Rust

A few months ago, and now CISA (I had to look it up, CISA is the Cybersecurity and Infrastructure Security Agency) is talking about how memory safe languages like Rust can remove a whole class of security vulnerabilities: .

I work on Rust in Android and I find it really encouraging to see the language being highlighted again and again as a safe alternative to C and C++.

Edit 1

Already open-sourced. But please wait for maybe one day, before I clean up everything and publish it!

Original

I have made a bindgen to allow Dart/Flutter to call Rust via FFI. It is memory safe, and you do not need to care about anything like allocate/free an object.

Question: Anyone interested in it? If many people are interested, I can polish it can make it open-source. (Since you know, making it open-source will require some time and efforts.)

Features

• Memory-safe: never need to think about alloc/free.

• Zero-copy (almost): Big objects can be passed from Rust to Dart without any copy.

• Rich type support: Not only primitives like int/double, but also Uint8List(Vec<u8>), List<T>(Vec<T>), any custom structs. You can even use recursive structs.

• Async programming: Your Rust code can run for a long time, and it will not block the main isolate (i.e. not block UI). You can call functions directly in main isolate of Dart, so no need for switching between isolates.

• Easy to use: All you need to do is write down your Rust code. The bindgen will do everything and expose an API in the Dart/Flutter style.

Example

Write the following Rust code (that is all you need to do!):

pub struct TreeNode {
    pub value: i32, # of course, also support also support other types
    pub children: Vec<MyTreeNode>,
}

pub fn hello_world(s: MyTreeNode, b: SomeOtherStruct) -> Result<Something> {
    Ok(...)
}

It will automatically generate everything, and you only need to call a generated Dart/Flutter API which looks like:

class ExampleApi {
    Future<Something> helloWorld({required MyTreeNode a, required SomeOtherStruct b}) async { ... auto generated implementation ... }
}

P.S. There already exists a low-level one (in the C style), but all memory alloc/free should be done manually, so it is quite unsafe. That is why I do this high-level bindgen.

Edit 2: You choose the name of this lib!

What name do you think is the best? If many people vote on your suggested name, I will use it. (Fallback name: flutter_rust_bridge).

Oh I see editing a post will not make any notifications. So this edit is almost useless...

This quote has been tossed around with the release notes. Does anybody know what it actually means? What modules might be written in rust (and where the heck is the Ubuntu source kept even)

I am a beginner in binary exploitation and I have seen that rust is on the rise. Now rust is a safe programming language that makes our programs safe from stack overflow, heap overflow, format string and race condition. This only leaves logic errors to exploit. Does this mean that rust binaries cannot be exploited,? if there is no use of "unsafe" in the target application, will that application be immune to hackers?

I am quite confident that I will get torn to shreds for writing this post and called stupid, but I really don't care. I have to call a spade a spade. The emperor has no clothes. The Rust programming language is atrocious. It is horrible, and I wish it a painful and swift death.

I've been programming for well over thirty years. I'm quite good at it (usually). I have been told by many coworkers and managers that I'm super fast. Well, not in Rust!

I've used quite a lot of languages over the years, though I am by far the most proficient in Java. I started working before Java even existed, so I programmed in C professionally for 10 years too, then switched to Java. (I recall when I learned Java I thought it was the greatest thing since sliced bread.)

Now, here I am, forced to use Rust for a project at work. It is beyond painful.

All the advice out there to "go slow", "take your time", etc etc is just unrealistic in a real-world work environment when you have to actually accomplish a task for work. I need to write something that is highly multi-threaded and performant. I need what I need; it's not like I have the luxury to spend months building up to what I need from Rust.

Right off the bat, as a total Rust newbie, I'm hitting all kinds of rough edges in Rust. For example, I'm trying to use rusqlite. It would be natural to stash DB prepared statements in a thread local for reuse in my multi-threaded code. I can't pass the connections around, because I need them in a C call-back (too much detail here I know) so I have to be able to look them up. Alas, after banging my head against the wall for a full day, I'm just giving up on the thread-local approach, because I simply can't get it to work. Part of the problem is that I can't stash a prepared statement in the same (thread local) struct as the connection from which they are created, due to lifetime limitations. It also seems that you can't really use two thread locals (one for the connection and one for the prepared statements) either. If there's a way to do it, I can't figure it out.

Also right off the bat I am having trouble with using async in Trait functions. I tried to get it working with async_trait crate, but I'm failing there too.

All in all, Rust is a nightmare. It is overly verbose, convoluted, hard to read, slow to compile, and lifetimes really are a cruel joke. Googling for what I need rarely results in good answers.

I am truly convinced that all the people who claim Rust is great are either lying to themselves or others, or it is just a hobby for them. It shouldn't be this hard to learn a language. Rust feels like a MAJOR step back from Java.

I had to rant, because there is so much purple kool-aid drinkers out there on the Rust front. I call B.S.

Hi everyone 👋

First of all, I want to thank you all for your support throughout my journey learning Rust and working on my Rust embedded vector database, . Really appreciate the feedback, suggestions, and most importantly contributions that this community give me.

Since about 1 month ago, I was starting to feel the burnout doing just open-source because my savings is running out and stress from life in general. I love doing open-source and supporting people using OasysDB but without a full-time job to support myself, its not maintainable in the long-term.

Also, hearing the story about xz and stuff, I'm glad that people in OasysDB community is very patient and supportive.

So, long story short, someone opened an issue on OasysDB and suggested me to integrate OasysDB with his platform, , an open-source infrastracture for real-time data extraction and processing for gen AI apps.

We connected via LinkedIn and he noticed that I have my #OpenToWork badge on and asked me about it. I told him that if he's hiring, I'd love to be in his team. And he was!

We chat for the following day and the day after discussing the projects, the motivation behind them, and stuff.

The whole process went by really fast. He made the decision to onboard me the same day we last had a chat, Friday last week. We discuss the detail of the job and compensation over the weekend and just like that, I got my first Rust-oriented job.

I hear somewhere that to get lucky, you need to spread the area where you can receive luck. For me, my open-source project, OasysDB, is one such area.

If you are still trying to find a job, don’t give up and consider different channels other than applying via job boards.

Anyway, If you have any questions, please feel free to ask and if you have similar story, I'd love to hear them too 😁

I want to learn a programming language, is Rust programming suitable for beginner programming students?

I've been learning Rust for the past 3 months and now comparing it with my experience of learning C++ I definitely think it's a lot more difficult. There are just so many rules that you need to have a good understanding of to efficiently program in Rust, including(but not limited to): ownership, the borrow checker, cargo, lifetimes, traits, generics, closures, unsafe rust, etc. Not to forget all the concepts that Rust has inherited from C++. However this could be because I've been following and it does go into a lot of detail. Comment your opinion.

*edit
Thanks for all the feedback, its been most helpful and enjoyable!

I also must say that after hearing what has to say I have revoked my opinion as I have realized that I myself am not yet fully informed about the deep complexities of C++ and therefore have made an un-educated opinion. After I finish learning from I plan to revisit C++ in hopes of developing a more thorough understanding. Thanks again.

There are many ways to measure the popularity of programming languages. One of them is the size of the respective subreddits.

See on my personal blog and check out my articles about Rust.

Hi guys.
I saw some discussions on the benefits and issues with Rust being a first language. I acctually have a decent amount of experiance in python, had some time playing around with Java (I acctually even liked it. Kinda feels dirty). Now, I'm starting to think of rust for some projects. However it would be the first time I am trying a systems programming language. I never really had any C, C++ experiance. Never handled allocation of memory, never really had to face race conditions, just playing around with Rust was the first time I heard about the heap and stack.
Will I loose some deeper understanding if I skip the C experiance?

Thanks in advance

A year ago, the idea arose to rewrite the entire Java backend in Rust, which I have been developing and supporting for several years. I found all the analogues of libraries and frameworks from the Java world in the Rust ecosystem:

• Spring Framework = Axum

• Jackson = Serde

• Hibernate = SeaORM

• Bouncy Castle = Rustls

In the world of Rust, I could not find an analogue of only one library - JasperReports, which is used to generate reports. For this reason, we had to abandon the idea of ​​rewriting the entire project in Rust.

Since the niche for generating answers in Rust is empty, I created my own open source project - a report generator.

I decided not to reinvent the wheel, so I took many ideas from JasperReports. For example, to generate a report, you need two things:

1. Report template.

2. Data that needs to be inserted into the report.

I chose a report template in YAML format rather than XML because YAML is easier for humans to read and edit. By the way, it is for this reason that JasperReports has a WYSIWYG report template editor - it’s quite difficult to navigate XML.

Example report template:

title:
  - header: $P{company_name} Employee Report
    level: 1
page_header:
  - text: "Confidential information\n\n"
    size: 7
column_header:
  - name: Name
    width: 30
  - name: Age
    width: 10
  - name: Salary
    width: 20
row:
  - value: $F(name)
  - value: $F(age)
  - value: $F(salary)
column_footer:
  - value: "Average:"
  - value: $P{average_age}
  - value: $P{average_salary}
page_footer:
  - text: "Tel: +1 123 456 789"
    size: 7
summary:
  - paragraph:
    - text: "Company address: $P{company_address}"
      size: 10

The template consists of the following parts:

title - Report title. This section contains the title of the report and is used to clearly indicate the topic or content of the document. This is the first thing the user sees when opening a document.

page_header - Page header. This section is used to insert general information that should appear at the top of each report page.

column_header - Column headers. This section specifies the names of the columns and their width, which ensures a structured and clear presentation of data in the report tables.

row - Data rows. The section is designed to display specific data values. This allows information about each data item to be presented in a consistent and readable manner in its corresponding column.

column_footer - Column footer. This section is used to display summary or summary information for column data.

page_footer - Page footer. This is where information is placed that should be easily accessible on every page of the report.

summary - Report summary. Summary information after the report table.

When iterating over table rows, cells can be accessed through the expression $F(COLUMN_NAME). The report also supports global parameters, which can be accessed through the expression $P(PARAM_NAME).

Example data for the report:

{
   "rows": [
     {
       "name": "John",
       "age": 25,
       "salary": 50000
     },
     {
       "name": "Jane",
       "age": 30,
       "salary": 60000
     },
     {
       "name": "Jim",
       "age": 35,
       "salary": 70000
     }
   ],
   "params": {
     "company_name": "ABCDFG Ltd",
     "company_address": "1234 Elm St, Springfield, IL 62701",
     "average_age": 30,
     "average_salary": 60000
   }
}

I did not create a structure and require that the data be placed in it before calling the library. As input I expect just a set of bytes containing JSON in the following format.

To use the Metatron library, add to the Cargo.toml file:

[dependencies]
metatron = "0.2.1"

Example of using the report generator:

fn main() {
    let template_vec = std::fs::read("report-template.yaml").unwrap();
    let template = std::str::from_utf8(&template_vec).unwrap();
    let data_vec = std::fs::read("report-data.json").unwrap();
    let data = std::str::from_utf8(&data_vec).unwrap();
    let images = HashMap::new();
    let doc = Report::generate(template, data, &images).unwrap();
    let result = shiva::pdf::Transformer::generate(&doc).unwrap();
    std::fs::write("report.pdf",result.0).unwrap();
}

Pay attention to the line 'let result = shiva::pdf::Transformer::generate(&doc).unwrap();'. I use the Shiva library to serialize the report, which currently supports the following formats: Plain text, Markdown, HTML and PDF. In other words, in the line 'let doc = Report::generate(template, data, &images).unwrap()' we get a report in the Common Document Model (CDM), supported by the Shiva library. In the future, as the number of document formats supported by this library grows, Metatron will also be able to automatically generate reports in new formats.

The result is report.pdf

Currently, this project is in the MVP (Minimum Viable Product) stage. In the near future I plan to add:

• Image support

• CLI

• REST API server

• Subreports

The name "Metatron" for the library was inspired by several associative characteristics of the angel Metatron:

1. Recording Angel: Metatron is often associated with office and records. It is believed that it records all actions and events in the Universe. This association with office management and record keeping reflects the primary function of the report generator library.

2. Bridge between the heavenly and the earthly: Metatron is also known as a mediator between the Divine and the human, facilitating communication and understanding. In the context of a library, this can symbolize the transformation of data into understandable and accessible reporting forms

The project's source code is published on . If anyone wants to help with the project, please email.