今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Rust

找到 273 篇相关文章

AI 资讯

Tauri v2 Cheatsheet — The Commands I Use on Every Project

All tests run on an 8-year-old MacBook Air. All results from shipping 7 Mac apps as a solo developer. No sponsored opinion. After 7 Tauri apps, I type the same commands constantly. Here's the reference I wish existed when I started. Project setup # New project npm create tauri-app@latest # Add to existing project npm install --save-dev @tauri-apps/cli npx tauri init Development # Dev mode (hot reload) npm run tauri dev # Dev with specific log level RUST_LOG = debug npm run tauri dev # Dev with backend logs visible npm run tauri dev 2>&1 | grep -v "^$" Building # Standard build npm run tauri build # Universal binary (Intel + Apple Silicon) npm run tauri build -- --target universal-apple-darwin # Debug build (faster, no optimization) npm run tauri build -- --debug Plugins npm run tauri add global-shortcut npm run tauri add fs npm run tauri add shell npm run tauri add notification This updates both Cargo.toml and the plugin registration. Faster than doing it manually. Permissions (tauri.conf.json) { "app" : { "security" : { "capabilities" : [ { "identifier" : "main-capability" , "description" : "Main window capabilities" , "windows" : [ "main" ], "permissions" : [ "fs:read-all" , "fs:write-all" , "shell:execute" , "global-shortcut:allow-register" ] } ] } } } Tauri v2 requires explicit permission declarations. If a command silently does nothing, check permissions first. Common Rust patterns // Get app data directory let data_dir = app .path () .app_data_dir () .unwrap (); // Emit event to frontend app_handle .emit ( "event-name" , payload ) .ok (); // Get window let window = app .get_webview_window ( "main" ) .unwrap (); // App state app .manage ( MyState :: new ()); let state = app .state :: < MyState > (); Notarization (macOS) # Submit for notarization xcrun notarytool submit app.dmg \ --apple-id YOUR_APPLE_ID \ --team-id YOUR_TEAM_ID \ --password YOUR_APP_PASSWORD \ --wait # Staple after notarization xcrun stapler staple app.dmg Debugging # Check what's in the bundle

2026-06-13 原文 →
AI 资讯

Why SCORM Refuses to Die — And What AI Finally Changes About That

SCORM was built in the early 2000s for a world of CD-ROMs and Flash. It's 2026 and it still runs 80%+ of corporate e-learning. Here's why, and why generative AI might be the thing that finally breaks the cycle. SCORM Is Everywhere, and Nobody Is Happy About It If you work anywhere near corporate learning, you've encountered SCORM — the Sharable Content Object Reference Model. It's a set of standards that lets e-learning content talk to a Learning Management System: track completion, record scores, resume where you left off. SCORM 1.2 was released in 2001. SCORM 2004 followed a few years later. That's it. The spec hasn't meaningfully evolved in two decades. And yet, almost every LMS on the market — Moodle, Cornerstone, SAP SuccessFactors, Docebo, Absorb — still supports SCORM as a primary content format. Most Fortune 500 compliance training runs on it. Every major authoring tool, from Adobe Captivate to Articulate Storyline to Lectora, exports SCORM packages. It's the TCP/IP of corporate learning: unglamorous, creaky, universally understood. Why It Won't Die: The Network Effect Nobody Talks About People love to write "SCORM is dead" articles. I've been in e-learning engineering for 11 years and I've read that headline at least once a year since I started. SCORM isn't dead because it benefits from one of the strongest network effects in enterprise software. Consider the ecosystem: Authoring tools export SCORM because LMS platforms expect it. LMS platforms support SCORM because authoring tools export it. L&D teams require SCORM because their procurement processes mandate it. Procurement mandates SCORM because it's the only format every vendor supports. Breaking this cycle requires everyone to move simultaneously. That doesn't happen in enterprise software. It especially doesn't happen when "good enough" works and switching costs are invisible but enormous (repackaging thousands of courses, retraining content teams, renegotiating vendor contracts). xAPI (Tin Can) was su

2026-06-12 原文 →
开源项目

🔥 juspay / hyperswitch - Open source, composable payments platform | PCI compliant |

GitHub热门项目 | Open source, composable payments platform | PCI compliant | SaaS and Self-host options | Enables connectivity to multiple payment, payout, fraud, vault and tokenization providers | Uplifts authorization with intelligent routing and revenue recovery | Reduce payment processing costs with cost observability | Reduces payment ops with reconciliation | Stars: 42,898 | 50 stars today | 语言: Rust

2026-06-11 原文 →
AI 资讯

What Designing a Binary Protocol Actually Taught Me

Most developers never have to design a network protocol from scratch. You use HTTP, gRPC, WebSockets, or something else that already exists and has been debugged by thousands of people over many years. That is the right call for most situations. I did not take that path when building Vaylix, a key-value database engine. I designed a custom binary protocol called VTP2, and the process taught me things about networking that I would not have picked up any other way. This is not an argument that you should also build a custom protocol. For most things, you should not. This is an honest account of what I ran into. Why not HTTP The first question anyone reasonably asks is: why not just use HTTP? HTTP is everywhere. The tooling is excellent. Every language has a client. Debugging with curl is trivial. If I had used HTTP, I would have had working client libraries in a dozen languages before writing a single line of server code. The problem is that HTTP is stateless by design. Every request is independent. Every request carries headers. Every response carries headers. The model assumes that each round trip is a fresh conversation with no memory of what came before. A database session is the opposite of that. A client connects, authenticates, and then issues many commands over the same connection. The authentication should happen once. The session should carry state. Pipelining requests without waiting for each response to return should be natural, not something you fight the protocol to achieve. HTTP/2 closes some of this gap. But using HTTP/2 correctly for a stateful session model involves working against the grain of what HTTP was designed for. I would have been spending a lot of time on infrastructure that exists to make HTTP behave less like HTTP. The other issue is overhead. HTTP headers are verbose. For small key-value operations, the headers can easily exceed the payload. That felt wrong for something designed to be a tight operational data store. So I went with TCP d

2026-06-11 原文 →
AI 资讯

Rust Crate 'onering' Compromised: Malicious Code Exfiltration Risk Mitigated with Updated Version

Introduction and Background The Rust ecosystem, celebrated for its memory safety and performance, relies heavily on crates —its package management system. These crates, hosted on the crates.io registry, are the building blocks of Rust projects, enabling developers to share and reuse code efficiently. However, this convenience comes with a hidden cost: a single compromised crate can cascade into a full-blown supply chain attack, as recently demonstrated by the 'onering' crate compromise . The Role of Crates in the Rust Ecosystem Crates serve as the backbone of Rust's dependency system. When a developer adds a crate to their project, Cargo , Rust's package manager, automatically resolves and includes all transitive dependencies. This mechanism, while streamlining development, amplifies the attack surface . A malicious crate, like 'onering', can propagate through multiple projects, executing harmful code during build or runtime. The attack on 'onering' exploited this very mechanism, leveraging the trust inherent in the Rust ecosystem to exfiltrate sensitive code from unsuspecting systems. The 'onering' Compromise: A Case Study in Supply Chain Vulnerability The 'onering' crate was compromised through a malicious code injection during an upload or update. This injection bypassed the insufficient security measures of the crates.io registry, which lacks robust checks for uploaded crates. Once deployed, the malicious code executed during the build process, exfiltrating sensitive data from systems that depended on it. The attack's success underscores the lack of developer vigilance regarding supply chain security and the overreliance on registry integrity . Systemic Failures and Their Mechanisms Insufficient Security Scanning: The crates.io registry failed to detect the malicious code during upload due to limited automated scanning capabilities . This allowed the compromised crate to enter the ecosystem undetected. Overreliance on Registry Security: Developers often trust cr

2026-06-11 原文 →