frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Code Context Engine

https://github.com/elara-labs/code-context-engine
1•Oras•3m ago•0 comments

Amazon will stop accepting new customers for Mechanical Turk on July 30

https://techcrunch.com/2026/07/05/amazon-will-stop-accepting-new-customers-for-mechanical-turk/
2•bookofjoe•4m ago•0 comments

Ask HN: Are you emotionally attached to AI code?

1•CurleighBraces•7m ago•0 comments

CTRLServers – one dashboard for all your servers

https://ctrlservers.xyz
1•itsoffkey•8m ago•0 comments

Fences Puzzle

https://www.futilitycloset.com/2026/07/02/fences/
1•surprisetalk•9m ago•0 comments

Apple's Foldable iPhone Could 'Sell Out Immediately

https://www.barrons.com/articles/apple-foldable-iphone-analyst-f2d05036
1•enlightpixel•13m ago•0 comments

Statly Analytics

https://statly-analytics.com/
1•ivangalic•13m ago•0 comments

Show HN: Kotlin Multiplatform AI pipeline – a reality?

https://medium.com/@krasi.karamazov/kotlin-multiplatform-ai-pipeline-a-reality-21b77c6c5a75
1•kkaramazov•13m ago•0 comments

The Guardian view on gene-edited humans: darker uses alongside medical ones

https://www.theguardian.com/commentisfree/2026/jul/05/the-guardian-view-on-gene-edited-humans-dar...
2•bookofjoe•13m ago•0 comments

US home battery installations hit record high on rising electricity costs

https://arstechnica.com/science/2026/07/us-home-battery-installations-hit-record-high-in-early-2026/
2•rbanffy•14m ago•0 comments

NoiseLang: Where N = 5 is a Dirac delta

https://manualmeida.dev/articles/noiselang/
1•manucorporat•14m ago•1 comments

Americans fear Trump's red card interference could ruin World Cup run

https://www.independent.co.uk/news/world/americas/us-politics/trump-red-card-folarin-balogun-fifa...
4•jjgreen•16m ago•1 comments

Fable 5 On Vending-Bench: Misbehaving, With Plausible Deniability

https://andonlabs.com/blog/fable5-vending-bench
1•optimalsolver•17m ago•0 comments

I built a local-first replacement for TV Time before it shuts down July 15

1•continuitytv•17m ago•1 comments

Anthropic's Method to Losing Goodwill in a Few Easy Steps

https://raheeljunaid.com/blog/anthropics-method-to-losing-goodwill-in-a-few-easy-steps/
3•raheelrjunaid•18m ago•1 comments

12 Months of Claude

https://blog.puzzmo.com/posts/2026/07/03/twelve-months-of-claude/
1•ingve•18m ago•0 comments

A Worthy Break from Work

https://www.simonjamesfrench.com
1•Emerald_dreamer•18m ago•1 comments

Humanoid Robots in Japan Risk Losing Legacy to China

https://spectrum.ieee.org/humanoid-robots-japan
1•rbanffy•21m ago•0 comments

The AI Marketing Backlash: Why 'AI-First' Brands Are Starting to Fall Flat

https://www.breef.com/breefingroom/articles/the-ai-marketing-backlash-why-ai-first-brands-are-sta...
2•hasudon7171•22m ago•0 comments

Lost city discovered beneath Egypt's desert with ancient church

https://www.dailymail.com/sciencetech/article-15956159/Incredible-lost-city-discovered-Egypts-des...
1•Bender•22m ago•0 comments

The AI Big Crunch Is Starting

https://medium.com/@brothke/the-ai-big-crunch-is-starting-c50612ee3a02
5•benrothke•25m ago•0 comments

July 6th: International Kissing Day

https://en.wikipedia.org/wiki/International_Kissing_Day
2•Bender•28m ago•0 comments

Britain should consider regulating AI models, FCA official says

https://www.reuters.com/legal/litigation/britain-should-consider-regulating-ai-models-fca-officia...
3•adithyaharish•29m ago•0 comments

The Importance of Questioning When Coding with AI

https://jakub.jankiewicz.org/blog/questioning-ai/
2•jcubic•30m ago•0 comments

How We're Keeping Reddit Real and Safe in the AI Era

https://redditinc.com/news/how-were-keeping-reddit-real-and-safe-in-the-ai-era
2•soheilpro•34m ago•1 comments

Our Own Little Golden Era

https://thesecondbutton.com/our-own-little-golden-era/
2•SuperUserDone•38m ago•1 comments

Save Thousands of Dollars: Smpte Standards Are Free

https://vimegs.com/save-thousands-of-dollars-on-information-directly-from-the-source-smpte-makes-...
2•LukasMarek•38m ago•0 comments

How Will AI Impact the Labor Market?

https://www.goldmansachs.com/insights/goldman-sachs-exchanges/how-will-ai-impact-the-labor-market
2•vismit2000•39m ago•0 comments

An interactive visualization of a HTTP request through its ~200ms life

https://200ms.thenodebook.com
3•isht_0x37•39m ago•1 comments

Ask HN: What internal tools/SASS replacements are you building?

2•kostarelo•44m ago•0 comments
Open in hackernews

Rust Dependencies Scare Me

https://vincents.dev/blog/rust-dependencies-scare-me/?
25•vsgherzi•1y ago

Comments

turtleyacht•1y ago
Probably hard to do during nine-to-five, but personally commit to being a contributor on every dependency used.

Like having mini contracts with every package, even if it's just to reproduce bugs, maintain a personal test suite, or to steer newcomers to resources.

Otherwise, we will always be in the dark about our dependencies, building our flying castles. (They float, but where's the foundation?)

Alternatively, there are open-source code scanners and bill-of-material security tools. Those could be added as triggered workflows in your projects, to run on each pull request.

As well, the author did rewrite dotenv's core features to replace it.

vsgherzi•1y ago
Yeah that's not a bad suggestion, I should def be more involved in the ecosystem. To do that for every crates seems exhausting though... Any favorite suggestions for scanners or SBOM creation tools?
turtleyacht•1y ago
Snyk has a free tier, but their Github integration passes workflows green more often than not. If you run it yourself as a container, you get finer-grained control over what to do with error code 1 versus error code 2: a vulnerability in changed versions, versus a pipeline error.

Sonar is free for open-source projects, but less package version security and more "use --ignore-scripts in npm," "don't be root in Docker container," and such.

vsgherzi•1y ago
Noted, I'll check it out! A shame so many are bound to github most of my workflow is tied to git on secured servers
armchairhacker•1y ago
IME unmaintained Rust packages usually aren't an issue, because Rust's backwards-compatibility is really good. Only if there's an unidiomatic design or bug in the part that you use, or a security vulnerability.

Rust dependency bloat may be an issue, but with good static analysis maybe not (the compiler can effectively remove dead code unlike JavaScript, and the IDE may be able to effectively filter it).

vsgherzi•1y ago
I wonder if there's a way to do a pass on a repo to remove code that will never be used due to the hardware you're targeting. You do have a good point in that it being unmaintained isn't necessarily the end of the world, I just kinda start to sweat when I think about ZX and see the advisories.
rc00•1y ago
> Many call for adding more to the rust standard library much like Go

> So now I pose the question to you what do we do?

1. Port your application to the language/tool that fits your needs like Go.

2. Hope that a language like Zig decides to feature a standard library as good as Go.

vsgherzi•1y ago
It feels a bit like throwing the baby out with the bathwater to completely swap languages. I was hoping rust could be a more general language for me.... I know they're not interested but I wonder if the foundation would ever entertain an opt in more expansive std library?

Go's is very nice however if I remember they ran into an issue with crypto that was hard to fix due to it being so bundled to the std library.

steveklabnik•1y ago
You may appreciate this RFC that was just opened https://github.com/rust-lang/rfcs/pull/3810
vsgherzi•1y ago
Hi Steve! Big fan!

Folks on Bluesky just pointed me in the same direction. Looks like it has potential.

steveklabnik•1y ago
Thanks :)

I’m not as positive on it, but at least if you are, you know where to lodge support.

rc00
weird_trousers•1y ago
That's the main criticism my colleagues have about Rust: a lot of unmaintained crates, and most of the time a lot of dependencies for... (almost) nothing.

It seems most of Rust developers adopt the pov of web front-end developers since a few years: depend on a lot of libraries for small things, never update your project to 1.0, and abandon "quickly" to build something new... and redo it again.

I really hope that alternatives like Zig or Jai will not let the community do like what they did with Rust.

vsgherzi•1y ago
It's such a cool language, maybe there's a way out or something I'm not seeing? Cloudflare, discord, and oxide seem to make it work pretty well... Always excited to see what new languages do. However it does seem like industry already has significant investment in rust so it seems like something we'll have to solve sooner than later....
steveklabnik•1y ago
It’s pretty simple: you choose the dependencies you want to have. Don’t like having a ton of them? Either choose carefully (which you should already be doing), or write it yourself.

Most people prefer to build off of the work of others, rather than reinvent the world for every project. That trade off is a trade off though, and nothing prevents you from taking the other side of it.

vsgherzi•1y ago
I get that. In general for something like a production server in cpp versus rust do you think the rust version is going to just have more lines of code associated with it or is it just the way I'm thinking about it? I love the Oxide podcast where you guys talk about your favorite crates and some of the ones you guys use in production. Are the dependencies something you guys really stress and investigate before pulling one in? I know things like axum are replaced with dropshot since you guys deemed it critical to your business (super cool crate!).
•
1y ago
You should evaluate on whether it is worth insisting on Rust. Others have gone down that path and it has only ended with regret[1]. The sooner you realize that you don't have the right solution to your problem, the sooner you can start solving it correctly.

What about the crypto library affects how you would use Go to solve your problem?

1. https://deadmoney.gg/news/articles/migrating-away-from-rust

steveklabnik•1y ago
You just can’t draw connections between number of dependencies, numbers of lines of code, and code you actually use, across ecosystems. See https://wiki.alopex.li/LetsBeRealAboutDependencies as an example of getting into the details about Rust vs C in this regard.

We don’t hyper stress about it. We do take care, in some projects (like embedded ones) we need to care a lot about binary size and so pay very close attention, and we keep abreast of security issues, etc.

Dropshot wasn’t written because it was critical to the business, it was because nothing had the OpenAPI support at the time we write it. It Axum or something else did, we’d have used it. We only write our own stuff when things in the ecosystem aren’t fit for purpose. We do sometimes find that our needs are different than others and so write our own, but this isn’t borne out of concern for dependency count.

vsgherzi•1y ago
Thank for the reply! I see, I guess I have alot more to think about ...
antonvs•1y ago
> It’s pretty simple: you choose the dependencies you want to have. Don’t like having a ton of them? Either choose carefully (which you should already be doing), or write it yourself.

Exactly. Why this is even a point of discussion is, to me, an indictment of everyone raising it as an issue.

stefanos82•1y ago
I thought I was alone thinking like this.

Honestly, when I want to compile a Rust project and see all these dependencies getting pulled in to get compiled along with the project, it gives me goosebumps, because I don't know whether these crates are safe and secured or not...

vsgherzi•1y ago
Yeah, I think in some sense it definitely looks worse than it is since a single crate like Tokio is spread among 20-30 crates. However even accounting for that there's still just alot of raw code...
weird_trousers•1y ago
You're definitely not alone. This situation is not new, and it isn't acceptable either.

The concept of `features` when using a crate is kinda cool as "you only download / compile what you use" *but* most of the crates are very badly designed, and also developers do not tend to reinvent a very tiny wheel when they can, but heavily depend of possibly dangerous crates to just serialize or deserialize a very simple data structure...

It's very annoying, as this increases the compilation time and introduces possible unsafe behavior in larger crates.

wofo•1y ago
Some people _do_ care about this (e.g. the proponents of this new RFC: https://github.com/rust-lang/rfcs/pull/3810). However, for some reason (culture, I guess?) there isn't much momentum yet to change the status quo.
antonvs•1y ago
Your “colleagues”?

You’re making the criticism, why not own it?

What you’re saying is the equivalent of Donald Trump’s “many people are saying”. It’s the recourse of the intellectually stunted who can’t muster a convincing argument.

vsgherzi•1y ago
Because I want my mind to be changed. I see orgs and companies I respect doing things differently than me but I don't understand why. I want to use this language, I want to use this ecosystem so I'm trying to get others who disagree with me to share what they think so I could possibly see things in a different way.