Crate of the Week

imp · December 16, 2017, 2:44pm

I'd like to nominate sec - simple and useful

dkotrada · December 16, 2017, 9:30pm

interesting crate

Rusty Object Notation

dbrgn · December 19, 2017, 5:08pm

I think the "disclaimer" there is important:

While sec usually does a good job from preventing accidentally leaks through logging mistakes, it currently does not protect the actual memory (while not impossible, this requires a lot of extra effort due to heap allocations).

If protecting cryptographic secrets in-memory from stackdumps and similar is a concern, have a look at the secrets crate or similar crates.

Besides the secrets crate, there's also secstr that does something similar.

Michael-F-Bryan · December 20, 2017, 11:19am

@imp do you know where the repo for sec is? I'm wanting to open a couple issues/PRs but the owner never filled in the repository or homepage fields in his Cargo.toml. I wasn't able to find it on GitHub either.

imp · December 20, 2017, 7:29pm

@Michael-F-Bryan I believe this is the one

leodasvacas · December 22, 2017, 4:18pm

I'd like to nominate crossbeam-channel. It's young and in active development, but deserves more hype.

lf94 · December 22, 2017, 6:24pm

Whoa!! Super nice! I'll integrate this into my project to replace mpsc and see how it does.

emoon · December 23, 2017, 2:06am

This looks awesome! I will definitely check it out for usage in my project(s)

willi_kappler · December 25, 2017, 12:24am

YEW - a framework for making Elm/React/Angular-like client web-apps with Rust

snuk182 · January 4, 2018, 4:17pm

An awesome Cassowary UI layout implementation. Super useful for the GUI frameworks.

musicmatze · January 5, 2018, 6:33pm

I propose artifact for next week!

It is the open source design documentation tool for everybody.

KillTheMule · January 7, 2018, 10:23am

I'd very much like to nominate https://github.com/autozimu/LanguageClient-neovim. It's not on crates.io, but in my book that doesn't matter. What really makes this outstanding is @autozimu's support, fast response time and time-to-bugfix, his willingness to dive into problems from the interaction with other plugins and the language servers, and to raise issues and interact with the maintainers of those. Three thumbs up!

nasa42 · January 9, 2018, 8:52pm

cargo-bloat - Find out what takes most of the space in your executable.

mbr · January 10, 2018, 11:27pm

If I may, sec author here:

I think the “disclaimer” there is important:

...

Besides the secrets crate, there’s also secstr that does something similar.

I would like to point out that both secstr and secrets solve slightly different issues. The data protected by sec is usually sent across the network and passed around among different applications (e.g. a token authorizing a client), e.g. it could reasonably be used as a key for a HashMap:

Moving non-heap allocated data from the stack into a HashMap will cause it to be copied at least once, with no way (to my knowledge) of reliably ensuring that the resulting copy will not be overwritten. One solution for this problem is passing in references and storing a single copy of the confidential information on the heap, where scrubbing is much easier.

This is what secstr seems to do (by wrapping a Vec). The secrets crate also does a much better job at protecting data than sec in a similar vein. secstr requires linking against an external C library (sodium).

Both of these are different use cases though: sec is not written to protect your GPG private key or Bitcoin wallet, which will never leave your machine. Instead, it protects things like your login token which will be serialized and sent as a HTTP-header (with probably one or two extra copies being made somewhere in the stack already), but should not be exposed when a dev turns on logging to see why there are currently so many 500s. It does so with zero overhead (outside of printing), so requiring additional heap allocations is not acceptable. Finally, sec works with any type and requires almost no effort to add.

The disclaimer is in place to ensure no one accidentally uses sec when they really need to use secrets instead. Maybe I should add this Post to the README.md as well? Feel free to send me additional feedback (possibly as a direct message to not derail this thread), I am very happy to discuss and learn about other opinions on this.

fafhrd91 · January 14, 2018, 11:40pm

H2 tokio based http/2.0 server and client library

nasa42 · January 17, 2018, 6:43am

actix-web - a small, fast, pragmatic, open source rust web framework.

nasa42 · January 17, 2018, 6:48am

libasm - a library to provide inline assembly support for stable Rust.

vitiral · January 19, 2018, 9:52pm

ordermap A hash table (associative array) where the iteration order does not depend on the key or the hash, only insertion and removal.

In particular I find this to be a lifesaver when testing since I can make assertions and the diff (with pretty_assertions) is easy to read if I just called .sort() on both of the inputs first.

Compared to HashMap's which are completely unreadable since the keys can be in literally any order.

nasa42 · January 23, 2018, 10:13pm

configure - pull in configuration from the environment.

phansch · January 29, 2018, 4:03pm

I haven't seen this mentioned anywhere so far: rust-semverver.
It compares the local version of the crate you are developing with the latest version on crates.io and will print out the major, minor and breaking changes in your local version. While it's not completely bug-free yet, it was moved to the nursery today.