People can have various reasons for such look. It can be a symbol of non-conformity.
Official Rust spaces have a code of conduct that is inclusive and forbids discrimination, and this may attract people who otherwise wouldn’t feel comfortable to participate.
They are dlopened by the rustc process. You can totally mess with it: https://nitter.net/m_ou_se/status/1368632701448818691
I’d love static analysis that finds which functions may panic, which are guaranteed not to. On a related note, it’d be nice to be able to hoist panics out of loops and coalesce multiple consecutive assertions into one (llvm can’t do it, because partially done work is a side effect).
At least 69K, which is over half of all crates — https://lib.rs/quote is used almost exclusively for output of proc macros.
To generate the LLVM code correctly you need to run build.rs if there is any, and run proc macros which are natively compiled compiler plugins, currently running without any sandbox.
The final code isn’t run, but the build process of Cargo crates can involve running of arbitrary code.
The compilation process can be sandboxed as a whole, but if it runs arbitrary code, a malicious crate could take over the build process and falsify the LLVM output.
Yes, it's Blink without the bits that Google doesn't share (I wanted to be precise that nobody can compile actual Chrome from public sources, they can build Chromium which is almost but not quite the same)
@-me if you have tips to share.
Vivaldi uses the same engine as Chromium, and the company has been founded by ex Opera developers.
Plus you can make certain sites always automatically open in their designated container, even if you followed a link. You can keep sites know for spying away from your logged in identity. You can have your banking and other important sites in another container for extra defense in depth.
I'm all for it, but I don't see how I could do that with lib.rs in particular. The site already takes a swing at the anarcho-capitalist-flavored plutocracy.
I prefer data as is rather than having to double guess every search result
What's the bad scenario you're worried about here? What type of data you're specifically worried about? Do you expect me to maliciously manipulate the data, or is even well-intentioned curation and use of heuristics somehow not acceptable?
My view on data cleanup is probably very different than other people's, because I've spent a lot (likely too much) time with the crates' data. The pure unadulterated source data is… bad. It's very sparse (most crates don't fill it in). It's full of outdated information (set once and forgotten, wrong for forks). Some crates-io category slugs are pretty misleading, so tons of crates are miscategorized by their own authors: parsing is not for file parsers, database is not for databases. accessibility …I can't even. Who put ogg parsers, gRPC, garrysmod, RFID readers in there?
There are tons of name-squatted crates, ferris guessing games, or just people's baby steps in Rust. If you search on crates.io you often get the pure data of someone publishing a crate years ago and forgetting about it. This is pure, this is ranked objectively, this is curated and subjective.
crates-io shows you plainly only the license of the crate you're looking at. lib.rs goes further and checks if the crate has any dependencies which are GPL, because if a crate says it's MIT but has GPL deps, it actually is GPL.
crates-io shows you repository URL exactly as-is specified in the metadata, which could be inaccurate (in case of forks) or outright fake (someone else's repo). lib.rs checks if the repository URL actually contains the crate or has the same owner as the crate, and will add a link to the true source code if the repo url is suspicious.
crates-io shows owners' names from the free-form name field, so somebody malicious could pretend to be a well-known trusted user. lib.rs only allows display names for established/reputable accounts, and uses login name for new/untrusted accounts.
I maintain a long-term Rust + Node.js project, and the Node side is the painful one.
Node makes backwards-incompatible changes, and doesn’t have anything like the editions to keep old packages working. I can end up with some dependencies working only up to Node vX, and some other deps needing at least Node v(X+1).