1.  

    Nice to see you sharing all the knowledge that you got from developing sled

    1. 7

      That article is better than I expected. Judging by the title, I expected yet another rehash of mistakes made in C programs.

      It’s an interesting problem when the standard can’t afford to outlaw existing “working” code even when it works only by accident.

      This reminds me of the proposal for C++ to change priorities to be more forward-looking than backwards-compatible, which could lead to Google forking C++: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2137r0.html

      1. 6

        What’s crazy to me is that they can’t even put warnings up on existing code. The perspective of the article makes it sounds like correctness in C is basically a multi-party agreement to Look the Other Way. Yikes!

        Hopefully at least Clang and/or GCC will still add these warnings behind another flag?

        1.  

          A C compiler can add warnings, and many do, but they don’t enable new warnings by default because of the noise it introduces. My favorite example of this is clang—on a lark, I enabled every warning it has (I forgot the version, but this was in the past year or two). I got the warning “padding added to structure blah blah”. Okay, let’s switch to packed structures. I then got the warning “no padding in structure blah blah”. I just couldn’t win with clang. But I can see the rational for adding both warnings—it’s just that you have to pick one or the other but not both.

        2.  

          though that might change once google is completely switched go..

        1. 3

          I’m so happy to see them developing a great Linux app! It sounds like they’re using GTK for the UI, but it looks far more custom than I’m used to seeing. If anyone gives it a go, I’d love to hear about how the UI feels.

          1. 9

            I says it uses “React for a responsive component-based UI.”, wouldn’t that means it is an Electron app?

            1. 2

              Ah fudge. I missed that line. Hopefully this doesn’t mean they’re going to bring the web-based version to macOS or Windows. It’s possible it’s not using Electron though, which I hope is the case!

              1. 6

                It’s definitely Electron:

                $ dpkg -L 1password
                /.
                /opt
                /opt/1Password
                /opt/1Password/snapshot_blob.bin
                /opt/1Password/LICENSE.electron.txt
                /opt/1Password/1password
                /opt/1Password/swiftshader
                /opt/1Password/swiftshader/libEGL.so
                /opt/1Password/swiftshader/libGLESv2.so
                /opt/1Password/libEGL.so
                /opt/1Password/chrome_200_percent.pak
                /opt/1Password/libGLESv2.so
                /opt/1Password/resources.pak
                /opt/1Password/vk_swiftshader_icd.json
                /opt/1Password/chrome_100_percent.pak
                /opt/1Password/libvulkan.so
                /opt/1Password/v8_context_snapshot.bin
                /opt/1Password/libvk_swiftshader.so
                /opt/1Password/chrome-sandbox
                ⋮
                
                1. 2

                  This is disheartening. Hopefully it’s not an indication of future efforts for their native apps. Thanks for the confirmation!

                  1. 4

                    Taking several years Of non Linux support to finally ship an electron app is saddening…

                    1. 3

                      I mean, the economics point to making developing anything other than Electron apps from a business perspective a non-starter…

                    2. 2

                      chrome_100_percent.pak

                      I thought you edited this like “yeah that’s 100% chrome”

              1. 4

                The example given is quite extreme. Overall, I think verbosity isn’t necessarily a bad thing (look at vim for example).

                Also, if you’re into comments - just give an example of the input and output of such a Regular Expression. It would do most of the job, and if the reader knows just a bit of regex, they could figure it out, either by themselves or by using tools like regexr and regex101.

                1. 1

                  regex101

                  +1 for regex101, their test functions and also storage for your tests, so you can embed that as comment

                  1. 1

                    That might be a bad idea if you want your code to last longer than Regex101. Probably okay if it’s purely supplemental to your actual comment, though.

                    1. 1

                      true, but it’s just additional, with an easy way to verify & create it

                1. 1

                  Little bit sad that it comes from the developer that harasses people trying to package their software on BSD. Still a valid point though.

                  1. 4

                    There is just one compiler for Rust […] This avoids most of the fragmentation we see in C compilers and makes it much easier for the compiler and the analysis tool to give the same meaning to a single piece of code.

                    I’m not sure whether this is a good thing or not.

                    Having two implementations might be useful for differential testing. IIRC, this is how John Regehr found multiple bugs in LLVM and GCC.

                    1. 3

                      I’m not sure whether this is a good thing or not.

                      Let’s say it like this: It’s not as bad as many people make it to be. For the reason you outline, 2 compilers have their advantage. But there’s a pragmatic problem: is that a good enough reason now to build a second compiler?

                      Most people I spoke to, even in critical industries, see the low fragmentation as a good thing, currently and would love if it stayed on that side.

                      1. 2

                        Competition can be beneficial though. Look at gcc – it’s improved enormously in the last ~10 years, and at a much more rapid pace than had been happening previously. I think it’d be hard to argue that that wasn’t largely due to the sudden appearance of a serious competitor (clang). And between those two, while it does occasionally manifest in non-negligible ways, fragmentation is a relatively tiny issue since both tend to stick to mutually compatible language extensions and command-line flags (though the languages they compile are standardized to a much greater degree than Rust is – which is of course a very closely related issue).

                        1. 1

                          I’m no questioning any of that. I’m just not sure if it’s in any way realistic now, not that it is the best way to improve current quality. Building a compiler uses a substantial amount of resources. The current Rust team is ~250 people and runs quite a bit of infrastructure for quality control. A competitive compiler would need to muster at least a number of full time people to be built.

                          The language specification is a good example of that problem: there’s a desire to create one - but this will need industry funding. Not necessarily in direct money, but definitely in manpower. I see good chances on something like that happening, especially given that it would make the work of verification tool builders much easier.

                      2. 2

                        there are c implementations of rust to bootstrap the compiler at least, though they have a hard time keeping up with the pace of rustc

                        1. 3

                          Yep, mrustc. Looks like its continuing to do okay, actually, it says it compiles rustc 1.29 fine. It doesn’t do borrow checking though, just assumes that the input is valid; its goal is really to be able to bootstrap the compiler.

                      1. 7

                        The comic is very true. See also the movement for papers that can be verified (open data for AI models etc). Oh and I can tell you that you can be even declined from a conference when publishing a continuation of your previous work: “there is already a paper XY on that” “that is mine, that was the first publication on this, this takes it further” “bye, duplicate of XY”

                        1. 1

                          I am not sure I get what you are saying; you have cited the work in question and explained why your current paper is an improvement over the state of the art?

                          (OTOH, I agree, continuations are typically hard, because the bleeding edge research in some of the topics are of interest only to very few people until it filters down to the rest of the community, and it can be difficult to make the point why your current work is a significant advancement.)

                          1. 2

                            You don’t get to explain anything. You just get a deny from the reviewers that somebody else already published something about that stuff. Although they can totally see that the paper they referenced was also from you and they should’ve just read part of the paper to get the idea..

                            1. 2

                              Just to confirm; you do cite the previous paper in your related work and explain what you do new right? I have had the same problem as a submitter, but I have been also on the other side of the fence as a reviewer, and it can be hard to convince other reviewers that a paper is good when the new contributions are not clear.

                              In particular, what has worked best for me, is to start by mentioning your previous work in third party, in the introduction itself, and talk about how this paper advances from there.

                        1. 1

                          I use it to differentiate between the web interface and what the data collector does. Each of them has a different job.

                          Though it’s not very fine grained, they overlap at some places.

                          1. 2

                            That got really interesting. Also I feel stupid for not knowing about the WITH statement, will have to research if mariadb on debian is already old enough to support it.

                            1. 3

                              Ok this is far more detailed than I thought. Long read but worth it.

                              1. 3

                                The demo video is wild. Takes “redstone CPU in minecraft” on a new level ^^

                                1. 2

                                  Ah, a way to assure myself that my english isn’t good enough to see any difference ;)

                                  1. 23

                                    The story’s catching a lot of “off-topic” flags. I mostly left it up so there’s a single story people can click “hide” on because it’s clear we’re going to see this a dozen times in the next few days as news trickles out. Also, when this story was posted yesterday it wasn’t clear this was a social engineering rather than a zero-day, and we do consider those topical.

                                    Years ago we removed the ‘news’ tag. Still today, lot of ‘security’ stories are news because they’re about new vulnerabilities. This feeds back into my concern about the recurring idea to remove the culture/practices/etc tags. With a week to reflect on my response there, I think it boils down to: any time we decide to restrict topicality we amplify two problems.

                                    First, there are Big Event stories like this one that seem worth leaving up. Call it the “heckler’s promo”, because it’s the inverse of the heckler’s veto. A story effects the entire industry and will be submitted over and over, so we make an exception. We can bite the bullet and stop making exceptions, but we know submitters and some number of readers will be outraged at the removal of stories that feel so important in the moment or are so highly emotionally charged. This very often results in angry tweets and PMs to mods about how we’re removing stories to enforce our opinions about politics and business. Having evil motives endlessly imputed to us is personally draining, and more generally not great for the site’s reputation, so that’s why I harp on the need to be able to point to a clear, public standard such that even someone who is angry at having their story or comment removed can accept that it fell within the bounds. The other benefit of drawing a bright line is that it reduces moderator discretion, power, and potential mistakes. (Edit to add sentence:) The more clearly we can draw lines, the more confident users can be that they’re contributing well and getting treated fairly.

                                    Second, and much harder, stories often touch on multiple topics and it’s not clear where to say that it has so much of the tagged topic that it should be removed on that grounds. When it’s most of the story? Half? One sentence? Implied by popular knowledge about the topic? When it’s likely to prompt a rehash of a contentious topic? We give ‘security’ a pretty wide leeway on ‘news’ but entrepreneurship and business almost none. This problem benefits from having a bright-line rule for all the same reasons as the previous, and because people assume our definition of topicality is the same as other, more popular sites like r/programming and Hacker News. (And: we’ve gotten a lot of off-topic business stories in the last week or so, I don’t know what’s up with the spike.)

                                    Hope this helps explain why things look the way they do and is a useful framework for future changes.

                                    1. 2

                                      What about bringing about a off-topic or unrelated or breaking-news or squirrel tag for all these types of articles that people love to submit but don’t really fit? Too problematic in that it encourages people to submit them?

                                      Just wondering how people that want to bring up stories like this and enable those of us that couldn’t be bothered to care can both be appeased. Might remove some of those angry pm’s and tweets if you just go, moved this story to the spam category. Ooh there call it spam as the label. >.<

                                      1. 5

                                        Something like this gets proposed every couple months. I don’t see any reason it would fix anything; the discussion would only shift terms slightly from “why’d you delete this” to “why did you give it the tag of shame” with the same open questions about when to apply it, plus the comments there would show up on /comments, topics would spill over into other threads, etc. Maybe someone wants to take a page from the chat room playbook and run their own site with different rules that are closer to but still broader than Lobsters itself.

                                        1. 1

                                          It might encourage more submissions, but at least an ‘offtopic’ tag could be hidden by users and incur a hotness penalty.

                                        2. 1

                                          Cloudflare

                                          But why did @alynpost merge the twitter stuff with the cloudflare outage ?! that’s completely unrelated..

                                          1. 3

                                            I did accidentally conflate story submissions xbl6uc and uptmet and merging them was incorrect. It’s undone.

                                            1. 1

                                              Thanks :)

                                        1. 10

                                          Maybe people will reconsider using MiTMflare if we get a few more outages like this.

                                          1. 7

                                            Can you suggest some comparable services with better uptime or, failing that, better postmortems?

                                            1. 6

                                              What’s the use case you have?

                                              I just use … “my web host” (which happens to be Dreamhost, which does offer optional Cloudflare integration, but I intentionally leave it off). It has survived all the HN traffic news spikes just fine, as well as spikes from Reddit, lobste.rs, from an O’Reilly newsletter, and from what I think is some weird Google content suggestion thing (based on user agent).

                                              It has worked fine for 10 years. The system administration seems very competent. I don’t know the details, but they have their own caches.

                                              I noticed this guy said the same thing about Dreamhost: https://www.roguelazer.com/2020/07/etcd-post-follow-up/ i.e. that it’s worked for 15 years.

                                              I feel like a lot of people are using Cloudflare for some weird “just in case” moment that never happens. I’m not saying you don’t have that use case, but I think many people talking about and using Cloudflare don’t.

                                              To me Cloudflare is just another layer of complexity and insecurity. I would consider using something like it if I had a concrete use case, but not until then. Computers are fast and can serve a lot of traffic.

                                              1. 3

                                                The use case is free caching, and free bandwidth if you use some services for hosting (like backblaze). Which cuts down a lot of costs depending on the website you’re running.

                                                1. 3

                                                  Where is the original site hosted? Why does it need caching?

                                                  (I’m not familiar with Backblaze – is it a web host or is it an object store or both?)

                                                  My point is that, depending on the use case, you probably don’t need caching, so it doesn’t matter if it’s free. There is a downside in security and complexity, which is not theoretical (as this outage shows, and as MITM attacks by state actors and others have shown.)

                                                  1. 2

                                                    (I’m not familiar with Backblaze – is it a web host or is it an object store or both?)

                                                    Backblaze has a backup service, as well as a service called “b2” which is basically an s3 like object storage service.

                                                2. 1

                                                  For the use cases I’ve had, I have (we have) used Fastly, a local Varnish/Apache/Nginx, or Rails middleware. The goals were some combination of a) overriding the backend’s declared cache lifetime b) speeding up page response c) letting the client cache various things even if not cachable by intermediates.

                                                  Cloudflare combines all that with good DDOS protection and good performance globally. I can see how that’s an attractive feature set to many people, and while it’s a shame that VCs haven’t funded three dozen copycats, suggestions like that of @asymptotically that people just shouldn’t use it are stupid. It’s a fine combination of features, and telling people to just not want it, without suggesting alternatives, is IMO offensive and stupid.

                                                3. 4

                                                  I don’t think so. I think that Cloudflare’s offerings are very good, they got this whole thing fixed in 30 minutes and explained how they’re making sure nothing similar happens again.

                                                  The main problem I have with Cloudflare is their size. What good is a decentralised internet if we just connect through the Cloudflare VPN, resolve a domain via Cloudflare DNS and then get our requests proxied through Cloudflare?

                                                  I also hate the captchas that you are occasionally forced to do.

                                                  1. 3

                                                    the captchas that you are occasionally forced to do

                                                    Or all the time when connecting through Tor. Privacy Pass barely works :/ and it’s really silly that you need captchas to just view public pages! If they want to prevent comment spam and whatnot, why not restrict captchas to non-GET requests by default >_<

                                                  2. 1

                                                    DNS or anti-ddos? Doesn’t OVH have anti ddos-servers for example.

                                                    1. 6

                                                      Cloudflare is a CDN with DDOS features (and has some related products, such as a registrar). It offers quick page access anywhere in the world, excellent support for load spikes, and DDOS protection.

                                                      A lot of ISPs offer anti-DDOS features for their products (which may be a product like Cloudflare’s or a different one, like OVH), but the feature is often one that displeases the victim: Dropping packets to the attacked IP address until the attacker grows bored and goes away. I don’t know what OVH means by anti-DDOS and they description page sounds a little noncommittal to my ears.

                                                      1. 3

                                                        OVH’s anti-ddos will trigger on legitimate traffic and then people will say your website has been “hugged to death” when it’s just OVH that shut down all incoming connections.

                                                        1. 2

                                                          OVH, the service from which 1/3 of my current bot-attacks come..

                                                          1. 1

                                                            Okay. Never used their services myself and don’t know how bots affect their anti-ddos or DNS.

                                                      2. 2

                                                        My impression was BGP problems (specifically BGP leaks, I think) were not just a problem in a CDN like Cloudflare, but also allowed mistakes by small players to make huge numbers of people to temporarily lose internet access.

                                                        Is there a difference in what happened here, and if so, is it a difference of scale, or some other kind of difference?

                                                        1. 3

                                                          This incident is related to internal BGP, not eBGP, and could’ve happened with any internal routing protocol.

                                                      1. 24

                                                        Was fun to see all the “is it down” websites to be down.

                                                        1. 9

                                                          Super excited for Rocket on stable Rust. I hope that release comes out soon.

                                                          1. 2

                                                            WIll be interesting to compare rocket with actix-web, now that both can be used on stable. Was using actix-web until now, and except for path notations you already have a bunch of things like auto-deserializing of json etc.

                                                          1. 1

                                                            What exactly is “proc_macro_hygiene” ? I never understood what it does / why you need it.

                                                            1. 5

                                                              hygiene refers to creating new identifiers without colliding with anything from outside of the macro.

                                                              It allows macros behave more like functions with their local variables, rather than like C macros which can grab anything they want.

                                                              1. 5

                                                                The whole premise of this effort is not credible. There are far more reasonable approaches than rewriting everything in Rust™, for instance, in this case, just providing modern Fortran wrappers around the (assumed) FORTRAN 77 source. Then, implementing ISO C binding interfaces to these function in order to call the Fortran code from C, Python, Lua, … But then, it would’t have been Rust, right?

                                                                1. 3

                                                                  Frankly I think the analysis of whether the rewrite is justified is pretty impressive for an undergrad. It seems perfectly reasonable for a couple-semester research project or something of that scope, and sounds like they learned a lot of useful optimization info about the problem space of the program totally unrelated to the implementation language. How would providing language wrappers around the existing code have helped with threading, anyway?

                                                                  1. 2

                                                                    The wrappers may not be useful for threading, but instead, for providing a user interface, as the author didnʼt want to call ncurses from Fortran. Due to the original version beeing written in Fortran 90, parallelisation could have been added easily with Fortran 2003 intrinsic concurrency, OpenMP, or CoArrays.

                                                                  2. 2

                                                                    I noticed that you had some extra spaces in your comment. I can’t read it. Have you considered rewriting your comment in Rust? It would detect that sort of problem for you at posting time.

                                                                    1. 1

                                                                      Now you can simply provide a c-binding too.. And their job was to rewrite it, so I wouldn’t even bother explaining why you do it.

                                                                      1. 1

                                                                        Then, Fortran 2018 would have been a more logical choice for a port/rewrite. I mean, the field is still numerical simulations.

                                                                        1. 1

                                                                          I wouldn’t have rewritten it in Rust either; the author started with a Fortran 90 program. It has global variables but otherwise doesn’t seem that hard to work with.

                                                                          1. 2

                                                                            Depends, for example if you want to have rusts memory constraints or want new students to add features, you may want to move away from fortran. Even more in research, if I want to give less experienced people the job to add things.

                                                                    1. 3

                                                                      The conclusion mentions being happy with the performance improvements but the chart suggests they’re more or less the same. Did I miss something?

                                                                      1. 2

                                                                        Kinda faster for smaller inputs and overall same speed. When rewriting simulation code that was used for ages in fortran, a language we still rely on for pythons math libs, because it’s “unmatched” (and kinda is), I call that a win.

                                                                        1. 2

                                                                          Similar question was asked on reddit thread

                                                                          Well currently the researchers are using the Fortran version, but plan to use the Rust version for the range of inputs that are faster.

                                                                          I mean happy is probably putting it strongly, obviously I’d have liked to have achieved more, but any simulations that need to be run at that size can now be done significantly faster.

                                                                          1. 1

                                                                            I thought it looked like a “rounding error”.

                                                                          1. 3

                                                                            Nice post, desktop & app choice/taste are pretty similar but I never got to taste a mac. Nice to read it from that angle. And I envy your up to date KDE Plasma, I should start trying out Manjaro or NixOS :)