06:38:48 t​orir:matrix.org: I just read some posts, appears to be someone changing online identities (and rewriting old commits to use the new identity) and accidentally triggering a panic over supply-chain attacks. According to https://redlib.catsarch.com/r/rust/comments/1poe6ts/bincodes_source_code_still_matches_what_was_on/ there is no difference in code between the tip of the old history and the new one.
10:53:37 s​yntheticbird:monero.social: \> change online identity
10:54:07 s​yntheticbird:monero.social: \> rewrite git history to make it harder to recognize (let's forgot the popularity of the repo for a second)
10:54:16 s​yntheticbird:monero.social: \> get doxxed over fear of supply chain attack
10:54:25 s​yntheticbird:monero.social: this backfired spectacularly
11:17:38 k​ayabanerve:matrix.org: It wasn't to make it harder to recognize, presumably. It was to correct the attribution, even if retroactive.
11:18:27 k​ayabanerve:matrix.org: I don't think they believed the old attribution would be erased from the internet. I think they wanted attribution as they desired.
11:18:56 k​ayabanerve:matrix.org: There's a few issues with the migration which can be called out, but that doesn't change pulling up obituaries, home addresses, and relationship status is completely insane and unacceptable.
11:19:59 k​ayabanerve:matrix.org: bincode is a decent bin serde. In my work, I use borsh as it's canonical (when a feature us enabled) as a rule of thumb with handwritten impl's when I know what it _should_ be.
11:20:43 k​ayabanerve:matrix.org: I don't think bincode is a great option today because I don't care for the serde integration, it isn't canonical, and it isn't as optimized as some other works, even if it itself is still quite nice.
11:21:06 k​ayabanerve:matrix.org: If you want a binary encoding for your serde types, it's still a leading option.
11:22:05 k​ayabanerve:matrix.org: Postcard as the modern bincode, CBOR/msgpack for an existing standard and the interoperability associated?
11:25:45 k​ayabanerve:matrix.org: rkyv/borsh for those who don't care about serde? I'm literally just finding out about a crate called bitcode which seems to perform strongly on benchmarks?
11:25:53 k​ayabanerve:matrix.org: Depends on exactly what you want to optimize for?
11:28:32 k​ayabanerve:matrix.org: I like correctness and safety, personally, and that's why I choose core-json for all my JSON needs.
11:28:33 k​ayabanerve:matrix.org: core-json is a extensively tested, IETF compliant, 0-dep non-allocating JSON deserialize in 100% safe Rust. It also outperforms serde-json in most synthetic benchmarks over Read interfaces, like files and sockets!
11:28:35 k​ayabanerve:matrix.org: For just $0, you can also download a _free_ copy of core-json at https://crates.io/crate/core-json! It's free as in free open source software!
11:28:37 k​ayabanerve:matrix.org: /s :p, this is a self-shill
11:29:44 k​ayabanerve:matrix.org: Bah, typo in the link, https://crates.io/crates/core-json
14:49:47 b​oog900:monero.social: rust community overreacting? never :p
22:35:50 s​yntheticbird:monero.social: there is also musli
22:35:53 s​yntheticbird:monero.social: i love musli
22:35:59 s​yntheticbird:monero.social: it don't get enough recognition imo