Threads for apromixately
-
I’ve always disagreed with “the language should make everything explicit.” It freezes you at one layer of abstraction, the one chosen by the designer. (And I don’t believe the “you can look at code and tell what assembly it emits” part. Not even C has that. If it were true, the optimizer would be too hamstrung to be any use.)
Making you type in destructors manually seems like a bad idea. If it’s too hard to tell when destructors are being called, couldn’t you have a tool or IDE annotate the code for you?
if you’re reaching for cyclic data at the application-level, you’re probably looking to model relations, in which case just use (a linear handle to) a relational database.
So once you need to go anywhere past the only-one-reference limit, you end up entirely outside the language where it can’t help you at all anymore. (Plus you’ve just incurred several orders of magnitude of performance overhead.)
I do agree it’s super cool that experimental languages are so easy to create now! Even if I don’t like all the resulting languages.
-
if you’re reaching for cyclic data at the application-level, you’re probably looking to model relations, in which case just use (a linear handle to) a relational database.
So once you need to go anywhere past the only-one-reference limit, you end up entirely outside the language where it can’t help you at all anymore. (Plus you’ve just incurred several orders of magnitude of performance overhead.)
In the original quote I linked to a post on modeling Relations in Cell. I knew that this sentence might draw some discussion, so let me expand on this point a little.
Relations don’t have to be modeled using a relational database; I used this example because it is one that ties into linear types. There are a lot of ways to model relations: through encapsulated state with a correct public interface, through applying data-oriented design principles, to reify relations, through another level of indirection by use of arenas, and so on. Some of these techniques are pretty fast, so modeling relations doesn’t necessarily incur a huge performance overhead. Indeed, the language Cell supports modeling relations in the language itself. I think languages should think more about handling relations, not less. Most real-world data is relational in nature.
When modeling free-form relational data at the application level, in the context of a long-running system, it makes no sense to roll your own subset of a relational database, except in a few exceptional cases where the performance is needed (e.g. game) or the relations being modeled are unlikely to change (e.g. compiler). If using relations to express some internal transformation more efficiently, by all means, skip the network hit and reify your relations at the library level.
-
Cell is very interesting! I had its website open in a tab for months and kept reading bits of it and thinking about the ideas. (I was working on a b-tree storage manager at the time and would muse about how to add relational features without introducing a whole query language.)
So yes, I totally agree about language support for relations. But that would require a third category of type, right? Value types, Linear types and Relations.
-
-
I find it weird to consider C a language that makes everything explicit since when you call a function in C that function can pretty much do whatever it wants to your entire universe. That seems like the opposite of explicit. But maybe calling opaque functions is not a consideration in this discussion.
-
Well, if everything were that explicit we’d just be writing state diagrams for Turing machines or something. It’s hard to write real code without subroutine calls!
The explicitness here is that C models the way you call subroutines with PUSH/POP and JSR/RET instructions in assembly.
-
-
I’ve always disagreed with “the language should make everything explicit.”
I don’t like it either, but there are definitely communities of people who like C, and who like Zig. There’s a demand for this sort of language, I think.
It freezes you at one layer of abstraction, the one chosen by the designer.
Exactly. This is a feature, if you are the sort of person who doesn’t like abstraction, because it gets in the way of understanding what is happening during execution.
And I don’t believe the “you can look at code and tell what assembly it emits” part.
I think this is a slogan that doesn’t fully capture the requirement. You have a simple language with a corresponding simple model of program execution, “at the layer of abstraction chosen by the designer”. And you can use this model to understand what a program will do by reading the code and executing it in your head, with all of the actions explicit, nothing hidden behind pesky abstractions.
Making you type in destructors manually seems like a bad idea.
Or, with different requirements, it may seem like an excellent idea. Destructors have side effects (freeing memory, closing files, etc). If destructors are implicit, you can’t see the order in which side effects occur by reading the code. In this version of reality, all side effects should be explicit in code.
if you’re reaching for cyclic data at the application-level, you’re probably looking to model relations, in which case just use (a linear handle to) a relational database.
So once you need to go anywhere past the only-one-reference limit, you end up entirely outside the language where it can’t help you at all anymore. (Plus you’ve just incurred several orders of magnitude of performance overhead.)
I don’t agree that you use a relational database in this case. You use an Entity/Component architecture and Data Oriented Programming. Done correctly, this provides better performance than object-oriented programming using a graph of objects connected by pointers. For example, the Zig compiler was recently rewritten in this style, for significantly improved performance. I read some of the code, and it was educational, because it’s faster code than anything I would write in one of my preferred programming languages.
-
For example, the Zig compiler was recently rewritten in this style, for significantly improved performance. I read some of the code, and it was educational,
Do you have a suggestion what to read or some other link?
-
If you enjoy watching talks, here’s one I did on this topic: A Practical Guide to Applying Data-Oriented Design
-
For “how it works”, zig’s AST would be a good case study. The source is quite readable, as it’s self contained and independent of the rest of the compiler
There’s also a great explainer post:
-
This is a good overview of the architecture of the new self-hosted Zig compiler: https://mitchellh.com/zig
-
-
-
-
In my opinion, this needs the “rant” tag. This reads as a C++ programming bitching about C not being C++. Looking at the code in question, it’s fine; I’ve seen (and worked with) way worse in my time (
int,longandX*are all 32 bits in size and interchangable, for instance). The only time I end up usingvoid *is when I use functions likeqsort()orbsearch()or similar style functions (and even then, it’s not bad (unless you aren’t used to it andvoid *jumps out at you in code like this).Portability with
ifdefis unfortunate, and I personally try to avoid it but there are cases where it’s unavoidable, like this example from my own code (and to the author’s point, I don’t own a Solaris system to test this, but I do know of an organization using this code currently, so it stays).The author goes on to complain about build systems in a rant about C, and then goes into some build took the author likes written in C++. Okay, we get it! C is not C++.
-
A little bit, yeah. It starts off good but quickly veers off-track of
goaccessitself. They’re reasonably correct about thevoid *‘s being overused, there’s a good double handful of functions that takevoid *arguments and then immediately cast them to a known pointer type for some reason. But I don’t find the ifdef’s particularly excessive and there’s not really much point in complaining about null-terminated strings in C code.All in all, my experience is that a skilled C programmer will commit much worse crimes without batting an eye.
-
Where do you feel the
void *‘s are being overused? If it’s in the code I linked to, that’s because of the C API toqsort()orbsearch()where it’s unavoidable (unless you want a bajillion different implementations). And as a “skilled C programmer” I don’t consider what Wayland did that much of a crime (if you are indeed talking about intrusive structures).-
I would expect they are talking about wl_container_of abusing memory location to get to a parent container.
-
-
Fair enough. I do that myself, but I wrap the actual “crime” in a function. For example, from a Pascal compiler I’m writing [1]:
else if ((tree = find_node(state,ID_VAR,state->token.value.identifier)) != NULL) { var__s *var = var_from_tree(tree);The
var_from_tree()is doing the work here, and it’s defined as:static inline var__s *var_from_tree(tree__s *tree) { return (var__s *)(((char *)tree) - offsetof(var__s,tree)); }C has
offsetof()for a reason. (Note: I’m using an intrusive tree structure in my var structure in case it’s not clear.)[1] For an 8-bit CPU, in my spare time. I’ve been working on it for a few years now. No hurry to complete it.
-
-
-
The example given:
find_color_in_list()and related functions. There’s also a few other functions that do similar things:start_server()andread_data()in gwsocket.c and probably one or two others right now. Upon inspection they miiiiiiight be that way ‘cause they’re used as generic callbacks? If that’s the case, then that’s just what you gotta do and you can’t really blame the victim there.
-
-
Wait a wayland seat isn’t allowed to have more than one keyboard?
-
-
-
-
-
-
-
Oh, my…that’s hot.
-
-
It’s a normal iTerm setup with its theme set to Compact, and “Dim background windows” enabled. The borders and shadows are drawn by my spoonfish window manager that I’ve been working on lately to emulate my sdorfehs X11 window manager.
-
-
-
aidancully
6 months ago
|
link
| on:
Correlation between experience and efficacy of programmers [pdf]
Seems like interviewing could be improved with judicious application of electrodes and eye trackers. (Satirical for now, but I’m a natural pessimist, and can imagine this gaining traction if there’s a sufficient power imbalance between the hirer and the candidate.)
-
You just have to convince the candidates that they would be the ones doing well at such a test. ;)
-
-
I think this doesn’t work if you use ssh-agent, right?
-
Does ssh-agent handle multiple keys? Yes, you have to tell ssh-add the key’s file names. But if you are security conscious and does not trust your remote machines, you must not forward your ssh-agent. You can also launch multiple ssh-agent instances, each handles a single key, then even you have to forward that single ssh-agent you don’t leak others. Though I believe the management of these suddenly becomes overwhelming. I prefer just open multiple local accounts, each used for a distinct set of projects.
-
IdentityFileis respected by ssh-agent. I believe that even if your agent is non-standard (e.g. you’re using 1Password as your ssh agent), you can useIdentityFilewith a public key file, to only offer that public key. I think you might also needIdentitiesOnly yes, based on a bit of testing; but you can set that at the top level.
-
-
I feel like it’s my obligatory “use Vivaldi” comment. The core functionality of Chromium is really great from a technical perspective. What you don’t want is all the “google phone home” nonsense. So just don’t use it. Vivaldi comes with ads/trackers blockers built-in.
-
Ungoogled Chromium is a much better choice for addressing the concerns expressed in the webcomic.
-
-
-
-
Chrome and Firefox are open-source on paper only. You have no say in how they’re developed unless you work for a trillion dollar advertising company, can’t contribute code unless it’s your full time job, and can’t ever hope to audit even a tiny fraction of the tens of millions of lines of code even if it’s your full time job.
-
Can’t comment on Chrome, but for Firefox I can personally tell you that is not true. I scratched my own itch in the developer tools when I was in high school. Was it easy? No. Was it impossibly difficult? Also no.
(In fairness though this was easier with the developer tools than with, say, Gecko core.)
-
-
Their explanation of why their UI is not open source. To be perfectly honest, though, you’re clearly not coming from a place of honest exploration or debate.
-
I’m coming from a place of dismissing closed-source browsers. I don’t think that’s unwarranted. We have really good open-source browsers.
When the concern is that Chrome is phoning home and invading your privacy, it seems absolutely bonkers to me to suggest that switching to another closed-source browser is the solution.
-
-
-
Serious question: aren’t cryptocurrencies subjectively bad? Some waste energy, some things don’t work, a lot of things are scams., the main use is for illegal trades. Is there something amazing somewhere that I am missing?
-
-
-
-
-
There is nothing crypto-related with Vivaldi. It’s just a browser.
-
-
-
This is really cool but couldn’t you just run everything in Wine or Dosbox or Virtualbox?
-
-
z3bra
1 year ago
|
link
| on:
Running your own email is increasingly an artisanal choice, not a practical one
You can run a little artisanal one and feel happy about it, but it will not at all measure up to the quality of systems run by eg Google and Microsoft.
This does apply to basically every techno out there: Web servers, DNS, container platforms, online storage, backups, visioconference, … you name it.
The “artisanal self-hosted” versus “huge, company-owned” software stack has been the case for many years now, it has never been “increasing” IMO.
-
Yeah, I wanted to say something similar. I think the discussion here applies to everything but in different ways and I don’t know why people seem to mostly discuss it for email.
IM is way harder than email. You basically have XMPP which I use a lot but it’s basically shite or …nothing. You can do IRC which works okay but without most of the features or you use one of the big services.
Calendar sharing, Nextcloud sort of works. But only sort of.
Web servers are pretty doable but also way harder to set up than should really be necessary and let’s be honest, who even needs a webserver anymore?
The list goes on. Maybe this post would be more interesting with a list of cheapish well managed services for people who at least want to move away from the “I am the product”-space.
-
-
Yes, I do too but mostly for other services: e.g. webmail, gittea, nextcloud. For just hosting a personal website it’s kind of overkill.
-
-
-
True! It’s not better though.
-
-
-
-
-
So, all the agreeing people here pay for their linuxes? Do you pay per machine? Per year? Both?
-
-
-
-
-
-
okay, but how is only the company benefiting if you are earning a salary from said company. Seems like a strange difference you are making up. You are part of the system. If you think maintainers should earn money, give them money and maybe also evangelize that thought in the company you work for.
-
I didn’t say only the company is benefitting, but it is disproportionately benefitting. You can bet that I’m not paid even a tenth of what my share of the profits would be if they were divided up among all employees. But then, that’s capitalism. My point is that corporations handily exploit OSS developers.
And btw, I do and have evangelized it. We have a Red Hat enterprise support contract so we are at least partially funding open source development work. And I am recommending ways to contract with other open source providers as I feel that’s a sustainable model for everybody.
And in any case, saying ‘You are part of the system’ is not actually a way to invalidate someone’s argument. Yes, we are part of the current world and live in it somehow. Does that mean we can’t speak up about it wanting to be better?
-
-
-
-
-
-
-
-
Just to sum up what apparently all comments are saying: Layers are the best! Please don’t be discouraged while learning them!
-
I am having trouble following.
Are you saying that the security proof for the KDF security of HKDF breaks when you use it twice with the same input but different salts?
-
It’s not that a proof is broken.
It’s that you’re now outside the specific definition of the primitive, and have to assume a fallback to PRF security rather than KDF security.
In order to meet the PRF security bar, your IKM cannot be structured. It must be uniformly random. KDF security isn’t as stringent.
Misusing HKDF salts doesn’t “break” anything, it’s just the security proof equivalent to undefined behavior. It might be okay; good luck proving it’s okay.
You might be able to recover the proof, but the work is not already done for you. A broken proof would be unrecoverable.
-
And how did you come to this conclusion, that it’s not allowed to pick a random salt? The paper seems to say the opposite: We stress that this notion of security can only be achieved for randomized KDFs where the salt value r is chosen at random from a large enough set.
-
-
Right, because there is only one random value in the game for the security definition, the definition does not apply when the attacker is allowed different random values.
Looking at it further, isn’t there an even bigger problem, that this definition also requires that the attacker does not know the context?
-
Looking at it further, isn’t there an even bigger problem, that this definition also requires that the attacker does not know the context?
Definition 7, steps 4 and 5 gives the attacker control over the context passed to the KDF in the distinguishing game. Control is a stronger notion than knowledge, so their knowledge of the context is implied.
-
But isn’t A only allowed to pick c other than the challenge c? Does that still imply knowledge of c? It’s probably in the details somewhere, I just haven’t seen it.
-
-
-
-
-
So the deal is that the proofs of KDFs put constraints on the salt that your “salting” might not meet, but they don’t put those constraints on the info field - the proofs assume that the info field might contain non-uniform random data, or even predictably structured data.
So if you want to rely on those proofs, best to stay within the well-lit area and stick your extra non-uniform randomness in the info field; if you were to stick it in that (oh-so-tempting) salt field you’re now outside the proof assumptions & it’s possible that you’ve just weakened the KDF you’re using.
Have I got that right?
-
Yep. The worst case scenario is:
- You’re using a construction that uses HKDF because it needs the “KDF” security definition rather than the mere PRF security definition. This happens when your key isn’t uniformly random (computer-generated passwords, DH/ECDH outputs).
- You use the HKDF salt field in a way that violates the security definition, so you only get PRF security.
In this situation, you can’t claim to have a security proof unless you do extra work to recover the proof.
-
-
-
-
If Signal only knows when you signed up and when your account was last active how do they route messages? I mean, they can delete the information upon receipt but they need to store pending messages and they will know who sent them.
-
I think this is what rubbed me wrong about this particular article. Yes, Threema was being fast and loose with their statements, but so is Signal. I like the articles that the auth puts out, but I do wonder why the same ire isn’t directed at Signal for IMO being just as misinformative about it’s security properties.
Signal alludes that they have no data to give up, but that is either wildly inaccurate or out right lying by omission. In my experience, sure authorities want content but they rarely expect to get it. Instead they’re usually after all the metadata; IPs, timestamps, account IDs etc. These are conspicuously missing from the list they keep putting out about what they don’t log. For the most part IPs and timestamps will get you 90% of the way there. All that other stuff like contact lists, group avatars, profile names, etc. None of it is the stuff they’re actually after.
Sure, Signal could be deleting logs with IPs or ID information. But that is most likely illegal, and it’s taking their word for it at best.
I could be wrong, and maybe there is some literature out there about how Signal blinds themselves from sender metadata while still being able to route message, but I haven’t seen it. I’ve seen the beta sealed sender but that still does not discuss things like IPs and timestamps.
-
I like the articles that the auth puts out, but I do wonder why the same ire isn’t directed at Signal for IMO being just as misinformative about it’s security properties.
From the article:
The reason you hear less about Signal on blogs like this is because, when people like me reviews their code, we don’t find these sorts of problems. I’ve tried to find problems before.
-
-
-
My practice routine used to consist of idling on ##c on freenode, looking at questions people were having with regards to C and solving any code problems they come up with. I usually made sure that if I were to send the person the code it was either instructive (in the case of outright rewriting what they wrote) or didn’t completely solve the problem (in the case of questions on how to do something). This meant I could solve problems I would not normally spend my time solving, keep my understanding of C very sharp and provide a high quality of help to people asking in the channel.
-
This is both brilliant and obvious. Obvious in the sense that helping others helps yourself; it’s a tried and tested method. Brilliant in the way that skill sharing is not something ingrained in the culture.
Don’t get me wrong - there are a lot of places to get help on the internet and that’s a great thing. But you’ll know it’s part of the culture when “productivity” is measured - in part - by the amount that you help other people.
-
Ex #linux (IRCNet) and #csharp (Freenode) hanger-outer here, learning in the same way. Free time? See an interesting question? Try to solve it. If it seems like it’ll help, post it. The original requestor or others provide more info and you end up with a full picture. A fantastic way to learn.
-
Did you do this on your own time or as psrt if your job? For the discussion on the industry culture that would make a big difference.
-
-
-
Just say no to cleaning up git history people! You don’t look at it enough to pay off.
Unfortunately, I don’t have data to back up this claim. :/
-
-
I look at it easily more than 10 times a day. I do think you are on the right track as to why a large population of developers don’t take the time to write useful commit messages. They treat think of it as a write only medium. If I used the git command line or the GitHub web UI to navigate history I wouldn’t check the VC history so often.
-
-
Right, I am totally for writing good commit messages! They should contain a description of the changes and a link to the ticket. That way you get requirement + architecture idea. But I never look at the graph structure.
-
-
-
-
A bit confusing. First, the premise is that people don’t want to give away their phone number, but the people who enter the number don’t see if it is getting hashed. Second, is it actually true that people are hesitant to enter their phone number because of spam? Phone numbers used to be in big public books! Third, brute-forcing a phone number is really easy, so hashing it doesn’t provide a lot of protections.
So, I guess the protection is weak but the target is also low value so it kind of makes sense…?
-
A cookie warning for reading a blog?
And not opt-in?
-
I have my own gripes about the awkwardness of
git pullbut goodness this is a … long, long post with a lot of inconsequential banter in the middle that makes it truly difficult to root for the author in this.-
This blog post was sent out on the git mailing list. https://public-inbox.org/git/60e325175e689_1baed32081c@natae.notmuch/T/#u
This is mostly a git hacker attempting to justify a change to other git hackers. Documenting the other attempts and why they didn’t get in is the primary goal.
That prevents the same mistakes from being made, and the patches being rejected for the same reasons.
The audience for the post is git hackers needing a refresher on past attempts at improving the situation, not internet randos looking for an entertaining grouse on why
git pullsucks. -
I’m glad I’m not the only person who felt this way. There’s an awful lot of specific focus on the exact people who took place in the discussion and a lot less effective summarizing of the discussion. The author talks about how they used to be very abrasive, and I’m not getting the sense that they’ve moved much past it. It feels like there’s a lot of implicit axe-grinding happening here.
-
I’m not sure what the author’s goals are but highlighting these kinds of community issues might also be valuable.
-
-
The author seems frustrated and explains why.
The purpose of the post is to “document all the discussions related to git pull and its default mode,” so it makes sense there would be a lot of inconsequential banter. As the author notes, there hasn’t been a consequence to all the banter! 🥲
-
-
apromixately
1 year ago
|
link
| on:
10 years Sabotage Linux - The history of the first musl-based distro
I don’t enjoy writing Rust and I don’t like that it cannot be bootstrapped from C. But, it is really ill-informed to call Rust security theater. Rust solves real issues!
-
I would be interested in a one handed keyboard but I would want quite a bit more buttons. Probably not this though: http://www.maltron.com/single-left-hand.html
Ouch.
Apparently there is -numerics=py which fixes it!
You’d think this would be the default! If you’re attempting to appeal to Python having teams, you’d probably want to be as compatible as possible out of the box. Weird.