the next!
- Best performing quic implementation?
-
str0m a sans I/O WebRTC library
By studying u/djcu/hachyderm.io (and others!) excellent work in Quinn, doing a sans I/O implementation of QUIC https://github.com/quinn-rs/quinn we have a way forward.
-
durian - a high-level general purpose client/server networking library
QUIC isn't web/wasm-compatible because of https://github.com/quinn-rs/quinn/issues/1388, so durian wouldn't either since it's built on top of it.
-
FPS server with QUINN?
Quinn, as in the implementation of QUIC? https://github.com/quinn-rs/quinn
-
I built a Zoom clone 100% IN RUST
You are right, I am planning to switch the transport to UDP + quic using the awesome QUINN library, https://github.com/quinn-rs/quinn .
-
I write a secure UDP tunnel
Hi, I am new to the community, I just started learning rust and created a secure UDP tunnel based on the Quinn library, thanks to Quinn, I didn't need to go into the detail of the QUIC protocol and quickly created a UDP tunnel, and thanks to the BBR congestion control algorithm it uses, the tunnel performs quite well with lousy and long fat network, I didn't do any benchmark, but it performs a lot better (higher throughput with LFN) than most of other TCP tunnel implementations I used before.
advisory-db
- Serde-YAML for Rust has been archived
- When Zig is safer and faster than Rust
-
Advisory: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
You might also want to add this to https://github.com/rustsec/advisory-db so that cargo audit and Dependabot surface it.
-
"This type of secure-by-default functionality is why we love Go"
The behavior of not extracting outside the specified directory has been the default since forever in Rust's tar. And then it had two RUSTSEC advisories for not handling this correctly in certain corner cases. The latest one in 2021.
-
greater supply chain attack risk due to large dependency trees?
cargo-audit only checks for known issues reported to a vulnerability database.
- capnproto-rust: out-of-bound memory access bug
-
`cargo audit` can now scan compiled binaries
However, I keep getting this error when running cargo audit bin ~/.cargo/bin/*, even if I replace * with a specific binary: Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 467 security advisories (from C:\Users\jonah\.cargo\advisory-db) Updating crates.io index error: I/O operation failed: The system cannot find the path specified. (os error 3) I'm on Windows 10.
-
MIA Github Assignee on very minor PR
I usually open an issue asking if the crate is still maintained. If there isn't a response for a decent amount of time (like multiple months) and the crate is somewhat popular then it could be worth opening an unmaintained advisory in the advisory-db
-
RustSec Advisory Database Visualization
Here is the visualization of RustSec Advisory Database. I hope it will be helpful. If you need any more charts, feel free to comment.
-
Github Dependency graph adds vulnerability alerting support for Rust
FWIW the RustSec database is still not synced into the Github databse on a regular basis, even though they did an initial import of it. So the cargo audit github action is still relevant.
What are some alternatives?
quiche - 🥧 Savoury implementation of the QUIC transport protocol and HTTP/3
cargo-deny - ❌ Cargo plugin for linting your dependencies 🦀
s2n-quic - An implementation of the IETF QUIC protocol
chrono - Date and time library for Rust
h3
vulndb - [mirror] The Go Vulnerability Database
msquic - Cross-platform, C implementation of the IETF QUIC protocol, exposed to C, C++, C# and Rust.
rustsec - RustSec API & Tooling
laminar - A simple semi-reliable UDP protocol for multiplayer games
dwflist - The DWF IDs
neqo - Neqo, an implementation of QUIC in Rust
Rudra - Rust Memory Safety & Undefined Behavior Detection