I maintain a long-term Rust + Node.js project, and the Node side is the painful one.

Node makes backwards-incompatible changes, and doesn’t have anything like the editions to keep old packages working. I can end up with some dependencies working only up to Node vX, and some other deps needing at least Node v(X+1).

People can have various reasons for such look. It can be a symbol of non-conformity.

Official Rust spaces have a code of conduct that is inclusive and forbids discrimination, and this may attract people who otherwise wouldn’t feel comfortable to participate.

I don’t think there are any OSS/FLOSS licenses that have non-commercial clauses, so CC NC is the best you can get among popular licenses.

When you use dependencies, your project (its users) must comply with all of the licenses together. IANAL, but I think CC and MIT (and other similarly permissive) licenses are compatible — you’ll need to include text of the permissive licenses to comply, and that’s not against CC.

If you take contributions, be clear what license they give you.

They are dlopened by the rustc process. You can totally mess with it: https://nitter.net/m_ou_se/status/1368632701448818691

I’d love static analysis that finds which functions may panic, which are guaranteed not to. On a related note, it’d be nice to be able to hoist panics out of loops and coalesce multiple consecutive assertions into one (llvm can’t do it, because partially done work is a side effect).

At least 69K, which is over half of all crates — https://lib.rs/quote is used almost exclusively for output of proc macros.

To generate the LLVM code correctly you need to run build.rs if there is any, and run proc macros which are natively compiled compiler plugins, currently running without any sandbox.

The final code isn’t run, but the build process of Cargo crates can involve running of arbitrary code.

The compilation process can be sandboxed as a whole, but if it runs arbitrary code, a malicious crate could take over the build process and falsify the LLVM output.

Yes, it’s Blink without the bits that Google doesn’t share (I wanted to be precise that nobody can compile actual Chrome from public sources, they can build Chromium which is almost but not quite the same)

Because it works everywhere, because it’s so old.

The next best option, a decade old WebP, is a mixed bag. In its best-compressing mode it will lower color resolution and add fringing like a JPEG. In its lossless mode it may be bigger than GIF.

If you have an option to use a proper video format, go for it. But often sites just allow upload of GIFs. If you send a newsletter you never know how primitive (Outlook) the client will be.

@-me if you have tips to share.