Reposted by Brian Smith
New blog post! 📰 I tried "vibe coding" in VSCode using GitHub Copilot (Claude Sonnet) to build an MCP proxy tool in Rust — I didn't touch a line of code, just pure agent mode magic 🧙♂️ 🚀👇 awakecoding.com/posts/vibe-c...
Vibe coding a Rust MCP proxy in VSCode with GitHub Copilot
A hands-off experiment building a Rust-based Model Context Protocol (MCP) proxy tool using only GitHub Copilot agent mode. Covers setup, multi-transport support, and lessons learned from letting Copil...
awakecoding.com
July 29, 2025 at 8:22 PM
New blog post! 📰 I tried "vibe coding" in VSCode using GitHub Copilot (Claude Sonnet) to build an MCP proxy tool in Rust — I didn't touch a line of code, just pure agent mode magic 🧙♂️ 🚀👇 awakecoding.com/posts/vibe-c...
Reposted by Brian Smith
This is what I've been driving for the past year! It's an exciting time, with Rust making its way into one of the most critical pieces of software: the core crypto library used in Azure and Windows. With Rust, formal verification becomes easier, and so far, no blockers to Rust adoption.
We're rewriting parts of Microsoft's SymCrypt cryptographic library in Rust to improve memory safety and defend against side-channel attacks, enabling formal verification while maintaining backward compatibility via a Rust-to-C compiler: msft.it/6011SU7Fc
June 10, 2025 at 5:29 PM
This is what I've been driving for the past year! It's an exciting time, with Rust making its way into one of the most critical pieces of software: the core crypto library used in Azure and Windows. With Rust, formal verification becomes easier, and so far, no blockers to Rust adoption.
Tried macOS 26 beta in a VM. I like the glass effect. The default icons in dark mode are like the ones on iPhone, but the clear icons look good.
It seems like a stepping stone toward touchscreen Macs. Lots of big UI elements & more of an emphasis on interactivity. Needs refinement of the layering.
It seems like a stepping stone toward touchscreen Macs. Lots of big UI elements & more of an emphasis on interactivity. Needs refinement of the layering.
June 10, 2025 at 2:46 AM
Tried macOS 26 beta in a VM. I like the glass effect. The default icons in dark mode are like the ones on iPhone, but the clear icons look good.
It seems like a stepping stone toward touchscreen Macs. Lots of big UI elements & more of an emphasis on interactivity. Needs refinement of the layering.
It seems like a stepping stone toward touchscreen Macs. Lots of big UI elements & more of an emphasis on interactivity. Needs refinement of the layering.
Reposted by Brian Smith
Formal Security and Functional Verification of Cryptographic Protocol Implementations in Rust (Karthikeyan Bhargavan, Lasse Letager Hansen, Franziskus Kiefer, Jonas Schneider-Bensch, Bas Spitters) ia.cr/2025/980
June 2, 2025 at 2:52 AM
Formal Security and Functional Verification of Cryptographic Protocol Implementations in Rust (Karthikeyan Bhargavan, Lasse Letager Hansen, Franziskus Kiefer, Jonas Schneider-Bensch, Bas Spitters) ia.cr/2025/980
@watchmarquee.bsky.social @mlb.com Would love to get the Cubs games in 5.1 audio through MLB.TV.
May 10, 2025 at 1:40 AM
@watchmarquee.bsky.social @mlb.com Would love to get the Cubs games in 5.1 audio through MLB.TV.
It’s the time of year where we re-read ComodoHacker’s pastebin. Props to pastebin.com for keeping this up for all these years. pastebin.com/u/ComodoHacker
ComodoHacker's Pastebin - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
March 6, 2025 at 5:37 AM
It’s the time of year where we re-read ComodoHacker’s pastebin. Props to pastebin.com for keeping this up for all these years. pastebin.com/u/ComodoHacker
Released *ring* 0.17.9. X25519 is about 20% faster for GCC users (clang got it in 0.17.8). AES-GCM is slightly faster. Auditing the code for memory safety and panic-freeness should be easier now. Expect 100% compat with 0.17.8, but MSRV was raised from 1.61 to 1.63; still Debian-Stable-friendly.
February 14, 2025 at 1:07 AM
Released *ring* 0.17.9. X25519 is about 20% faster for GCC users (clang got it in 0.17.8). AES-GCM is slightly faster. Auditing the code for memory safety and panic-freeness should be easier now. Expect 100% compat with 0.17.8, but MSRV was raised from 1.61 to 1.63; still Debian-Stable-friendly.
Reposted by Brian Smith
New study on the effect of driver aids on crash risk:
- Lane keep assist: -19%
- Driver monitoring systems: -14%
- Automatic emergency braking: -10.7%
- Adaptive Cruise Control: +8%
- Cruise Control: +12%
No data on speed limit alerts though.
www.sciencedirect.com/science/arti...
- Lane keep assist: -19%
- Driver monitoring systems: -14%
- Automatic emergency braking: -10.7%
- Adaptive Cruise Control: +8%
- Cruise Control: +12%
No data on speed limit alerts though.
www.sciencedirect.com/science/arti...
Rethinking Advanced Driver Assistance System taxonomies: A framework and inventory of real-world safety performance
In this review, we assess the real-world effectiveness of ADAS! (ADAS!) in preventing vehicle crashes. We propose a new, data-driven framework of safe…
www.sciencedirect.com
February 11, 2025 at 11:21 AM
New study on the effect of driver aids on crash risk:
- Lane keep assist: -19%
- Driver monitoring systems: -14%
- Automatic emergency braking: -10.7%
- Adaptive Cruise Control: +8%
- Cruise Control: +12%
No data on speed limit alerts though.
www.sciencedirect.com/science/arti...
- Lane keep assist: -19%
- Driver monitoring systems: -14%
- Automatic emergency braking: -10.7%
- Adaptive Cruise Control: +8%
- Cruise Control: +12%
No data on speed limit alerts though.
www.sciencedirect.com/science/arti...
I wish I wasn’t the kind of person to question whether a language’s mutex implementation guarantees acquire/release semantics.
February 7, 2025 at 3:56 AM
I wish I wasn’t the kind of person to question whether a language’s mutex implementation guarantees acquire/release semantics.
Reposted by Brian Smith
Rust Rules! (Programming Language-Wise) www.eejournal.com/article/rust... Ferrous Systems has carved out a leadership role with respect to Rust solutions for safety-critical systems. Its flagship tool chain, Ferrocene, has achieved IEC 62304 Class C qualification for medical device software.
January 30, 2025 at 4:56 PM
Rust Rules! (Programming Language-Wise) www.eejournal.com/article/rust... Ferrous Systems has carved out a leadership role with respect to Rust solutions for safety-critical systems. Its flagship tool chain, Ferrocene, has achieved IEC 62304 Class C qualification for medical device software.
Reposted by Brian Smith
It's a big week for voting technology.
We're launching VotingWorks, the voting system we've been hard at work on for six years. Transparent, secure, and easy to use. So every American can trust their ballots are counted correctly.
voting.works/machines
We're launching VotingWorks, the voting system we've been hard at work on for six years. Transparent, secure, and easy to use. So every American can trust their ballots are counted correctly.
voting.works/machines
Voting Machines
The only open-source voting machines used in United States elections. Designed to VVSG 2.0.
voting.works
January 28, 2025 at 2:01 PM
It's a big week for voting technology.
We're launching VotingWorks, the voting system we've been hard at work on for six years. Transparent, secure, and easy to use. So every American can trust their ballots are counted correctly.
voting.works/machines
We're launching VotingWorks, the voting system we've been hard at work on for six years. Transparent, secure, and easy to use. So every American can trust their ballots are counted correctly.
voting.works/machines
Reposted by Brian Smith
Step N+1: the person with the keys will tell you that having the option to disable specific integration points is an enterprise-only feature, but that they can add it to your account if you confirm that's what you want.
A few minutes later, it's active. Ours now looks like this.
A few minutes later, it's active. Ours now looks like this.
January 18, 2025 at 3:56 PM
Step N+1: the person with the keys will tell you that having the option to disable specific integration points is an enterprise-only feature, but that they can add it to your account if you confirm that's what you want.
A few minutes later, it's active. Ours now looks like this.
A few minutes later, it's active. Ours now looks like this.
Reposted by Brian Smith
I want to share my experience today with Google support, trying to get Gemini (their AI/plagiarism machine) turned off in my Google workspace account. That account is where I personally do all my work communication—I am an editor, and most of my work contracts explicitly ban any use of Generative AI
January 17, 2025 at 1:02 AM
I want to share my experience today with Google support, trying to get Gemini (their AI/plagiarism machine) turned off in my Google workspace account. That account is where I personally do all my work communication—I am an editor, and most of my work contracts explicitly ban any use of Generative AI
Time to deprecate & remove wasm32-unknown-unknown. It is basically the same as a WASI 0.2 environment that exposes no components. It’s easy to create a minimal WASI 0.2 environment that implements wasi-random—or whatever—by delegating to the host (browser, etc.). This would simplify many libraries.
January 16, 2025 at 4:57 PM
Time to deprecate & remove wasm32-unknown-unknown. It is basically the same as a WASI 0.2 environment that exposes no components. It’s easy to create a minimal WASI 0.2 environment that implements wasi-random—or whatever—by delegating to the host (browser, etc.). This would simplify many libraries.
Thinking about switching to RedNote Actions for CI. I heard it has native loongarch64 support.
January 15, 2025 at 3:53 AM
Thinking about switching to RedNote Actions for CI. I heard it has native loongarch64 support.
Reposted by Brian Smith
NEWS: The massive Chinese hack of U.S. telecoms breached firms Charter, Consolidated and Windstream as part of a historic espionage campaign. Security vendor Fortinet was a key intrusion point. Investigators are still grappling with the damage.
That and much much more:
www.wsj.com/tech/cyberse...
That and much much more:
www.wsj.com/tech/cyberse...
How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons
Massive ‘Typhoon’ cyberattacks on U.S. infrastructure and telecoms sought to lay the groundwork for potential conflict with Beijing, as intruders gathered data and got in position to impede response a...
www.wsj.com
January 5, 2025 at 12:35 PM
NEWS: The massive Chinese hack of U.S. telecoms breached firms Charter, Consolidated and Windstream as part of a historic espionage campaign. Security vendor Fortinet was a key intrusion point. Investigators are still grappling with the damage.
That and much much more:
www.wsj.com/tech/cyberse...
That and much much more:
www.wsj.com/tech/cyberse...
If magic links work well for signing into your website then passkeys are probably a poor alternative for improving sign-in convenience, as they are overkill and the costs associated with them are high, especially end user support costs. Why not OpenID Connect w/ Discovery using the email address?
January 2, 2025 at 6:16 PM
If magic links work well for signing into your website then passkeys are probably a poor alternative for improving sign-in convenience, as they are overkill and the costs associated with them are high, especially end user support costs. Why not OpenID Connect w/ Discovery using the email address?
Saw Wicked, the stage production, in L.A. last night. It was truly a masterpiece of art. I usually avoid musicals of all sorts, and I seem to annoy people with my Hamilton review (“absolutely not worth the ticket price”). Especially if you have no interest in it, consider giving it a go.
December 27, 2024 at 7:06 PM
Saw Wicked, the stage production, in L.A. last night. It was truly a masterpiece of art. I usually avoid musicals of all sorts, and I seem to annoy people with my Hamilton review (“absolutely not worth the ticket price”). Especially if you have no interest in it, consider giving it a go.
When I order something from overseas on eBay I reliably (100% of the time) get a phishing text related to my package being stuck in customs. Receiving this message is the primary & only mechanism by which I learn my package has arrived in the US before it shows up at my door a few days later.
December 13, 2024 at 6:46 PM
When I order something from overseas on eBay I reliably (100% of the time) get a phishing text related to my package being stuck in customs. Receiving this message is the primary & only mechanism by which I learn my package has arrived in the US before it shows up at my door a few days later.
If you have chopped down a tree, drug it into your home, placed it in a pot of water, and decorated it with lights, then it is highly likely that you plugged it into whatever outlet that room has. If it isn’t a GFCI outlet, you can get an “inline” GFCI cord/wall-wart for this.
December 6, 2024 at 5:59 PM
If you have chopped down a tree, drug it into your home, placed it in a pot of water, and decorated it with lights, then it is highly likely that you plugged it into whatever outlet that room has. If it isn’t a GFCI outlet, you can get an “inline” GFCI cord/wall-wart for this.
AFAICT, the best defense against disasters (e.g. fire) caused by water (rain/sleet/snow/hose overspray) in electric decorations (e.g. Christmas lights) is the exclusive use of GFCI power outlets. If you don’t have conveniently-placed GFCI outlets, inexpensive “inline” GFCI adapters are available.
December 6, 2024 at 5:53 PM
AFAICT, the best defense against disasters (e.g. fire) caused by water (rain/sleet/snow/hose overspray) in electric decorations (e.g. Christmas lights) is the exclusive use of GFCI power outlets. If you don’t have conveniently-placed GFCI outlets, inexpensive “inline” GFCI adapters are available.
Reposted by Brian Smith
Supply chain attack via a shell injection in a PR branch name (!) due to unsafe use of GitHub Actions' pull_request_target.
Inserted a crypto miner in the PyPI package.
Paging @yossarian.net to the courtesy phone. Would github.com/woodruffw/zi... have caught it?
Inserted a crypto miner in the PyPI package.
Paging @yossarian.net to the courtesy phone. Would github.com/woodruffw/zi... have caught it?
in computer news: lol, lmao
github.com/ultralytics/...
it looks like github actions got tricked into running bash through a malicious branch name
which was used to ship mining malware inside python packages
incredible
github.com/ultralytics/...
it looks like github actions got tricked into running bash through a malicious branch name
which was used to ship mining malware inside python packages
incredible
Discrepancy between what's in GitHub and what's been published to PyPI for v8.3.41 · Issue #18027 · ultralytics/ultralytics
Bug Code in the published wheel 8.3.41 is not what's in GitHub and appears to invoke mining. Users of ultralytics who install 8.3.41 will unknowingly execute an xmrig miner. Examining the file util...
github.com
December 6, 2024 at 2:27 PM
Supply chain attack via a shell injection in a PR branch name (!) due to unsafe use of GitHub Actions' pull_request_target.
Inserted a crypto miner in the PyPI package.
Paging @yossarian.net to the courtesy phone. Would github.com/woodruffw/zi... have caught it?
Inserted a crypto miner in the PyPI package.
Paging @yossarian.net to the courtesy phone. Would github.com/woodruffw/zi... have caught it?
This was stabilized in Rust 1.81 as std::hint::assert_unchecked (doc.rust-lang.org/std/hint/fn....), while the functionally equivalent `if !cond { std::hint::unreachable_unchecked() }` has been stable since Rust 1.27, released in 2018.
December 6, 2024 at 10:32 AM
This was stabilized in Rust 1.81 as std::hint::assert_unchecked (doc.rust-lang.org/std/hint/fn....), while the functionally equivalent `if !cond { std::hint::unreachable_unchecked() }` has been stable since Rust 1.27, released in 2018.
Many Californians seem to feel too overwhelmed by the daily grind to do anything to make this world more beautiful. But there is something you can do, no matter how busy you are: You can remove the compliance stickers from your cars’ driver side window. Please! Encourage others do the same.
November 19, 2024 at 9:00 AM
Many Californians seem to feel too overwhelmed by the daily grind to do anything to make this world more beautiful. But there is something you can do, no matter how busy you are: You can remove the compliance stickers from your cars’ driver side window. Please! Encourage others do the same.