Richard Bucker

Your Toolchain Hacked

Posted at — Dec 25, 2020

Be honest… what are the chances that your toolchain has been hacked or trojaned? As I’ve mentioned time and again I do not use nodejs because I do not trust the toolchain as demonstrated by that developer who disabled his project and cascade damaged the entire project.

Sure that problem has been resolved but the bigger problem is what happens when the tool in the middle has been exploited on purpose?

What’s interesting about rust is they talk about getting closer to the hardware and faster. Well, that’s just silly and wrong. Sure there are many good reasons for owning your own language as rust was a DSL that solved a number of firefox issues. Some are silly and some not.

My issue with rust is twofold… [1] they blur the line between their libs and 3rd party libs. [2] their libs are incomplete. [3] many of the killer features have to be disabled to build real apps. [4] it’s not as fast as they say. [5] manual memory management sucks!

Google’s golang, on the otherhand makes none of those claims. [1] there is a demarkation beterrn internal and 3rd party libs. [2] it is fast and maybe fast enough [3] GC is not the pain that rust programmers say. [4] works great out of the box and cross compiles on a staggering number of OS' and CPUs.