worik

Born on November 09, 2014•5801 Karma

About Submitted Comments Favorites

worik•

4 days ago

•on: US holds off blacklisting DeepSeek, more than 100 ...

Until they scantion Brazil

It can happen to anyone

worik•

4 days ago

•on: US holds off blacklisting DeepSeek, more than 100 ...

Damn, USA, you being foolish.

The world economy is not a zero sum gain, we all do better when we do better

Cooperate with China, love and cherish them.

Unlike us of European heritage, they are not imperialistic

Get over yourselves!

cisrockandroll•

4 days ago

Oh yeah the Chinese Empire is not imperial… Dynasty Shymnasty!

worik•

4 days ago

•on: Why stdx is not on crates.io

> What problem does stdx actually solve?

Even a small rust programme can end up importing hundreds of crates. For many applications you need to investigate and verify your dependencies.

A substantialstandard library, the hypothesis is, will vastly reduce the number of sources you need to trust

It is early days for this, it is not to be trusted yet.

2. It is not crates.io specifically that is the problem. It is the concept of using many imports that all need verifying (my original statement here)

jcgrillo•

4 days ago

Conceptually that makes sense, but has there been a supply chain problem lately? It's been a few years since I worked on a large rust project with tons of deps, but I don't recall there being a big problem. Especially with cargo vendor.

If fully auditing a collection of deps is the goal, it seems that could be accomplished by maintaining a list of repos and trusted commit hashes?

I guess I'm wondering whether there's some incremental solution that fits better with how the rest of the ecosystem works?

EDIT: just saw reference to cargo-vet, very cool! Thanks Colin.

worik•

4 days ago

> It's been a few years since I worked on a large rust project with tons of deps, but I don't recall there being a big problem.

The problem was ignored, perhaps?

Not every project is vulnerable, but many systems programming tasks are

I have encounted it

worik•

4 days ago

•on: Why stdx is not on crates.io

I am a supporter of Kerkour's efforts

> are Rust developers going to seriously entertain an alternative "standard library" curated by one developer.

No. Absolutely not

But this is a start. Join the effort. Help them

worik•

4 days ago

•on: Why stdx is not on crates.io

> The blog has been on a downward spiral for years, it's doomed, let it go.

Argumentum ad hominem, yuk

> the fundamental mistake of assuming that they’re trustworthy and we’d trust them no questions asked.

The author makes no such assumption, it is entirely your decision

> this repo is 100% AI slop,

That is an exaggeration. It is coded with AI help, as is almost everything these days

Agree, or disagree, that an anemic standard library is a problem, and crates.io is a glaring security risk and a looming catastrophe Kerkour is doing something about it

This is a start

worik•

4 days ago

•on: Why stdx is not on crates.io

> As in why would I trust a random git repo

It is one repo to trust, rather than hundreds

That is the reason

simonask•

3 days ago

The reason is invalid.

worik•

4 days ago

•on: Why stdx is not on crates.io

> stealing some code

Strong words. Care to back them up?

worik•

6 days ago

•on: A backdoor in a LinkedIn job offer

> Don't stay honest to those don't value it.

IMO you are either honest or you are not

zuzululu•

5 days ago

If you are honest with people who don't want to hear the truth, you are going to be dishonest with people when they want the truth.

picofarad•

5 days ago

That doesn't follow.

zuzululu•

5 days ago

you'll figure it out

worik•

6 days ago

•on: The Fable 5 Export Controls Harm US Cyber Defense

Typical. Meanwhile Chinese, open weight models, will catch up.

This ban is security theater, virtue signaling, again

worik•

8 days ago

•on: The state of building user interfaces in Rust

I have been building on a Pi with a 7 inch touch screen

I started out looking for lightweight X-Windows solutions, for the LLM and me to use. Cutting a long and frustrating story short I settled on SDL2 Rust wrapper

But what a PITA X-Windows is (e.g. need Wayland for some things, but does not work well for others), and my goal is an appliance, not an app.

So in a moment of insight I spent an afternoon getting SDL2 to draw on the Framebuffer and dispensed with X entirely

I highly recommend this approach. Life is so much easier without X-Windows