Technology

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report. A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers. - Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus. - Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."] - 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."] - Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."] - Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety. The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io. There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts... This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.

Read more of this story at Slashdot.

xA California man sued Microsoft Thursday over its plan to stop supporting Windows 10 on October 14th, reports Courthouse News Though Windows 11 was launched nearly four years ago, many of its billion or so worldwide users are clinging to the decade-old Windows 10... According to StatCounter, nearly 43% of Windows users still use the old version on their desktop computers.... "With only three months until support ends for Windows 10, it is likely that many millions of users will not buy new devices or pay for extended support," Klein writes in his complaint. "These users — some of whom are businesses storing sensitive consumer data — will be at a heightened risk of a cyberattack or other data security incident, a reality of which Microsoft is well aware...." According to one market analyst writing in 2023, Microsoft's shift away from Windows 10 will lead millions of customers to buy new devices and thrown out their old ones, consigning as many as 240 million PCs to the landfill.... Klein is asking a judge to order Microsoft to continue supporting Windows 10 without additional charge, until the number of devices running the older operating system falls bellow 10% of total Windows users. He says nothing about any money he seeking for himself, though it does ask for attorneys' fees. Microsoft did not respond to an email requesting a comment. The complaint also requests an order requiring Microsoft's advertising "to disclose clearly and prominently the approximate end-of-support date for the Windows operating system purchased with the device at the time of purchase" or at least "disclose that support is only guaranteed for a certain delineated period of time without additional cost, and to disclose the potential consequences of such end-of-support for device security and functionality."

Read more of this story at Slashdot.