trophy-case
go
Our great sponsors
trophy-case | go | |
---|---|---|
14 | 2,071 | |
394 | 119,564 | |
1.8% | 1.2% | |
2.8 | 10.0 | |
22 days ago | 7 days ago | |
Go | ||
Creative Commons Zero v1.0 Universal | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trophy-case
-
Rust from a security perspective, where is it vulnerable?
You could check cargo-fuzz trophy case, which is a list of issues that have been found via fuzzing.
-
capnproto-rust: out-of-bound memory access bug
I've added it to the trophy case.
-
[LWN] A pair of Rust kernel modules
That said, what's present in what quantities under what circumstances in the Rust fuzzing trophy case does a pretty good job of illustrating how effective the Rust compiler is at ruling out entire classes of bugs.
-
Looking for simple rust programs to crash
The same fuzzing techniques applied to Rust yielded a lot of bugs as well. But in Rust's case only 7 out of 340 fuzzer-discovered bugs, or 2%, were memory corruption issues. Naturally, all of the memory corruption bugs were in unsafe code.
-
Everything Is Broken: Shipping rust-minidump at Mozilla, Part 1
https://github.com/rust-fuzz/trophy-case has like 70 of my issues in it, including the nine minidump bugs
-
Fuzzcheck (a structure-aware Rust fuzzer)
If you have found any bugs with this tool, perhaps add them to the Rust fuzz trophy case?
-
Rust is more portable than C for pngquant/libimagequant
Source: https://github.com/rust-fuzz/trophy-case (over 40 of those are just from me).
-
Rust takes a major step forward as Linux's second official language
But to bring some data, check out the fuzz trophy case. It shows that failures in Rust are most often assertions/panics (equivalent to C++ exception) with memory corruption being relatively rare (it's not never—Rust isn't promising magic—but it's a significant change).
-
Shouldn't have happened: A vulnerability postmortem
You need to read the list more carefully.
• The list is not for Rust itself, but every program every written in Rust. By itself it doesn't mean much, unless you compare prevalence of issues among Rust programs to prevalence of issues among C programs. For some context, see how memory unsafety is rare compared to assertions and uncaught exceptions: https://github.com/rust-fuzz/trophy-case
• Many of the memory-unsafety issues are on the C FFI boundary, which is unsafe due to C lacking expressiveness about memory ownership of its APIs (i.e. it shows how dangerous is to program where you don't have the Rust borrow checker checking your code).
• Many bugs about missing Send/Sync or evil trait implementations are about type-system loopholes that prevented compiler from catching code that was already buggy. C doesn't have these guarantees in the first place, so lack of them is not a CVE for C, but just how C is designed.
- Safer usage of C++ in Chrome
go
-
Microsoft Maintains Go Fork for FIPS 140-2 Support
There used to be the GO FIPS branch :
https://github.com/golang/go/tree/dev.boringcrypto/misc/bori...
But it looks dead.
And it looks like https://github.com/golang-fips/go as well.
-
AWS Serverless Diversity: Multi-Language Strategies for Optimal Solutions
Now, I’m not going to use C++ again; I left that chapter years ago, and it’s not going to happen. C++ isn’t memory safe and easy to use and would require extended time for developers to adapt. Rust is the new kid on the block, but I’ve heard mixed opinions about its developer experience, and there aren’t many libraries around it yet. LLRD is too new for my taste, but **Go** caught my attention.
-
How to use Retrieval Augmented Generation (RAG) for Go applications
Generative AI development has been democratised, thanks to powerful Machine Learning models (specifically Large Language Models such as Claude, Meta's LLama 2, etc.) being exposed by managed platforms/services as API calls. This frees developers from the infrastructure concerns and lets them focus on the core business problems. This also means that developers are free to use the programming language best suited for their solution. Python has typically been the go-to language when it comes to AI/ML solutions, but there is more flexibility in this area. In this post you will see how to leverage the Go programming language to use Vector Databases and techniques such as Retrieval Augmented Generation (RAG) with langchaingo. If you are a Go developer who wants to how to build learn generative AI applications, you are in the right place!
-
From Homemade HTTP Router to New ServeMux
net/http: add methods and path variables to ServeMux patterns Discussion about ServeMux enhancements
-
Building a Playful File Locker with GoFr
Make sure you have Go installed https://go.dev/.
- Fastest way to get IPv4 address from string
- We now have crypto/rand back ends that ~never fail
-
Why Go is great choice for Software engineering.
The Go Programming Language
-
OpenBSD 7.5 Released
When Go first shipped, it was already well-documented that the only stable ABI on some platforms was via dynamic libraries (such as libc) provided by said platforms. Go knowingly and deliberately ignored this on the assumption that they can get away with it. And then this happened:
https://github.com/golang/go/issues/16606
If that's not "getting burned", I don't know what is. "Trying to provide a nice feature" is an excuse, and it can be argued that it is a valid one, but nevertheless they knew that they were using an unstable ABI that could be pulled out from under them at any moment, and decided that it's worth the risk. I don't see what that has to do with "not being as broadly compatible as they had hoped", since it was all known well in advance.
-
Go's Error Handling Is Perfect
Sadly, I think that is indeed radically different from Go’s design. Go lacks anything like sum types, and proposals to add them to the language have revealed deep issues that have stalled any development. See https://github.com/golang/go/issues/57644
What are some alternatives?
diem - Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.
v - Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io
go-fuzz - Randomized testing for Go
TinyGo - Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.
gccrs - GCC Front-End for Rust
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
BLAKE3 - the official Rust and C implementations of the BLAKE3 cryptographic hash function
Nim - Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. Its design focuses on efficiency, expressiveness, and elegance (in that order of priority).
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]
Angular - Deliver web apps with confidence 🚀
rustc_codegen_gcc - libgccjit AOT codegen for rustc
golang-developer-roadmap - Roadmap to becoming a Go developer in 2020