AI 资讯
Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats
Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats We used to build security systems assuming the attacker was human. That assumption just died. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware. All without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. From Static Playbooks to Autonomous Attackers Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls. Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences. This introduces machine-speed lateral movement. Something human defenders and traditional security tools are not built to handle. The Defensive Automation Gap The core problem is asymmetry. Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, an
AI 资讯
Rebuilding my C Redis clone in Rust taught me more Rust than any tutorial
I built a small Redis clone in C: a RESP parser, a command table, an append-only file for persistence. Recently I started building the same thing again in Rust, and rebuilding a project I had already finished has taught me more Rust than any from-scratch tutorial. The reason is simple. The second time, the design is already solved. I know what the AOF has to guarantee, what the command table dispatches, what the parser must reject. So none of my attention goes to what to build. All of it goes to how Rust wants it built. That turns the domain into a constant and the language into the only variable. Every difference I hit is pure signal about Rust, not noise about key-value stores. The first difference shows up before any logic runs. In C, I built the substrate first: my own dynamic strings, my own hashmap, my own linked list. Hundreds of lines before a single command worked. In Rust, Vec , String , and HashMap are just there, so that whole layer disappears and I start at the actual command logic. A standard library quietly decides where your project even begins. The sharper difference is in dispatch. In C it is a switch with argument counts I check by hand: if ( argc != 3 ) return err ( "wrong arg count" ); switch ( cmd ) { case CMD_SET : return do_set ( argv [ 1 ], argv [ 2 ]); case CMD_GET : return do_get ( argv [ 1 ]); /* forget a case and it is a runtime bug */ } In Rust the same dispatch is an enum and a match, and the compiler will not build until every case is handled: match cmd { Command :: Set { key , val } => self .set ( key , val ), Command :: Get { key } => self .get ( key ), } Same dispatch. One version cannot ship the missing-case bug I actually shipped in C. If you already know a project cold, rebuild it in the language you are learning. You stop thinking about the problem and start feeling the language.
开源项目
🔥 raine / workmux - git worktrees + tmux windows for zero-friction parallel dev
GitHub热门项目 | git worktrees + tmux windows for zero-friction parallel dev | Stars: 1,708 | 62 stars this week | 语言: Rust
开源项目
🔥 tonhowtf / omniget - Open-source desktop app for downloading, organizing and stud
GitHub热门项目 | Open-source desktop app for downloading, organizing and studying media. Native cross-platform (Tauri + Rust + Svelte). PDF/EPUB reader with focus mode, timestamped notes and spaced repetition. Media downloads via yt-dlp (1.800+ sites). Extensible plugin system. | Stars: 6,293 | 96 stars today | 语言: Rust
AI 资讯
Your Terminal Has Amnesia. I Spent My Semester Trying to Fix That.
Your Terminal Has Amnesia. I Fixed it. Every terminal I've ever used has the same problem. You close it. You open it again. It has no idea what happened yesterday. It doesn't remember the command that finally fixed that weird Cargo error after two hours of debugging. It doesn't remember that you always use pnpm instead of npm . It doesn't remember the project you spent all week working on. Every session starts from zero. After a while I realized something strange. My terminal forgot everything. I was the memory. So I started building Luna. It didn't start as an AI project. It started as a frustration. I'm a Computer Science student, and like most developers, I spend a huge part of my day inside a terminal. Not because terminals are exciting. Because that's where software gets built. After a few months I noticed I wasn't struggling with commands. I was struggling with remembering everything around them. Google the same error. Copy the solution. Paste it. Forget it. Repeat three weeks later. Or I'd switch to another project for a few days, come back, and think: "How did I solve this last time?" The terminal had no answer. It never does. History only tells you what you typed. It never tells you why . So I asked a simple question. What if the terminal remembered? Not just command history. Actually remembered. Projects. Errors. Directories. Commands that worked. Commands that failed. Patterns in how I work. That question eventually became Luna. Before writing any AI code, I had to answer another question. What exactly is Luna? A shell? A wrapper? A plugin? A chatbot? I realized pretty quickly I didn't want another tool sitting on top of Bash. I wanted something that actually felt like its own terminal. So Luna became its own shell. Not a plugin. Not an extension. A standalone binary written in Rust. How Luna actually works At a very high level, Luna is surprisingly simple. You │ ▼ Natural Language Input │ ▼ AI Provider (Groq • Gemini • Claude • OpenAI • Ollama...) │ ▼ Sa
AI 资讯
Presentation: Practical Robustness: Going Beyond Memory Safety in Rust
Andy Brinkmeyer shares how engineering leaders and architects can use Rust to build failure-proof systems. Moving beyond memory safety, he explains how ownership, enums, and the typestate pattern embed complex runtime protocols into compile-time checks. Learn to eliminate entire classes of bugs, manage real-world resources safely, and maximize codebase robustness effortlessly. By Andy Brinkmeyer
AI 资讯
Building in public, week 17: turning one feature into a page cluster (and the internal-linking layer nobody sees)
Week 16 shipped the AI background remover: Rust-native, ort + ISNet + libvips, no Python. That was the feature. Week 17 was not about writing more of it. It was about the boring, high-leverage part that most side projects skip: turning one working feature into pages that can actually rank, and wiring those pages together so search engines can find them. No new engine code this week. Just leverage on what already existed. Here is what that actually looked like. The problem: a hub with nothing pointing at it The background remover lives at /remove-background . That is the hub. The plan was classic hub-and-spoke: one general tool page, then use-case spokes that each target a specific intent (removing a signature background, prepping an Amazon product photo, and so on). I built two spokes this week. But halfway through, I looked at how internal links actually worked on the site and found the real problem: nothing linked from the hub to the spokes. The spokes linked back to the hub in their body text, but the hub had no idea they existed. Neither did the ~180 converter pages. Tool links on the site were hardcoded in a frontend constant, roughly: export const IMAGE_TOOLS = [ { label : " Compress JPG " , href : " /compress/jpg " , tool : " compress " }, { label : " Resize Image " , href : " /resize-image " , tool : " resize " }, { label : " Crop Image " , href : " /crop-image " , tool : " crop " }, { label : " Images to PDF " , href : " /images-to-pdf " , tool : " convert " }, ] as const ; That list covered the converter tools. It did not include the background remover or its spokes at all. So the new pages were orphans: reachable only through the sitemap, with no internal links carrying any signal to them. For a domain that is still young and still earning Google's trust, orphan pages get discovered slowly and rank even slower. The fix: one constant as the source of truth Instead of hardcoding links in three different places, I made a single constant describe the whole cl
开源项目
🔥 macro-inc / macro - Macro is a unified interface for email, messages, tasks, cal
GitHub热门项目 | Macro is a unified interface for email, messages, tasks, calls, agents, pull requests, docs, crm — linked together with shared AI memory. | Stars: 366 | 67 stars this week | 语言: Rust
开源项目
🔥 nushell / nushell - A new type of shell
GitHub热门项目 | A new type of shell | Stars: 39,869 | 8 stars today | 语言: Rust
AI 资讯
Bundling a CLI Binary as a Tauri v2 Sidecar: Lessons from Building a Desktop App
When you build a desktop app with Tauri v2 , sooner or later you'll hit a question: how do I bundle and manage an external CLI binary inside my app? Maybe it's ffmpeg for video processing. Maybe it's a database engine. Maybe — as in my case — it's frpc , the reverse-proxy client from the popular frp project. This post walks through the full lifecycle: bundling, spawning, lifecycle management, and even self-updating the binary at runtime — all from Rust. 1. Declaring the Sidecar In tauri.conf.json , declare the binary under bundle.externalBin : { "bundle" : { "externalBin" : [ "binaries/frpc" ] } } Tauri identifies the target platform by a filename suffix convention . You need to place the correctly-named binary in your project: Platform Filename macOS (Apple Silicon) frpc-aarch64-apple-darwin macOS (Intel) frpc-x86_64-apple-darwin Windows (x64) frpc-x86_64-pc-windows-msvc.exe Tauri automatically strips the suffix at runtime and loads the right binary for the current platform. 2. Spawning the Process Use tauri_plugin_shell to spawn the sidecar: use tauri_plugin_shell ::{ ShellExt , process :: CommandEvent }; #[tauri::command] async fn start_frpc ( app : tauri :: AppHandle ) -> Result < (), String > { let sidecar = app .shell () .sidecar ( "frpc" ) .map_err (| e | e .to_string ()) ? ; let ( mut rx , child ) = sidecar .args ([ "-c" , "frpc.toml" ]) .spawn () .map_err (| e | e .to_string ()) ? ; // Store the child handle so we can kill it later app .state :: < std :: sync :: Mutex < Option < tauri_plugin_shell :: process :: CommandChild >>> () .lock () .unwrap () .replace ( child ); // Listen to stdout/stderr in a background task tauri :: async_runtime :: spawn ( async move { while let Some ( event ) = rx .recv () .await { match event { CommandEvent :: Stdout ( line ) => { // Parse log line, update UI state... } CommandEvent :: Stderr ( line ) => { /* ... */ } CommandEvent :: Terminated ( _ ) => { // Process exited — update state machine } _ => {} } } }); Ok (()) } The
开发者
I built a neutral benchmarking layer for quantum simulators in Rust — and it revealed a silent disagreement between two backends
placeholder
AI 资讯
purefetch: a fastfetch-style system info tool in Rust with zero dependencies
I like neofetch / fastfetch , but I wanted one with a genuinely empty dependency graph — nothing pulled from crates.io. So I built purefetch : a small system-info fetcher written entirely in Rust using only std plus raw Linux syscalls. Disclosure up front: purefetch was built largely with AI assistance (Claude Code). I directed the design, and every change was reviewed and tested — including running it on four architectures under QEMU — but most of the code is AI-generated. I'd rather be honest about that than pretend otherwise. _,met$$$$$gg. ooonea@unicorn ,g$$$$$$$$$$$$$$$P. ────────────── ,g$$P" """Y$$.". OS Debian GNU/Linux 13.5 (trixie) x86_64 ,$$P' `$$$. Host ThinkPad P53 (20QQS0JD01) ',$$P ,ggs. `$$b: Kernel 6.12.94+deb13-amd64 `d$$' ,$P"' . $$$ Uptime 6 days, 15 hours, 30 mins $$P d$' , $$P Packages 2477 (dpkg), 1 (flatpak) $$: $$. - ,d$$' Shell zsh 5.9 $$; Y$b._ _,d$P' Display 1920x1080 (eDP-1) Y$$. `.`"Y$$$$P"' DE GNOME 48.7 `$$b "-.__ WM Mutter (Wayland) `Y$$ Terminal kitty 0.41.1 `Y$$. CPU Intel(R) Core(TM) i7-9850H @ 4.60 GHz `$$b. GPU Quadro RTX 3000 `Y$$b. Memory 15.28 GiB / 62.61 GiB (24%) `"Y$b._ Swap 0 B / 8.00 GiB (0%) `""" Disk (/) 8.52 GiB / 489.57 GiB (2%) Locale en_US.UTF-8 Battery 76% (Not charging) Zero dependencies, really No libc crate, no sysinfo , no nix , no color crate — nothing from crates.io. Almost everything is just reading and parsing /proc and /sys . The result is a single ~484 KiB binary that builds offline. The only things std can't do are statfs (disk usage) and ioctl (terminal size / tty check). Instead of pulling in a binding crate, those are issued as raw Linux syscalls via core::arch::asm! : #[cfg(target_arch = "x86_64" )] unsafe fn syscall3 ( n : usize , a1 : usize , a2 : usize , a3 : usize ) -> isize { let ret : isize ; core :: arch :: asm! ( "syscall" , inlateout ( "rax" ) n as isize => ret , in ( "rdi" ) a1 , in ( "rsi" ) a2 , in ( "rdx" ) a3 , out ( "rcx" ) _ , out ( "r11" ) _ , options ( nostack ), ); ret } Four arch
开源项目
🔥 rust-unofficial / awesome-rust - A curated list of Rust code and resources.
GitHub热门项目 | A curated list of Rust code and resources. | Stars: 58,153 | 144 stars this week | 语言: Rust
开源项目
🔥 kdsz001 / OpenWiki - OpenWiki — Mac desktop AI knowledge management tool. Capture
GitHub热门项目 | OpenWiki — Mac desktop AI knowledge management tool. Capture clipboard, build personal wiki, get AI insights. | Stars: 469 | 25 stars today | 语言: Rust
开源项目
🔥 Hmbown / CodeWhale - Open-source, community-driven agent harness
GitHub热门项目 | Open-source, community-driven agent harness | Stars: 39,416 | 65 stars today | 语言: Rust
AI 资讯
Why I'm Building the Fast Series
Why I'm Building the Fast Series I'm building the Fast Series because creator software has gotten too complicated. Plenty of tools are powerful, but they make you fight the software before you can make anything. You want to record a tutorial, stream a game, clip a useful moment, compress a file, or turn an idea into a short video. Instead, you're digging through settings, codecs, plugins, device permissions, export presets, and cryptic error messages. That's the problem I keep running into, and the Fast Series is my attempt to solve it: practical Windows software where each tool does one job clearly and reliably. Not everything needs to be a giant all-in-one platform. Sometimes the better product is a small tool that opens quickly, gives you sensible defaults, explains what's happening, and gets out of your way. That's the direction I'm taking with Sturm Technologies. The Problem With Creator Tools There are already great tools for recording, streaming, editing, clipping, and compressing. OBS is powerful. Professional editors are powerful. FFmpeg is powerful. There are cloud tools, browser tools, AI tools, and creator suites that promise to do everything. But power is not the same thing as clarity. Most creators don't want to become experts in capture APIs, bitrate math, encoder settings, audio routing, or export pipelines. They want to make something and publish it. The pain usually shows up in small moments. You record a video and the audio is missing. You compress a file and it still doesn't meet the upload limit. You spend more time scrubbing a long video than actually clipping it. You hit an error and the app hands you a technical dump instead of telling you what to fix. That's where I think there's room for better software. Not bigger software. Better software. Start With FastCast The first product in the series is FastCast , a Windows recording and streaming app for people who want OBS-level practicality without OBS-level setup. FastCast focuses on screen cap
开源项目
🔥 ModernRelay / omnigraph - Lakehouse native graph engine with git-style workflows
GitHub热门项目 | Lakehouse native graph engine with git-style workflows | Stars: 524 | 47 stars today | 语言: Rust
AI 资讯
Format-preserving encryption for PII in Polars: FF3-1 vs FF1 for RUT, CPF, and DNI
You need to hand a dataset of Chilean RUTs to an outside analytics team. They will join it against other tables by identifier, run the cohort analysis, and hand back a model. They do not need to know, and should never learn, who any of these people are. Asterisk the RUT column and the join dies on contact: **********-K matches every other asterisked RUT in the file. Not almost every one. Every one. You need the same input to reappear as the same output, shaped like a real, check-digit-valid identifier the rest of your schema still recognizes, and eight weeks later, when a fraud investigator needs the original RUT back for one row, you need to be able to give it to them. Irreversible masking cannot do any of this. Hashing gets you consistency but not the format, and never the value back. What you need is format-preserving encryption: run a digit string through a cipher and get out another digit string, same length, same shape, that decrypts to the original under the key you hold. Nothing else. What FPE actually does MaskOps exposes this as mask_pii_fpe . It masks digit-based PII, cards, phones, RUT, CPF, Argentine DNI, in place, and gives back something the same length and shape: import maskops import secrets key = secrets . token_bytes ( 32 ) # AES-256, client holds this tweak = secrets . token_bytes ( 7 ) # per-column/per-dataset context df . with_columns ( maskops . mask_pii_fpe ( " rut_column " , key , tweak )) 76.354.771-K becomes some other RUT-shaped, check-digit-valid string of the same length, under this key and tweak. Run it back through with the same key and tweak and it decrypts. Non-digit PII, IBAN, VAT, email, IP, EU national IDs, gets none of this. It always asterisks. There is no clean digit domain to encrypt into, so MaskOps does not pretend there is. The key never touches MaskOps' output. The client generates it, holds it, and passes it in at call time, and because MaskOps makes no network call and keeps no storage layer, there is nowhere for that k
AI 资讯
The Security Liability of Memory Allocation in TEEs: A Design Decision Log
Memory allocation is not a feature — it is a security liability. In high-assurance Trusted Execution Environments (TEEs), you cannot afford the jitter or the fragmentation of a probabilistic global heap. When building the sakshi-core attestation loop for the Sovereign Spine architecture, the requirement was absolute: determinism. Standard heap allocation introduces non-deterministic paths, memory fragmentation, and significantly increases the complexity of the Trusted Computing Base (TCB). For our enclave, that is unacceptable. The Problem: Why GlobalAlloc Fails the TEE Test In a standard Rust environment, we lean on the global allocator. In a TEE, however, the global allocator is a massive attack surface. Jitter: Allocation time varies based on heap state, leaking metadata through timing side-channels. Fragmentation: Heap fragmentation can lead to unpredictable exhaustion, a vector for Denial of Service (DoS) within the enclave. TCB Bloat: The allocator logic itself adds thousands of lines of code to your audit surface. The Solution: Session-Scoped Bump Buffer To enforce architectural certainty, I stripped away the dependency on standard heap allocation in the enclave. Instead, I implemented a session-scoped bump buffer . This is a contract-based memory model: Constant-time execution: Allocation is a pointer increment operation, taking 1-2 CPU cycles. Zero-fragmentation: Memory is allocated linearly and cleared atomically at the session boundary. Simplified TCB: By removing GlobalAlloc , the enclave memory logic is reduced to a handful of lines of verifiable code. Implementation Concept The core logic relies on a pre-allocated static region. We do not ask the system for memory; we own a dedicated slab of silicon-backed memory and manage it strictly within the request lifecycle. // Conceptual implementation of the session-scoped buffer pub struct BumpBuffer { buffer : & 'static mut [ u8 ], offset : usize , } impl BumpBuffer { pub fn alloc ( & mut self , size : usize
开源项目
🔥 Kuberwastaken / claurst - Agentic Coding for Builders who Ship
GitHub热门项目 | Agentic Coding for Builders who Ship | Stars: 9,908 | 34 stars today | 语言: Rust