Can they stop naming projects written in Rust with Rust in the name?
Announcement
Collapse
No announcement yet.
Rust-Written Rustls Now Reportedly Outperforming OpenSSL & BoringSSL
Collapse
X
-
Originally posted by Shnatsel View Post
This is the entire dependency tree for rustls:
rustls v0.23.15
├── aws-lc-rs v1.10.0
│ ├── aws-lc-sys v0.22.0
│ │ ├── libc v0.2.159
│ │ └── paste v1.0.15 (proc-macro)
│ ├── mirai-annotations v1.12.0
│ ├── paste v1.0.15 (proc-macro)
│ ├── untrusted v0.7.1
│ └── zeroize v1.8.1
├── log v0.4.22
├── once_cell v1.20.2
├── rustls-pki-types v1.10.0
├── rustls-webpki v0.102.8
│ ├── aws-lc-rs v1.10.0 (*)
│ ├── rustls-pki-types v1.10.0
│ └── untrusted v0.9.0
├── subtle v2.6.1
└── zeroize v1.8.1
In general its good to have an abstraction with a memory safe language. Memory safety is infectious like async programming -> good thing.
- Likes 1
Comment
-
In microservices and its stack there is need for contracts and contract level agreement and other related tech and other service decisions, maybe also tech stack development and mature level analysis and contract development...
practically said, if there are microservices and such understanding is more complex in some situations than required or wanted, then come into place various other frameworks and other stuff...
to this problem seems as not so related, but today server(not only http in various levels and protocols, rfc or ieee understanding sometimes also iso standards ill for tough programming requirements for end level programmer), but today server is monolithic shit with automatic certificate requirements as automatic addon or automatic service or messages understanding and relations... which in server Space could translate to market share of http servers or application market share of security libs...
but for problem there is also understanding, that protocols and also http/2/3 and so on has some implementations, but for a lot of programs there is no interface, there is no service contracts for apps to choose its backend or automatic addon, or forcing for protocols to have some abilities, which practically said in game industry is big shit for programmers to implement anticheating or network shits which means that a lot of games are Windows or gameconsole only...
today Debian/Ubuntu and similar have /etc/alternatives which said which program is default choosen one , but programs or server apps have .env which could said such thing also... but for rustls implementations maybe there is need for think about classic libs what does it means for today shit with https://www nonsense and maybe some upgrades for RIPE is required for wipeout some tech nerd understanding from last math centuries not so needed practically anymore even in some postquant world where math is present but also something more for end programmers even in rust Space is maybe needed but not present
Comment
-
Originally posted by access View PostThat's the lock file. These are the deps: https://github.com/rustls/rustls/blob/main/Cargo.toml -> https://github.com/rustls/rustls/blo...tls/Cargo.toml etc
OpenSSL is for the test suite.
Actually, the lock file gives the unfolded list of dependencies, so it's quite relevant (but very verbose).
Last edited by Unscript; 23 October 2024, 04:07 AM.
- Likes 7
Comment
-
Originally posted by Almindor View Post
I'd be careful here. `unsafe` in Rust is actually in many ways more dangerous than plain C or even assembly. The reason for that is that in `unsafe` blocks, you (as in the programmer) are responsible for ensuring that the invariants expected by the compiler are upheld on the unsafe/safe barrier.
- Likes 5
Comment
-
Originally posted by Almindor View Post
I'd be careful here. `unsafe` in Rust is actually in many ways more dangerous than plain C or even assembly. The reason for that is that in `unsafe` blocks, you (as in the programmer) are responsible for ensuring that the invariants expected by the compiler are upheld on the unsafe/safe barrier.
This, as it turns out, is quite difficult and tricky in some cases. It can definitely be much more murky than plain old C. I'm saying this as an embedded rust developer and generally a big rust fan.
For anyone more interested in Rust and `unsafe`, I strongly suggest going over the Rustonomicon at https://doc.rust-lang.org/nomicon/
Anyway, there's very little unsafe used in this library, though it's not as much documented as it should. I would be more concerned about the alpha stage of it (it's only 0.23) and the dependencies (some of which are very alpha, too). There are a number of issues, and the code hasn't been exposed as much as the library it wants to replace, and the compiler can only do so much to guarantee safety.
- Likes 2
Comment
-
Originally posted by Shnatsel View Post
This is the entire dependency tree for rustls:
rustls v0.23.15
├── aws-lc-rs v1.10.0
│ ├── aws-lc-sys v0.22.0
│ │ ├── libc v0.2.159
│ │ └── paste v1.0.15 (proc-macro)
│ ├── mirai-annotations v1.12.0
│ ├── paste v1.0.15 (proc-macro)
│ ├── untrusted v0.7.1
│ └── zeroize v1.8.1
├── log v0.4.22
├── once_cell v1.20.2
├── rustls-pki-types v1.10.0
├── rustls-webpki v0.102.8
│ ├── aws-lc-rs v1.10.0 (*)
│ ├── rustls-pki-types v1.10.0
│ └── untrusted v0.9.0
├── subtle v2.6.1
└── zeroize v1.8.1
(Plus, paste v1.0.15 (proc-macro), zeroize v1.8.1 , aws-lc-rs v1.10.0, rustls-pki-types v1.10.0, and untrusted v0.9.0 are in there twice, despite being downloaded and compiled once each, since that's how cargo tree shows things.)
If you snip out any transitive dependencies which are already depended on at a higher level, it looks like this:
Originally posted by Shnatsel View Postrustls v0.23.15
├── aws-lc-rs v1.10.0
│ ├── aws-lc-sys v0.22.0
│ │ └── libc v0.2.159
│ ├── mirai-annotations v1.12.0
│ ├── paste v1.0.15 (proc-macro)
│ └── untrusted v0.7.1
├── log v0.4.22
├── once_cell v1.20.2
├── rustls-pki-types v1.10.0
├── rustls-webpki v0.102.8
├── subtle v2.6.1
└── zeroize v1.8.1Last edited by ssokolow; 23 October 2024, 12:19 PM.
- Likes 7
Comment
Comment