Squid VS cargo-geiger

> But I’m working on setting up a VPN at my house to tunnel all Netflix traffic through ...

On a technical point, you might be able to get away with just using Squid for the proxy, with pretty much default settings.

http://www.squid-cache.org

I used to use that years ago (not with Netflix though) running from a data centre, using an ssh (autossh) tunnel to reach it securely.

Worked pretty well, aside from the extra latency due to the packets having to go an extra half way around the world. ;)

I recommend trying a transparent proxy like Squid. There are many analytics tools for Squid logs. Squid can generate TLS certificates on the fly to inspect secure websites but you'll have to generate and install a CA certificate and key into Squid. You'll also have to import the CA certificate on any machine accessing the internet through the Squid proxy. Squid has the added bonus of caching content to speed up web browsing and reduce data usage.

I “invented” IPFS when I though “wouldn’t it be nice if we could combine Squid-Cache with BackupPC

A couple of dedicated server-side resource caching solutions have emerged over the years: Memcached, Varnish, Squid, etc. Other solutions are less focused on web resource caching and more generic, e.g., Redis or Hazelcast.

Web caching (more techical, probably not useful) there squid-cache

Also, the fact it is distributed by HTTP allow companies (and ISPs) to cache content in Squid servers (http://www.squid-cache.org/). And this is quite a feature!

If your router is compatible with custom firmware (Tomato or DD-WRT) you can flash it and use the logging features of those platforms. Otherwise no there isn't really an "app or software" that can do this, you need a piece of hardware that sits between the LAN devices and the internet connection. That can be a full-fledged computer, if you're willing to use it as firewall or router (pfSense), DNS server (PowerDNS) or proxy server (Squid).

Instead of looking at the crates themselves, you might want to check your (or others') Rust application with https://github.com/rust-secure-code/cargo-geiger to get a sense of effective prevalence. I also dispute that the presence of unsafe somewhere in the dependency tree is an issue in itself, but that's a different discussion that many more had in other sub-threads.

There's still plenty. Run cargo geiger on any of your projects and see for yourself.

On point 2, the answer is cargo geiger, and judging how much memory safety you need for a given project.

You can use cargo-geiger or cargo-crev to check for whether people you trusted (e.g. u/jonhoo ) trust this crate.

The amount of unsafe code is also a factor. cargo geiger is a handy tool for measuring it.

We have cargo-geiger that does just that.

For that, I believe you need to use cargo-geiger[0] and audit the results.

[0] - https://github.com/rust-secure-code/cargo-geiger

cargo-geiger is a subcommand you can install which will check all the crates in your dependency graph for unsafe blocks and print out a report (which also shows if a crate has #![forbid(unsafe_code)] or not). You can then inspect those crates' sources to judge their use of unsafe for yourself. I don't think it has a "check" mode that simply errors if your dependency graph contains unsafe though, it's more about just collecting that information.

wrt to memory safety, keep in mind that many rust crates use "unsafe" internally. There are tools available that can find these such as cargo-geiger. So I would suggest to avoid unsafe deps as much as possible. Since they cannot be avoided entirely, it is a good idea to keep a list of unsafe deps.