Articles

My gift to the rustdoc team

Dec 13, 2025

14 min #rust · #docs · #tree-sitter

About two weeks ago I entered a discussion with the docs.rs team about, basically, why we have to look at this:

My browser showing a docs.rs page for a crate that I published myself, which contains a lot of different code blocks with different languages but they're all white on black. It's sad.

When we could be looking at this:

My browser showing a docs.rs page for a crate that I published myself, which contains a lot of different code blocks with different languages. this time it's colored.

And of course, as always, there are reasons why things are the way they are. In an effort to understand those reasons, I opened a GitHub issue which resulted in a short but productive discussion.

I walked away discouraged, and then decided to, reasons be damned, attack this problem from three different angles.

Does Dioxus spark joy?

Nov 22, 2025

11 min #rust · #dioxus · #frontend

Note: this article is adapted from a presentation I gave at a Rust Paris Meetup — that’s why it sounds a little different than usual. Enjoy!

Good evening! Tonight, I will attempt to answer the question: Does Dioxus spark joy? Or at the very least, whimsy.

What’s Dioxus, you ask? It is first and foremost a name that is quote: “legally not inspired by any Pokémon”.

Engineering a Rust optimization quiz

Nov 01, 2025

14 min #quiz · #rust · #eurorust

There are several Rust quizzes online, including one that’s literally called the “Unfair Rust Quiz” at https://this.quiz.is.fckn.gay/, but when I was given the opportunity to record an episode of the Self-Directed Research podcast live on the main stage of EuroRust 2025, I thought I’d come up with something special.

Question Misc 6 of the unfair Rust quiz, about drop order. — The unfair rust quiz really deserves its name. It is best passed with a knowledgeable friend by your side.

Making our own spectrogram

Sep 15, 2025

20 min #sound · #rust · #maths

A couple months ago I made a loudness meter and went way too in-depth into how humans have measured loudness over time.

A screenshot of the fasterthanlime audio meter, with RMS, sample peak, true peak, and various loudness metrics.

Today we’re looking at a spectrogram visualization I made, which is a lot more entertaining!

We’re going to talk about how to extract frequencies from sound waves, but also how my spectrogram app is assembled from different Rust crates, how it handles audio and graphics threads, how it draws the spectrogram etc.

crates.io phishing attempt

Sep 12, 2025

1 min #rust · #security

Earlier this week, an npm supply chain attack.

It’s turn for crates.io, the main public repository for Rust crates (packages).

The phishing e-mail looks like this:

A phishing e-mail: Important: Breach notification regarding crates.io Hi, BurntSushi! We recently discovered that an unauthorized actor had compromised the crates.io infrastructure and accessed a limited amount of user information. The attacker's access was revoked, and we are currently reviewing our security posture. We are currently drafting a blog post to outline the timeline and the steps we took to mitigate this. In the meantime, we strongly suggest you to rotate your login info by signing in here to our internal SSO, which is a temporary fix to ensure that the attacker cannot modify any packages published by you. — Andrew Gallant on BlueSky

And it leads to a GitHub login page that looks like this:

A fake GitHub sign-in page. — Barre on GitHub

Several maintainers received it — the issue is being discussed on GitHub.

The crates.io team has acknowledged the attack and said they’d see if they can do something about it.

color npm package compromised

Sep 08, 2025

4 min #npm

On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing backdoored versions of his package.

Someone noticed and let Josh know:

Hey. Your npm account seems to have been compromised. 1 hour ago it started posting packages with backdoors to all your popular packages. — Charlie Eriksen on BlueSky

Josh confirmed he’d gotten pwned by a fake 2FA (two-factor authentication) reset e-mail:

Yep, I've been pwned. 2FA reset email, looked very legitimate. Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again. Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up. — Josh Junon on BlueSky

The phishing e-mail came from npmsj.help (registered 3 days prior) and claimed users had to reset their 2FA:

The science of loudness

Aug 22, 2025

13 min #audio · #maths · #physics

My watch has a “Noise” app: it shows $d B$ , for decibels.

My amp has a volume knob, which also shows decibels, although.. negative ones, this time.

And finally, my video editing software has a ton of meters — which are all in decibel or decibel-adjacent units.

Summer fasterthanlime update

Aug 15, 2025

8 min #meta

There are news!

Cool Bear's hot tip

TL;DR: If you’re a patron or sponsor, check your Profile page to get detailed explainers of every perk. You’ll need to log in. Duh.

Here are all the changes I’m implementing, summarized as a table:

Before	After
📚 Articles remain exclusive for 6 months	Early access (couple weeks) for Silver tier
🎞️ No early access for video