1.
function f() { return 42; }
function g() { return 42 + (Math.random() < 0.001); }


any testing-based approach will very likely report that f and g are equivalent

1.

And if that doesn’t fool it, this almost certainly will:

function f() { return 42; }
function g() { return Math.random() < 0.001 ? 1000 : 42; }

1.

With a code coverage tool that measures branch coverage you could know that your test didn’t exercise all branches of this code.

So to answer the OP: if you can find a code coverage tool with which you can measure a sufficient coverage metric (e.g. multiple condition decision coverage), you can create a test set that covers the code you intend to replace, in the sure knowledge all cases are covered. Then assert your replacement passes the same test set. It’s not a proof, but perhaps it’s enough for your needs.

1. 2

One question I had about Zig that I can’t seem to find an answer to in an admittedly cursory look is what does it have for multithreading / parallel processing? I won’t look at a new language that doesn’t have thread support builtin.

1. 5

this is in process, see https://github.com/ziglang/zig/issues/174 for an overview and links to relevant issues.

Coroutines have already landed on master: https://github.com/ziglang/zig/issues/727

1. 2

I won’t look at a new language that doesn’t have thread support builtin.

Funnily enough, I’d say that I wouldn’t get excited at a new language that does have thread support builtin.

My reasoning is that the operating system should be enough for scheduling.

Now, I know I’m probably biased by my work on Jehanne’s kernel and the Plan 9 style, so I’m sincerely curious about your opinion.

Why do you want more schedulers to integrate instead of using just the OS one?

1. 1

Threads are OS-scheduled too; they’re a kernel-provided parallelism API on both POSIXey systems and Windows. Maybe you’re thinking of green threads or threadlets or whatever?

1. 1

Maybe you’re thinking of green threads…

I thought @jdarnold was talking about green threads, coroutines, and other similar techniques that are usually provided by language specific virtual machines.

Pthreads are not language specific: they are a C api that any language could wrap, but not something that requires particular support from the language.

2. 1

Because threads are necessary for modern programming. If you want to take advantage of processor and OS level threading, how can you do it if the language doesn’t have some way of taking advantage of it? I’ve spent far too much time trying to figure out all the various ugly threading problems in other languages and I think the language should “just do it” for me.

1. 3

The things I use that haven’t been mentioned elsewhere:

• klaus for git http frontend (it’s the simplest one I could find, and I think it looks nice and tidy)
• umurmur for voice chat with friends (it’s a lighter-weight reimplementation of murmur, which is the server for the mumble client)
1. 4

It’s only a single SELECT statement if you don’t count the SELECT statements used in the CTEs (common table expressions) and the SELECT statements used for subqueries in the WHERE clause. It’s a cool implementation despite the misleading title.

1. 11

Eh; it is, to the letter of the law, a single SQL statement. I think it’s impressive, and have no qualms calling it a single statement.

1. 2

There was some super interesting related work to this at SIGGRAPH a couple years ago as well:

http://web.engr.oregonstate.edu/~mjb/cs550/Projects/Papers/CSemanticShapeEditing.pdf

It seems like the general state of semantic editing is that it works in some very specific conditions but when those conditions are met it works unbelievably well.

1. 2

I don’t understand, isn’t this just modifying your own hardware? Why is this treated like some great tragedy?

1. 1

Because this lets you exploit anything using NVIDIA’s Tegra and that includes things like Tesla vehicles.

It’s super cool that you can mod your switch/tesla now.. but also super not cool that you can’t prevent someone else from moding it for you.

1. 2

Wait, so it’s a remote sploit? Or you mean if you give your Tesla to your mechanic they can mod it? Or something else?

2. 1

Presumably because it makes for better headlines? Local code execution on a game console seems interesting only if you figure out something better to do with your game console than playing games.

1. [Comment removed by author]

1. 3

But it goes the other way too. Github (and Gitlab/BitBucket to some extent) really promoted the “social coding” … the ability to fork, edit, commit and pull request back into a project has really sped up development of a lot of projects; allowing developers to start contributing to projects to minor bug fixes all the way up to large feature branches.

I wish this was built into the protocol itself; to allow a means to offer contributions to custom/federated domains in a standards compliant way. Fossil at least provides its own standard web interface and issue tracker.

I suppose you could run your own version of Gitlab or Gogs and allow limited signups only for project forks …

1. 7

It actually kind of is built into the “protocol” (well, into git). It’s why git request-pull exists and why github decided to call these things “pull requests” when they’re more usually merge requests.

1. 4

Yes I agree. I think we either need to write an activitypub implementation for issue tracking / wiki / project management or have some good set of tools for bugs/wiki/pm for git that are all bundled together under one project that are accessible from a web interface like cgit.

1. 3

I’ve taken to using http://mrzv.org/software/artemis for issue tracking. It just uses a maildir for each issue (identified by hashes), stored in a .issues directory. Metadata (status, assignee, whatever) are just headers of the ‘root’ messages of the maildirs.

I’ve made a few convenience scripts around this, e.g. an EDITOR script which opens emacsclient in an email-composing mode. Generating Web pages from these is easy enough using MHonArc, although it’s not the prettiest ;)

1. 3

I haven’t tried Artemis myself but anything like this that embeds issues in the repo itself (and as regular files, so it’ll work across VCS’) is a good thing IMO.

The missing part is usually a web viewer (or editor!) for issues, so that non-dev staff can make use of it too.

2. 2

I also self-host git and really like klaus.

1. 1

I would also look at stagit

Stagit looks pretty nice. I’ve been using git2html, but the filesize gets a bit ridiculous. I’ve ended up skipping all commits except HEAD, which is obviously not ideal.

1. 1

Maybe I’m just not the intended audience, and therefore miss things, but I’m sad to not see Julia being a much more popular language.

edit: I take that back. The language seems ro be thriving for its intended audience. Maybe it’s just not well suited as a general purpose lang, or, it is, but the focus isn’t there.

1. 3

Personally I find that there’s a number of aspects of Julia that make it great when I’m doing numerical work but make it frustrating to do software-in-the-large. Static duck typing, in particular, means that if I can keep the whole system in my head I can be super productive, but if I can’t, there’s a lot of trying to infer intent from source code. That means I pretty much only use it for exploratory work (I do computational geometry); if I’m making production software I switch to C++. I do really love using Julia for what it’s good at, though!

1. 0

I feel you there. Easy syntax, dynamic, macros, compatible with C, compatible with Python, use proven stuff for number crunching… lot of good stuff. I remember griping about how Go had little innovation while Julia was more like what Google shouldve built.

I was thinking more the feature set then but now I also see some requirements overlap, too.

1. 10

Question:

What about it is more “intuitive”? Programmers tend to use that term a lot and assume that it will be clear what they mean. I use du sometimes but not often. It’s not clear to be what about Dust is more intuitive. When you have time, I’d suggest updating that first paragraph to explain more fully rather than hoping folks understand what you mean by “intuitive”.

1. 6

Great point. @bootandy is the author of the tool, and was gracious enough to accept some of my PRs for it a little while back (my laptop is named “djin”, if you look closely at the readme).

I’m posting this here because it’s the point of jumping off for what follows; I’ll probably add it to an issue or PR or something, but really, Andy’s the author and has the best ideas about what it’s for. But as someone who happens to use du and other tools like it frequently, I was instantly hooked on dust (ha!).

1. I use du and friends when I notice, for some reason (hopefully because my eye caught a number that was not yet too small), that a partition is not as empty as I thought it should be, or something like that; maybe I’m really just curious. But the fundamental mystery to be solved is, “What is eating all my disk?”

2. du has a number of ways of showing you what it finds, in terms of disk consumption, but really, there are only one or two ways you invoke it: with -h for “human readable” units, like 100G or 89k, or with -b for “bytes”. The former is used for a quick survey of a directory with a small number of things in it, and the latter for when you have a bunch and need to sort the output numerically, and you’re obligated to either further pass it into something like awk to turn bytes into the appropriate human-friendly unit like mega or gigabytes, or you just do some rough math in your head and use the ordering to sanity check. Then once you have the top offenders, you recurse down into the largest one and repeat the process until you’ve found your cruft or gems and can move on.

3. dust assumes that’s what you wanted to do in the first place, and takes care of tracking the largest offenders in terms of actual size, and showing them to you with human-friendly units and in-context within the filetree. Huzzah!

1. 8

For what it’s worth, sort has a mode for sorting “human” numbers with the SI-ish suffixes: -h or --human-numeric-sort. Not to say the other reasons for dust aren’t good ones!

1. 1

I’ve been doing this kind of thing for more than twenty years, and I’m still learning things like this :)

2. 2

Those are awesoe reasons for using dust. I think something like that should be front and center. It would certainly get my attention as a only occassional user of du.

3. 4

I think @nebkor answers it very well.

Intuitive is a subjective thing. But here are the reasons I made the tool :

1. I don’t want to remember that -h is for human readable output.
2. I don’t want to have to sort and head things. (you need to remember to use -h with sort too)
3. Once I have found a big directory I usually want to look inside it straight away to see why it is so big.

1. 2

I like how this gets downvoted as “off-topic” while this, this and this (same topic) got upvoted.

See, ya’ll do have a cultural problem. On topic.

1. 8

Two of the three stories you linked to also have a significant number of off-topic downvotes, so maybe people really do think this class of content is off topic.

1. 5

Those were on topic because they were centered on tech (though they each got a number of off-topic flags nonetheless). This is not.

Edit: Chatting with itistoday, he gave a timecode for where they talk about Damore that I’ve added into the link.

1. 1

Edit: Chatting with itistoday, he gave a timecode for where they talk about Damore that I’ve added into the link.

Thanks, and for whatever reason the link isn’t pointing to the timecode, which is at 34m17s, so here is a direct link to where they talk about Google’s James Damore case.

It’s also relevant/interesting banter/convo for moderators on social media to consider, IMO. Those in “tech” are increasingly finding themselves now to be stewards of what is and isn’t socially acceptable.

1. 6

I’ll note in this that he puts emphasis on NLRB confirming they could fire the guy. Technicalities and ideal world aside, you can get fired for about anything or nothing in many (most?) states. This is double true if your company has a bigger legal team than you. Companies led by conservatives do it all the time. I have plenty of first and second hand accounts of that which will never be in one of these talks since they don’t look for them. Republicans, the conservative party, also are fine with workers not having rights in the first place (i.e. “at-will employment”) while owners/shareholders get all kinds of special treatment. So, some guy getting threatens his company’s image with them trashing his career. That’s totally normal for big firms. The ability to do that is certainly worth fighting but this isn’t new or just anti-conservative.

The first, good claim was where guy in red said something based in culture would be easier to democratize than something based in biology. Trying to quickly refute that made me go back and forth in my head a bit. This one is worth some deep thought on since it seems to have a lot of truth built into it. I think religion, which he brings up later, weakens his argument a bit on culture being so much more amenable than biology given conservatives of several groups will go with words from anonymous sources on paper or other influencers in day-to-day life over actual evidence of what people do any time or day, especially from biology research. I think him making culture seem more malleable than biology is weak given they reinterpret biology or other sciences using their cultural views. Changing data to fit one’s theories isn’t science: it’s supposed to work other way. ;)

Note: The reproducibility crisis, fraud, lack of checking, etc shows quite a bit of science operates as a religion as well. They deserve to be called out, too. If you see “science” here in positive light, it’s about those actually taking hard looks at stuff responding to peer review.

The woman on the left mentions people get fired or worried about it because they dared to have a different opinion which was (conservative traits here). What she leaves out is these types were protected for all kinds of unsubstantiated, annoying or screwed up opinions for a long time with folks truly different (eg liberals, gays, blacks) taking the damage from them. Often still true. Declassified documents even had the U.S. government sending teams to infiltrate them, get them to break up with spouses, dangerous experiments, and sometimes murder with stuff like syphilis or uranium. Then, in some places, the power structure has shifted where people of different beliefs have reversed whose the outsiders with the penalties so far being financial or social ostracism. Not as bad as those before them but certainly bad. The logical conclusion in a fair discussion is bringing up both systematic oppression of unusual ideas (or even decency) by both conservatives and liberals to show how universally damaging these patterns are. Then, one presents methods to counter that when both (all) do it. That they’re focusing on one as aggressor and one as victim says this move might be propaganda similarly to the subset of liberals conservatives call SJW’s. Bonus points for her bringing up religious as a form of victimization when church-backed laws are denying people rights in states everywhere with the older ones actually advocating murder of atheists or pagans with rocks to head or fire to body.

Best part of this video for me happens when woman in the middle talks about whether we should question beliefs or be obedient/sensitive. That starts here. She describes how she teaches things with expectation that people will question everything about them to learn. However, when she got texts on feminism, whatever those were wanted unquestioning belief with straight-up insults or making villains out of people who asked questions or otherwise rejected the core doctrines. That’s a real problem that applies to more than feminism which I’ve fought here on this site usually on the liberal side where disagreement equals some evil or in this case some BS by conservatives that’s setting them up as victims instead of people with often-aggressive views folks disagree with or react to in typical ways. I agree, though, people should ideally always be able to disagree with your views in a rational manner analyzing what they’re built on, the truth of that, the truth of what follows, traditions, reforms, and so on.

Preferably, we make this something that can’t get us ostracized from our social circles, workplaces, etc. I’ve seen specific people do better than average here and elsewhere on these things where I know it can happen in smaller groups or incrementally. We better know it’s not going to happen in the big picture, though, because the ingroup vs outgroup mentality is probably… biological! It’s an inherent weakness of how the mind works across most of the human race that we must accept will keep all this going. You see this when they, like most groups, don’t falsify the very beliefs they’re presenting even as they talk about falsification of beliefs. That they and their opponents have this weakness… like all of us… means it’s even more important to legitimize disagreement, eh? And yet, the same trait is why each groups’ sides that are highly emotional and/or dogmatic don’t want to allow that. They want all disagreement silenced in some way. (throws hand up) What can be done… (other than call out each sides’ BS when it shows plus encouragement of better paths)

1. 2

Corner case in undeleting - it doesn’t also apply any edits in the form. I’ve added it.

2. 4

I did flag this off-topic, personally. While I’ve always been a supporter of total free speech[1], and while I’m not comfortable with the direction free speech is going those days, I don’t see how this is related to tech or the culture around it in any way.

[1] as opposed to “free speech” where people mean “I (myself) should be able to say what I want while others should shut up” (on both side alt-right and/or SJW)

Edit: after @pushcx’s edit of the story, with the timestamp, this comment is now false (and I removed my flagging)

1. 6

Hopefully this won’t come out as unkind, but the article does seem like an overly long way of saying that “iterable” is what produce “iterators” which you can only walk once. And it’s not actually specific to range(), so why put it prominently in the title?

1. 4

Most probably the idea for the article itself came from someone calling range() and iterator, but I get your point and must agree on how the topic over-extended which in the case of a beginner is even more confusing.

1. 3

I liked the section on how range objects are more like lazy collections than lazy streams (in that they support containment queries, lengths, etc without consuming the range). Agreed that that was not the majority of the article, but it’s still an interesting little morsel.

1. 10

Some aspects remind me of the ACM’s Code of Ethics.

1. 7

This is currently being updated. Here’s the latest draft (3). Here’s the diff for Draft 1 from the 1992 version.

1. 6

I can take the ACM version more seriously, since it presumably entails some means of enforcing this contract. Without that, this is just… well, a nice expression of good intentions. But, ACM membership isn’t much of a requirement for practicing as a “computing professional”, nowadays.

When being kicked out of the ACM for violating their Code means that your career is effectively over, then we’ll be on par with the other engineering disciplines – doctors and lawyers aside. I think we’ll get there eventually, but it may take quite some time. The professionalization of civil engineering, for example, took many decades of collapsing bridges and the like.

If you’re serious about any of this, go study some history.

1. 4

To really be enforceable it’d need more than ACM being able to kick individual computing professionals out; it’d also need ways to effectively enforce it against the employers of computing professionals, who are often ultimately the ones asking employees to do unethical things (there are also “rogue” unethical acts, but I don’t think it’s the biggest part of them). In legally regulated areas of engineering that’s done with laws that make it very bad for employers to pressure or retaliate against engineers doing certain kinds of work. If you’re fired for refusing to do something that violates civil-engineering ethics, you can sue, and the company can also be subject to fines/sanctions. I don’t see a near-term mechanism where someone at Google or Amazon can say “no” to a manager’s request, citing a professional code of ethics, and be legally backed up in doing so, which is what would be needed to give it teeth.

1. 1

When being kicked out of the ACM for violating their Code means that your career is effectively over… I think we’ll get there eventually, but it may take quite some time

Wait, hold up; are you saying that this would be a good thing?

1. 9

If we’re going to use terms like “good” or “bad” here, it would help to qualify for whom. To the point, “bad” for practitioners who expect to make high wages with little or no formal training, accreditation, or personal responsibility for the consequences of their mistakes (honest or otherwise) may well be “good” for the general public. It can get pretty complicated, especially once you start considering the employers of engineers as ethical agents too.

Yes, I’m in generally in favor of professionalization, but I’m not exactly holding my breath. I think it will happen inevitably, if slowly, as a consequence of our field maturing and society realizing how potentially dangerous our work really is.

1. 2

I agree with your analysis in theory, but I have a near 100 kg objection: me.

I have no formal training. I’m completely self-taught. And I really feel this as limit and as a pain.
But I’ve found several accademics and formally trained developers with very weak understanding of their own field.

My recent article about AI misconceptions was born after a debate with an AI researcher and professor.

And in my professional work, it happens even more frequently. I can honestly say that I often meet very incompetent people with both high technical responsibilities and high accreditations from University. And I can also honestly say that several very skilled developers I know, are self-taught geeks.

How this can happen?

My opinion is that our profession is still at its infancy.
The fact that we are afraid of an strongly ethical Oath is a proof of this.

But also, our profession has little entry barrier: everyone can learn how to program if she has a computer.

We should not be afraid of this and create artificial barriers to entry the profession.
We should find something better. What? I do not really know.

But given my experience, I’m not sure that an artificial barrier to entry would benefit humanity.

At least not yet.

1. 1

I hope I didn’t give the impression of being in favor of premature professionalization! I completely agree, the field of computing is still too young to have a really meaningful and enforceable code of ethics, because we can’t yet ground such a code in a strong consensus about normative practice. All the talk of “best practices” mostly goes to show this lack of agreement. Even a brief comparison with, say, the International Building Code shows how weak these norms are.

When there is broad and stable academic consensus about safe and unsafe practices in computing, then perhaps a generation later we’ll be able to hold practitioners to a standard of professional conduct. Again, there is a rich history of this kind of thing in the other engineering professions. The details will depend on historical circumstance, but the general trend is pretty clear I think.

But, even then, I don’t see that having a brighter line between amateur and professional programmer should necessarily discourage amateurs. For example, the aircraft manufacturing industry in the US is very highly regulated. But amateurs can build non-commercial aircraft for their own use without being held to any engineering quality standards at all. The risk in home-build aircraft is mostly assumed by the builder-pilot, rather than the public.

1. 1

I’m pretty sure that one generation is not enough. One generation has already gone, indeed.

and… just to be clear… I’m not an “amateur”! I’m a self-taught and professional programmer. ;-)

2. 5

This is essentially what happens in civil engineering, and to a lesser (but still extant) extent in mechanical engineering. I don’t have anything but anecdotal evidence to support that being a good thing, but I and other people I know who work in mechanical design generally support it. Having the stakes be that high for corner-cutting means that a professional engineer’s sign-off on something really carries weight.

1. 5

That’s how it works for doctors here in Australia; if you commit major malpractice you can be deregistered, meaning you can no longer practice medicine.

None of the doctors I know have expressed any concern about this (the last case I heard of was a gynecologist deregistered for sexually abusing dozens of patients).

1. 10

I’ve been a member of SO since public beta, and have just under 30K rep.

My experience is considerably different. Looking through my deleted items, the ones that weren’t deleted by myself were deleted because the enclosing Q was deleted, and I agreed with every deletion I looked at.

1. 3

Depends on how you use it, and whether you are lucky enough to always take the discussions that are too complex or novel for StackOverflow off the platform right away, or not make them there in the first place. (E.g., effectively, depends on how much trust you put into the platform.)

As I mentioned on reddit, most of the stuff that got deleted for me are actually my own questions, quite disproportionately, where I’ve spent considerate time on doing the research, and where the answer is non-obvious.

If your question doesn’t meet metrics, the StackOverflow company will automatically remove it without any human intervention whatsoever, and block your own access from it, until/unless you have 10k. Is that really fair, after you’ve spent several hours doing the research and formulating a clear-enough question, which is so clear noone has even bothered to provide an incomplete and misunderstood answer for it? There’s really no reason for this.

The toxic part is that when you bring up these kinds of things on meta, they school you into not posting questions that “don’t belong” in the first place, and your meta questions themselves quickly gain -15 downvotes (not -15 rep, but -15 actual downvotes, within a day or two), and get automatically deleted promptly, so, the next person wouldn’t even have anything to refer to (and neither will you have the text in case you wanted to repost elsewhere).

1. 1

If your question doesn’t meet metrics, the StackOverflow company will automatically remove it without any human intervention whatsoever, and block your own access from it, until/unless you have 10k.

I have no idea what you are talking about. Can you elaborate on this?

1. 1

Go to /help/privileges, then the 10k link on StackOverflow to /help/privileges/moderator-tools has the following text:

SO: You also have a new search operator available to find your own deleted posts: deleted:1.

The reddit discussion has a link to the criteria for automatic deletion; in my case, the following seems to have been triggered a number of times:

SO: The system will automatically delete unlocked, unanswered questions on main (non-meta) sites with score of zero (or one, if the owner is deleted), fewer than 1.5 views per day on average, and fewer than two comments that are at least 365 days old. (RemoveAbandonedQuestions)

Basically, when you make that comment that the question is useless, you’re making sure it wouldn’t actually be deleted, unlike a question that’s simply ahead of its time. Duh!

2. 2

I still don’t understand how I’m supposed to get ‘rep’ to upvote something, and I’ve never had the time to understand their internet points system to do so. I’ve been ‘using’ stackoverflow since it came out to beat expertsexchange and usenet, etc. But yea I probably have like 1 rep. I understand why they hold voting, but it always makes me sad when I want to upvote a good answer or downvote a terribly wrong one and I can’t. No idea what the route is from user to community member and no desire to read up on it… which maybe makes me not a community member. :)

1. 8

It’s as simple as just asking and answering questions. I think just asking a single question and accepting an answer gets you enough rep to vote.

1. 6

I also have had semi-decent (if small) success editing questions for clarity. It got me far enough to get upvote/downvote privileges.

1. 3

They require a minimum of 15 rep to upvote, and 125 to downvote, see /help/privileges on each of their sites.

Getting 15 rep is, like, really easy — you get 5 rep when your question gets +1, and 10 rep when your answer gets +1. Basically, all it takes is a single question and answer that someone does a +1 for, and you can upvote. (And you can even ask and answer your own question.)

1. 1

Interesting about that last one, knowing that that might’ve added 10-100 questions to stack overflow, if I’d taken the time to do it. Good to know. I think I have a complex about asking questions online in asynchronous forums. Chances are if I don’t know the answer, I’d rather keep looking than take the time to write it down somewhere and then wait. I’ll usually jump on IRC (or slack or discord these days) if the question is so pressing. I’d have to be in really dire straits to post and wait, it would feel almost like praying for an answer. :) (even tho 9 times out of 10 once I’ve worded the question I’m closer to a solution anyway… like I said I have a complex)

1. 3

You assume that it takes time to get an answer on StackOverflow. IME, very often for the more popular topics, the answer often appears right away within a couple of minutes. Folks race each other to answer first. :-)

(Of course, it highly depends on the tag.)

1. 2

the answer often appears right away within a couple of minutes.

Only if your question is something every mildly experienced programmer would know. As soon as you start asking things a little harder than you are often left without an answer.

1. 1

Yeah I think I was molded in the era of web 1.0 responsiveness (think perl monks) and it’s probably cost me a bit. Not to mention whatever the false bravado/fear of showing ignorance that leads me to not ask enough questions in general.

Duly noted though, thanks!

1. 2

I don’t understand how the C implementation of true is non-portable? I mean, every C compiler and environment I have seen can set main() as an integer, and return 0 to the shell. Can some one explain how the following C code is non-portable?

#include <stdio.h>
int main() {
return 0;
}

1. 9

His complaint is that the executable is not portable, not the source file. The literal file /usr/bin/true on a Linux machine can’t be dropped onto a machine that doesn’t use ELF binaries, for example.

1. 1

That makes way more sense, thank you.

1. 3

It does make more sense, but what doesn’t (to me) is why Pike of all people complains about binary vs. source compatibility.

2. 6

Can some one explain how the following C code is non-portable?

Main must have exactly two parameters (int and char **) or void. Anything else is implementation defined territory.

1. 1

Good call!

2. 1

Saved you some bytes, leaving out the include works fine, no?

int main(){return 0;}

1. 2

Saved you some bytes, leave that to your compilet, he knows his job!

main(){};

1. 11

Thank you for the wonderful comments last week.

I wrote an Earley parser. And a Pratt parser. The Pratt parser is what I’ve been looking for all this time: a modular recursive descent parser. What it lacks in formalism it makes up with in brevity and power-to-weight.

Now, I need to choose a host language. I’d like to pick Rust, but I’m not sure it has a ready-made GC solution right now, and I don’t want to go down that rabbit hole. That leaves C++, JVM, or OTP. Any thoughts?

1. 3

What kind of language are you looking to interpret/execute? The three platforms you mention all have really different tradeoffs.

1. 3

A Lisp-esque language under the hood with a non-Lisp syntax on top. Idea is the functional paradigm can subsume the other two big paradigms (imperative/logic). Can use the CEK machine for proper tail call handling, so that isn’ta requirement of the host. Big thing I’m looking for is a GC (whether lib or built-in) and a language I like that I can target it with.

2. 2

For rust, you can wrap everything in a Rc, or if you have multiple threads an Arc, or if you want tracing GC you can use this, or if you just need epoch-style reclamation there’s crossbeam-epoch or if you just need hazard pointers there’s conc. I’ve had a lot of success with crossbeam-epoch in lock-free systems I’ve built.

1. 1

Rc (and friends) would need cycle detection, no? Maybe the thing to do is just use Rc and do research on cycle-detection algorithms to see if they are hard or not.

I looked at Epoch and hazard pointers and wasn’t sure if they were ok as a general GC. I need to do more reading. Thanks!

1. 2

Yeah, you can create memory leaks with Rc cycles in rust. But this is rarely an issue in most use cases. Rust memory can feel a little confusing at first, but cycles tend not to come up once you learn some different idioms for structuring things in non-cyclical ways.

For example, if you want to build a DAG, you can quickly implement it with a HashMap from ID to Node, where ID is some monotonic counter that you maintain. Each Node can contain Vec’s of incoming and outgoing edges. You can implement your own RC-like thing that tracks the sum of indegree and outdegree, and when it reaches 0, you just remove the Node out of the containing hashmap. For the cases where performance or concurrency concerns rule out this approach (which are rare and should not be pursued until this is measured to be a bottleneck) you can always write Rust like C with unsafe pointers, Box::into_raw, dereferencing inside unsafe blocks, and free’ing by calling Box::from_raw (actually calling drop() on that if you want to be explicit about what’s happening, but it will be dropped implicitly when it goes out of scope). Use mutexes on shared state until… basically always, but if you REALLY want to go lock-free, that’s when you can benefit from things like crossbeam-epoch to handle freeing of memory that has been detached from mutable shared state but may still be in use by another thread.

Feel free to shoot me an email if you’re curious about how something can be done in Rust! I know it can be overwhelming when you’re starting to build things in it, and I’m happy to help newcomers get past the things I banged my head against the wall for days trying to learn :)

2. 2

FWIW, many languages written in C or C++ use arenas to hold the nodes that result from parsing . For example, CPython uses this strategy. I’m pretty sure v8 does too. So you don’t manage each node individually, which is a large load on the memory allocator/garbage collector – you put them all in a big arena and then free them at once.

1. 2

Save the earth , use C++ or OTP

1. 1

You also have Go and .NET Core as possible host runtimes.

1. 1

What about Nim? It seems to be a memory-safe language with low-latency GC, macros, and produces C. I mean, the Schemes are ideal if doing language building with LISP thing underneath since they start that way.

1. 1

It sounds like what you’re describing is similar to how interface types work in Go, although they’re polymorphic only over methods, not fields like in your example. If you have a “struct” (these are C++‘s structs, not C’s structs; they have a vtable attached) like

type Foo struct {
Name string
}


And a getter:

func (f Foo) GetName() string {
return f.Name
}


Then you can call this function with a value of type Foo:

func GetNameFromAnything(thing interface { GetName() string }) string {
return thing.GetName();
}


Like this:

func main() {
f := Foo{Name: "maxhallinan"}
fmt.Printf("%s\n", GetNameFromAnything(f));
}


Go is almost statically duck-typed; you can, in-line, say “this method takes anything that can give me its name,” et voila. The biggest downside, I think, and the biggest difference between what you asked in your question and Go, is that access to these members is mediated through a vtable. Because vtables only contain methods in Go, you have to write getters for the things you want to be able to access through interfaces, so there’s no true way to say “this method takes anything that has a field called Name on it”.

1. 12

Downloading and installing (even signed) packages over unencrypted channels also allows an attacker with the ability to inspect traffic to be able to take an inventory of the installed software on the system. An attacker could use that to his/her advantage by knowing which software, and its vulnerabilities, is installed. The attacker then has the exact binary and can replicate the entire system, tailoring exploits to the inventory on the target system.

1. 21

They cover this in the linked page; they claim there’s such a small number of packages that merely knowing the length of the ciphertext (which, of course, HTTPS can’t hide) is enough to reliably determine which package is being transmitted.

Perhaps doing it over HTTP2, so you get both encryption and pipelining, would get you sufficient obfuscation, but HTTPS alone doesn’t.

1. 2

I’m not sure how http2 helps. You still can generally take a look at traffic bursts and get an idea of how much was transferred. You’d have to generate blinding packets to hide the actual amount of traffic that is being transferred, effectively padding out downloads to the size of the largest packages.

1. 2

But figuring out which packages would require solving the knapsack problem, right? Instead of getting N requests of length k_i, you get one request of length \sum k_i. Although, now that I think about it, the number of packages that you download at once is probably small enough for it to be tractable for a motivated attacker.

2. 1

True. Given that each package download is its own connection, it wouldn’t be too difficult for an attacker to deduce which package is being downloaded given the size of the transmitted encrypted data. The attacker would need to keep a full mirror of the package repo (disk space is cheap, so plausible). I wonder if the same would apply to package repos served over Tor Onion Services.

1. 18

No images and yet better content than 95% of the medium posts I’ve read in the last few months.

1. 3

But memes are fun! Are you anti-fun?

1. 14

If memes are fun, I’m anti-fun

1. 1

I don’t mind the occasional relevant comic inserted in to text but if you have to put a meme in between every line then you need to stop.

1. 1

At work, I’m still trying to debug weird crashes in an open-source geometry kernel (vcglib), which is proving to be extremely tedious. Thank god for address sanitizer, at least.

Outside of work, continuing trying to get my sourdough down pat and consistent, as well as continuing work on my large-scale vertical pen plotter. This week, I’m trying to come up with the Jacobian that relates the lengths of the two chains it hangs from to its xy-position on the wall, so that I can start doing path planning in chain-length-space.

1. 2

I’ve been working on a motion controller for a giant vertical pen plotter (with a work area that tops out at around 400m^2), and I had been trying to get everything working with a BeagleBoard Black, but last week I tried to bring up the board only to discover that BBB are a pain in the butt and there are undocumented restrictions on how certain pins on the board can be used.

After all of the frustrations from last week, this week I’ve decided to scrap the BBB entirely and try to do a design with the ESP32, which I’ve been meaning to try out for a bit anyway. I finished the schematic yesterday, parts should be here by the end of the week and I can hopefully bring up the board and get some steppers stepping over the weekend!