1. 3

    I have “git ff” for “git merge --ff-only”. And “git lol” for “git log --format=oneline”.

    1. 3

      Ruby: It’s a good replacement for Perl, for writing short scripts.

      Emacs Lisp: Its syntax does let you parse it backwards unambiguously.

      Java: At least they’re trying to improve it.

        1. 4

          Aren’t the safety features designed to carry zero runtime cost? The costs are incurred at compile time, so I fail to see how performance of Rust programs would suffer compared to C due to any added safety.

          1. 2

            They have runtime cost because the language won’t let you write the most performant solution. And like, there’s mundane stuff like bounds checking.

            1. 5

              The language does let you write the most performant solution, you just might need to use unsafe, depending on what problem you’re trying to solve. I do a lot work in Rust on text search and parsing, for example, and I rarely if ever need to write unsafe to get performance that is comparable to C/C++ programs that do similar work. On the contrary, I wrote some Rust code that does compression/decompression, and in order to match the performance of the C++ reference implementation, I had to use quite a bit of unsafe.

              And like, there’s mundane stuff like bounds checking.

              Well, firstly, bounds checking is trivial to disable on a case-by-case basis (again, using unsafe). Secondly, bounds checking so rarely makes a difference at all. Notice that the OP asked “nearly as fast as C.” I think bounds checking meets that criteria.

              1. 1

                I wrote some Rust code that does compression/decompression, and in order to match the performance of the C++ reference implementation, I had to use quite a bit of unsafe.

                Why specifically? That kind of code is common in real world. Figuring out how to do it safely in Rust or with an external tool is worthwhile.

                1. 2

                  Unaligned loads and stores. Making it safe seems possible, but probably requires doing a dance with the code generator. That’s the nice part about Rust. If I want to do something explicit and not rely on the code generator, I have the option to do so.

                  It’s worth pointing out that the library encapsulates unsafe, so that users of the library need not worry about it (unless there’s a bug). That’s the real win IMO.

                  1. 2

                    That makes sense. I recall that some projects mocked up assembly in their safe language or prover giving the registers and so on types to detect errors. You thought about doing such a routine in a Rust version of x86 assembly to see if borrow checker or other typing can catch problems? Or would that be totally useless you think?

                    1. 3

                      It sounds interesting, and I hope someone works on it, but it’s not personally my cup of tea. :-) (Although, I might try to use it if someone else did the hard work building it! :P)

                      1. 3

                        I’ll keep that in mind. For your enjoyment, here’s an example of what’s possible that’s more specialist rather than just embedding in Rust or SPARK. They go into nice detail, though, of what benefits it brought to Intel assembly, though.

                        https://lobste.rs/s/kc2brf/typed_assembly_language_1998

                        They also had a compiler from a safe subset of C (Popcorn) to that language so one could mix high-level and low-level code maintaining safety and possibly knocking out abstraction gaps in it.

                      2. 1

                        “typed assembly language” makes me think of LLVM IR :P

                2. 3

                  Bounds checking almost never matters on modern CPUs. Even ignoring the fact that Rust can often lift the bounds-check operation so it’s not in the inner loop, the bounds-check almost never fails, so the branch predictor will just blow right past. It might add one or two cycles per loop, but maybe not.

              2. 4

                Or, in many cases: Rust.

                1. 0

                  I didn’t mention it for “more readable code” as question asked. Rust has a steep learning curve like Ada does. I didn’t mention it either. Neither seems to fit that requirement.

                  1. 1

                    Can you compare and contrast your own personal learning experience between Ada and Rust?

                    1. 3

                      Lots most of my memory to a head injury. It’s one of those things I don’t remember. I’m going to have to relearn one or both eventually. I have a concept called Brute Force Assurance that tries to reduce verification from an expensive, expert problem to a pile of cheap labor problem. The idea is a language like Scheme or Nim expresses the algorithms in lowest-common denominator form that’s automatically converted to equivalent C, Rust, Ada, and SPARK. Their tools… esp static analyzers or test generators in C, borrow-checker in Rust, and SPARK’s prover… all run on the generated code. Errors found there are compared against the original program with it changed for valid errors. Iterate until no errors and then move on to next work item.

                      I’ll probably need to either have language experts doing it together or know the stuff myself when attempting it. I’m especially interested in how much a problem it will be if underlying representations, calling conventions or whatever are different. And how that might be resolved without modifying the compilers by just mocking it up in the languages somehow. Anyway, I’ll have to dig into at least Rust in the future since I probably can’t recreate a borrow-checker. Macroing to one from a Wirth- or Scheme-simple language will be much easier.

                1. 2

                  It would have explicit conversions required, overridable prefix conversion operators distinguishing between failable and nonfailable, some convenient error handling syntax, tagged union types, and at least basic templates and overloading.

                  At least that’s without doing anything fancy.

                  1. 1

                    You want indices in C starting at 1?

                    #include <stdio.h>
                    
                    void main(void) {
                        char a[] = {1, 2, 3};
                        char *b = a-1;
                        printf("%d\n", b[1]);
                    }
                    

                    I love the reason they give here for zero-based is a CEO wants to race yachts.

                    1. 1

                      That’s undefined behavior.

                    1. 22

                      You really need to provide some examples of those comments, because it can be really hard to tell the difference between comment quality actually dropping and people just wanting to say “back in my day this was awesome and now it sucks”.

                      Especially accusations of trolling need to be substantiated better because the word tends to be grossly overused.

                        1. 24

                          It seems just about every comment you linked was received with polite, but firm criticism/sensible answers, and didn’t end up spoiling the thread or the community’s view. Now while it’d be great to not have these comments at all, I think those examples actually show the bigger picture - the high maturity level of the people in community.

                          Perhaps the lobsters software should be able to track repeated troll attempts from a single user and raise an alert for moderators to step in. One thing I’ve experienced from moderation of a few communities is that it is generally better to accept more users cheaply, and have stricter rules to kick them out if/when they misbehave.

                          1. 9

                            It seems just about every comment you linked was received with polite, but firm criticism/sensible answers, and didn’t end up spoiling the thread or the community’s view. Now while it’d be great to not have these comments at all, I think those examples actually show the bigger picture - the high maturity level of the people in community.

                            Amen. I agree, and this is why I don’t think censorship is needed.

                            Hacker News is heavily modded and it’s still a cesspool.

                            The best way to handle the problem of bad users is not to attract them in the first place. I think that we’re doing a good job of keeping the forum in a state that doesn’t attract the YC type.

                            1. 5

                              You are such a prolific commentator here, that one of the explicit benefits of HN (compared to lobsters) is that you aren’t there.

                              [EDIT] I stand by what I said above, but @angersock is right, I probably could have expressed it better. Some clarification: https://lobste.rs/c/01bj1d

                              1. 11

                                This is the sort of feedback that is best left to private messages, or that really requires further elaboration and generalization of principle in order to raise the level of discourse. Please consider either of those options in the future.

                                1. 12

                                  IMO, michaelochurch’s comments are a non-trivial portion of the low quality comments I’ve seen on lobsters. Virtually every single comment by him either insults entire classes of programmers with absurd generalizations or participates in revisionist history.

                                  This is the sort of feedback that is best left to private messages

                                  I generally agree. I’ve mostly stopped interacting with michaelochurch because all previous interactions have been remarkably negative. But if we’re going to participate in a meta discussion about the comment quality on lobsters, then it seems more than appropriate to air grievances.

                                  1. 9

                                    While I don’t always agree with michaelochurch’s comments, and sometimes they’re only vaguely related to the parent post (which can be disruptive), I think he’s a valuable member of the community. He holds a minority opinion on a number of issues, but argues them in a thought-provoking way. I’d hate to see lobste.rs as a community push people out because of contrarian viewpoints.

                                    1. 3

                                      I’d hate to see lobste.rs as a community push people out because of contrarian viewpoints.

                                      I wonder if you’d actually walk the walk too.

                                    2. 5

                                      Hm, I actually liked the “two types” of programmers comment made by michaelochurch and remember thinking “this guy can really write well”. It made me check out his blog and add it to my feed.

                                      But maybe that’s because what he wrote down agrees with my opinion?

                                      1. 5

                                        Virtually every single comment by him either insults entire classes of programmers with absurd generalizations or participates in revisionist history.

                                        While we’re on the topic of quality content and all, it would be great if you could back up your claims by quoting something Michael said and telling us why he’s wrong (or why it’s reasonable to get “offended” or upset by it).

                                        1. 3

                                          I provided links and have otherwise said enough. At this point, it’s up to folks to come to their own conclusions.

                                          1. 2

                                            I didn’t see anything wrong with what Michael said in the comments you linked to, so you definitely haven’t said enough.

                                        2. 3

                                          IMO, michaelochurch’s comments are a non-trivial portion of the low quality comments I’ve seen on lobsters.

                                          Generally, I think this sort of stat-waving is in poor taste, but I have a higher average karma-per-comment than you do.

                                          all previous interactions have been remarkably negative.

                                          You made the first personal attack, not me.

                                      2. 2

                                        You are such a prolific commentator here, that one of the explicit benefits of HN (compared to lobsters) is that you aren’t there.

                                        Banning me from HN was part of a larger effort. They forced Quora (which YC bought) to ban me. On Reddit, they used to attack me heavily with sock puppets and brigades. Then I started getting the death threats, including harassment from homeless on the street (presumably paid off by YCs; it is a common tactic) when I was in the Bay Area. On one occasion, those assholes tried to get me fired.

                                        I suppose you’re a fan of all that, too?

                                        If you wonder what I did to piss them off, I wrote a blog post in 2013 where I used the term “chickenhawk” to describe VC’s attraction to inexperience founders. I never mentioned Paul Graham once in that context, and did not have him in mind, but he took the post to be about him, and the rest is history.

                                        I’m sure, though, that you think you dislike me because you think for yourself and not because you’ve been told what to think by Paul Graham and his menagerie of boypets. Carry on, then.

                                        1. 17

                                          If you wonder what I did to piss them off

                                          You’ve conveniently left out some important details that might color one’s perspective. For an example of such a detail, see: https://news.ycombinator.com/item?id=10017538

                                          1. 1

                                            I have no idea what point you’re trying to make.

                                            1. 10

                                              I’d imagine the point was that you were warned by a mod to stop doing something and then banned after you kept doing it.

                                              Either those posts were not in fact written by you (which would be consistent with your accusation that they are trying to get rid of you by any means necessary), or you broke the rules of their private space and got kicked out for it.

                                              I’m not going to tell you they aren’t out to get you - I have every reason to believe PG would act like that - but the HN ban sure looks like more like regular old moderation than some kind of conspiracy.

                                              1. 2

                                                Either those posts were not in fact written by you (which would be consistent with your accusation that they are trying to get rid of you by any means necessary), or you broke the rules of their private space and got kicked out for it.

                                                The rules, to the extent that they can be argued to exist, are inconsistently enforced. People who point out that Silicon Valley has devolved into a pyramid scheme, and that Y Combinator is morally culpable to a large degree, are treated differently from people who aren’t perceived to represent a threat to Paul Graham’s economic or cultural interests.

                                                I’m not going to tell you they aren’t out to get you - I have every reason to believe PG would act like that - but the HN ban sure looks like more like regular old moderation than some kind of conspiracy.

                                                They definitely know who I am. I have a couple sources inside Y Combinator (they’re not all bad people).

                                                [ETA.] Oddly enough, Paul Graham isn’t as bad as he’s made out to be, and he’s been pretty much retired for close to 2 years. I wouldn’t call him a good person, but he’s not Hitler either. PG can be childish and vindictive, but the evil that YC is known for comes mostly from people under him.

                                          2. 7

                                            They forced Quora (which YC bought) to ban me. On Reddit, they used to attack me heavily with sock puppets and brigades. Then I started getting the death threats, including harassment from homeless on the street (presumably paid off by YCs; it is a common tactic) when I was in the Bay Area. On one occasion, those assholes tried to get me fired.

                                            What do you think would cause a diverse group of people across a number of sites to all attack you like that? They can’t handle the truth?

                                            1. 1

                                              It wasn’t a diverse group of people. It was a small number of people (maybe five). Y Combinator owns Quora, which explains the ban.

                                              The death threats could have come from anywhere, and although the Reddit brigade detected last April consisted of 45-70 accounts, it’s overwhelmingly likely in my mind that it was fewer than five people, working together and possibly in the same physical space (YC headquarters).

                                              Of course, I don’t know for sure, but I know how these people fight. It’s more likely that a small number of people are doing bad things than that there is a large conspiracy.

                                              What motivated them? It’s not that they “can’t handle the truth”. They know the truth. What they don’t want getting out there is how much of this current “startup” bubble is outright fraudulent, not only against employees and customers, but also against the institutional investors who provide the capital.

                                            2. 11

                                              You’re omitting a few details. You were banned from Wikipedia for sockpuppeting, you were banned from Hacker News for calling Marissa Mayer the C-word, and you were banned from Quora for repeated sockpuppeting.

                                              1. 10

                                                You’re omitting a few details. [.. snip ..]

                                                Uh.. I totally understand why you posted that, and won’t call it out for being entirely unreasonable given the way this thread (unfortunately) went. So don’t take this personally.

                                                But as a plea for the future, could we all please not dig up dirt on our community members? I really think it is one of the saddest things one can do here. And if we really have to judge somebody, then it should be based on their contribution here on lobsters. Not elsewhere, and definitely not over ten years ago elsewhere.

                                                There are multiple reasons for this. Through such external sources, we catch a glimpse of community drama and claims without context, with no way to verify these claims, with no way to understand the background. No way to know who’s lying and who’s saying the truth. That community might be toxic, and toxicity often breeds toxicity. I admit, I can be quite toxic on the trollfest that slashdot is. And the past is past, people can change. I no longer participate on slashdot.

                                                Along these lines, I can ascertain that when we have a nice friendly community here, then the people here are naturally encouraged to play along and be nice regardless of how they do elsewhere. That is what matters.

                                                But when people come in and bring personal grudges and vendettas and dig up dirt, they bring in the toxin from these other communities. It evokes negative feelings and it hurts, and when it hurts, it is easy to forget what a nice community we have here. And so the poison spreads.

                                                1. 9

                                                  But as a plea for the future, could we all please not dig up dirt on our community members?

                                                  If you peruse this particular community member’s comments, you will note that he speaks frequently of his past interaction with various folks. It at least seems clear to me from his comments that he’s quite willing to discuss the past and his interaction with communities he’s been banned from. He may very well be telling the truth about many things (as you say, there’s no way to know), but one thing is very very clear: he omits critical details that are terribly inconvenient to his narrative. If he’s willing to talk about it, then adding additional context to what he’s saying seems absolutely fair to me.

                                                  1. 3

                                                    one thing is very very clear: he omits critical details that are terribly inconvenient to his narrative.

                                                    I omit details that are irrelevant, regardless of whether they are favorable or not. It’s not like I post, “I’ve received death threats from YC partners” at every opportunity, because who cares? What would I gain from that? I come here to read and talk about technology, not this sort of shit.

                                                    I don’t talk about this stuff except when asked or provoked. The record shows that you, not me, are the one who turned this thread into a personal-attack-driven shitshow. And you owe an apology to the Lobsters community for doing it.

                                                    1. 8

                                                      And you owe an apology to the Lobsters community for doing it.

                                                      As I said, I could have expressed myself better. I never intended for anything I said to be a personal attack, but I can absolutely see how I came across that way. For that, I apologize to you. My intent was to express how unfavorably I view your contributions to this web site. Intent doesn’t count for much, but there it is.

                                                      In any case, I’ve learned from my mistake. This will be the last time I respond to you on this web site.

                                                  2. 9

                                                    In general I agree with you, but in this case I was responding to a comment in which Church claims he was banned from HN and Quora as part of a larger conspiracy against him (that includes YC paying the homeless to harass him). When someone makes a claim like that, I feel like I need to point out there were several clear reasons for why he was banned.

                                                    1. -2

                                                      “Point[ing] out” things that aren’t actually true isn’t a public service. It’s annoying and, frankly, you aren’t very convincing or talented at it.

                                                  3. -4

                                                    You were banned from Wikipedia for sockpuppeting,

                                                    That user’s hate page was debunked a long time ago. Most of those accounts don’t even exist. Granted, I did some stupid shit on Wikipedia back in 2004. Just not that.

                                                    you were banned from Hacker News for calling Marissa Mayer the C-word

                                                    Not true. I used a different word, “queynte”, specifically because some people consider “cunt” to be a gender slur when applied to a woman. The best translation of “queynte” would be “ornament”, not “crude term for vagina”.

                                                    you were banned from Quora for repeated sockpuppeting.

                                                    I am aware of that being their stated reason. However, those sock puppet accounts didn’t exist.

                                                    Back when I had an active blog, Marc Bodnick posted a comment putting the blame on Paul Buchheit who demanded it. Paul Buchheit denied it. I don’t know who’s responsible for that. What I do know is that Marc Bodnick got fired a few months later, because Adam D'Angelo specifically blamed his moderation for the collapse in user engagement and comment quality.

                                                    Please find a way either to become more intelligent, or to become more graceful in apologizing for what you currently are.

                                                    1. 9

                                                      Please find a way either to become more intelligent, or to become more graceful in apologizing for what you currently are.

                                                      What does that mean?

                                            3. 3

                                              I’d agree that the number of bad comments has gone up, but I’m not sure that the S:N has gotten worse.

                                              polite, but firm criticism/sensible answers, and didn’t end up spoiling the thread

                                              We have quite a low quantity of BS, so it’s relatively low-effort to refute (which keeps the place nice). There’s a threshold beyond which people stop being willing to invest time doing that.

                                              accept more users cheaply, and have stricter rules to kick them out if/when they misbehave

                                              My only concern with this approach (which works well in genereal) is that the failure mode is collapse (when e.g. a key moderator is absent for a few months and there isn’t suitable handover).

                                              If that were our approach, I think it would become important to recruit a larger pool of moderators to reduce this risk.

                                              1. 2

                                                Disclaimer: I’m one of the word-criminals listed above.

                                                I pointed out what I consider to be an obvious fact - that Common Lisp itself is not very practical, but didn’t want to go through the effort of trying to convince people of it. For example because if it’s not obvious to someone, he probably wouldn’t be amenable to convincing either.

                                                Someone who’s never considered CL impractical but does have an open mind, might benefit from seeing the idea, in case it led to him investigating and reaching the same conclusion himself.

                                                It seems just about every comment you linked was received with polite, but firm criticism/sensible answers, and didn’t end up spoiling the thread or the community’s view.

                                                Yes, someone asked the reasonable question: “Why?”, and someone else provided a great answer.

                                                All in all, which would you say caused a greater disturbance to Lobste.rs’s peace & harmony: my comment, or this thread? It could be argued that whoever started this thread is sowing discord!

                                                The thing is, we all interpret quality content and whether an article “belongs here” in different ways. Lobste.rs itself can reasonably be found highly lacking in greatness, even if it is better than HN in some ways.

                                              2. 8

                                                So, to summarize those examples for people that don’t want to follow links:

                                                1. Throwaway comment saying Clojure is more practical than Common Lisp.
                                                2. Comment asking why news about a suicide of a non-notable person is being posted to Lobsters.
                                                3. Comment expressing skepticism about EU competence on regulating crypto based on linked material.
                                                4. Comment (mine) tersely pointing out misuse of math tag and panning article source.
                                                5. Comment wondering why so many Julia Evans drawings (simple diagrams) keep showing up lately.

                                                With the possible exception of the first comment, those all seem like reasonable comments to me and are not particularly trollish (compared with, say, this or some of yui’s stuff.

                                                I think something worth considering is the content of articles all of those comments were in reply to: we need to all remember that a bad submission (like somebody deciding to kill themselves, or spamming pretty drawings, or public policy news) will usually breed bad comments, either asking “why is this here on lobsters?” or failing to have useful content for discussion.

                                                In short, if you submit garbage, don’t be surprised if you attract flies.

                                                1. 4

                                                  bad submission (like somebody deciding to kill themselves, or spamming pretty drawings, or public policy news)

                                                  I wouldn’t call any of those submissions bad. News about tech industry’s culture affecting people’s mental state, public policy related to tech and other “meta” articles are relevant to lobste.rs, in my opinion. The pretty drawings in question were educational and about tech. Although I didn’t necessarily like some of those submissions, they’re still on-topic.

                                                  1. 2

                                                    those all seem like reasonable comments to me and are not particularly trollish

                                                    IMO, not all low quality comments are trolls. I agree with the OP that comments like the ones linked are nearly content free, and I find it disappointing that they’re appearing on lobsters with increasing frequency. I don’t have any good solutions, unfortunately. Ideally, we as a group would discourage those sorts of comments from existing in the first place. Perhaps @nickpsecurity is right in that the only other choice is heavier moderation, but I don’t really like that choice either. sigh

                                                    1. 3

                                                      Three of them aren’t content free though–they are meta comments on the submission. There is a place for such comments and unfortunately they are necessary if we want the community to self regulate properly.

                                                      Perhaps the increase in bad comments you are seeing is due to an increase in bad submissions?

                                                      1. 2

                                                        Im pushing two: careful who you invite to point you audit prior comments or behavior (approximates friend-to-friend model); heavier moderation if discouraging specific behaviors that persist. I think the invites arent usually handled like in the first. Many were casting a wide net.

                                                1. 7

                                                  If it is off-topic enough you have to say it in the description, don’t post it .

                                                  Wait for the outage report, then post that. Good instincts, just follow them next time.

                                                  1. 6

                                                    I disagree. This is more than just Twitter. The Dyn DNS outage is breaking news.

                                                    1. 2

                                                      I could agree with that, but then the news is “Dyn under attack” not “twitter down”.

                                                      1. 3

                                                        Agreed. Unfortunately I can’t edit it once posted :/

                                                        1. 3

                                                          If I’m not mistaken–and this is just for future reference–I think you can usually poke one of the mods to help in this sort of case.

                                                    2. 4

                                                      There are 4 upvotes, so some people are obviously interested.

                                                      I agree though. The public post mortem will be a much more interesting post.

                                                      1. 1

                                                        “interested” is the threshold over at HN. We exercise a little more choosiness here.

                                                        If somebody posted a cartoon about the current election, I guarantee it would get up votes despite being woefully off-topic and toxic.

                                                        1. 19

                                                          We exercise a little more choosiness here.

                                                          As a member of the lobste.r’s community I haven’t given you permission to speak for me. Feel free to point out if you don’t think certain content is appropriate but don’t try to speak for me.

                                                          1. 1

                                                            Would you agree or disagree that submissions to Lobsters generally do not follow the simple “interesting to good hackers” metric that has caused spam to pervade HN?

                                                            I appreciate your point about not speaking for you, and I’m sorry if my wording caused offense.

                                                            1. 2

                                                              The problem with HN is not the “interesting” part, but the definition of “hacker”, really. Well, that’s a problem with HN.

                                                              1. 7

                                                                Please. Do you have any idea how long I spent browsing curated lists of editor configs? I know all about being a hacker.

                                                                1. 3

                                                                  But are you a growth hacker?

                                                                  1. 1

                                                                    You didn’t browse them from home, did you?

                                                                2. 1

                                                                  I had no problem with the submission. Anything that brings Twitter down for hours, the keyword being hours, is likely to be interesting.

                                                              2. 13

                                                                We exercise a little more choosiness here.

                                                                This is an interesting perspective, because I assume by “we” you mean the community at large, which has now posted many comments on the original story, and voted it to 8 points. Apparently we don’t want to exercise choosiness here. I didn’t upvote this, though I find the comments particularly interesting.

                                                          1. -3

                                                            I prefer x86 because it’s so much faster. My 2008 AMD desktop is faster than the 2016 Raspberry Pi 3.

                                                            1. 10

                                                              Not a fair comparison. A current iPhone, or an ARM server board, is probably faster than your 2008 AMD desktop.

                                                              1. -1

                                                                8 year advantage though

                                                                1. 1

                                                                  Consider pricing. It’s 35$ vs. whatever an Athlon 64 X2 cost in 2008.

                                                                  1. 0

                                                                    People are reporting me as a troll. Seems ARM vs x86 performance is a touchy subject on here.

                                                                    1. 5

                                                                      Yes. Clearly, that is the only possible reason the community are calling you a troll.

                                                                      1. 1

                                                                        Your comment may have been made in good faith, but it sounds trolly. Obviously desktop chips plugged into a wall outlet will have a huge advantage over phone chips.

                                                                        ARM vs Atom chips would be a more fair comparison.

                                                                        And of course, ARM wins on performance/power.

                                                                        1. 1

                                                                          As you scale up chip sizes and performance, power consumption is a draw. Decoding logic is a minuscule part of the chip.

                                                              1. 1

                                                                I’d call it a normalized index or coordinate, or in some other cases, parameter. It might be a good idea to reserve “coordinate” for continuously varying indices and build the type name around that.

                                                                1. 0

                                                                  Here’s a challenging proposition for some people:

                                                                  Write an article about static typing without mentioning Haskell or functional programming.

                                                                  1. 10

                                                                    Barnes wrote a whole book on it without those on a technology that systematically eliminates real-world errors with typing and restrictions. It also improved maintenance phase, esp integrations, given typing caught many problems.

                                                                    http://www.adacore.com/knowledge/technical-papers/safe-and-secure-software-an-invitation-to-ada-2012/

                                                                    Writings on Modula’s and Oberon’s show simpler languages whose type system caught errors C wouldnt while compiling faster. All kinds of compiler optimizations in the literature can use annotations, such as types, to improve performance on top of that. Models like Concurrent Pascal and SCOOP in Eiffel were also race free if it compiles.

                                                                    So, it’s well-established that strong, static typing has all kinds of benefits without the FP or Haskell references. Those are just getting more benefits from work on typing and provers than imperative programs. Among others.

                                                                    1. 3

                                                                      Why?

                                                                    1. 21

                                                                      This is especially timely with Apple supposedly polling MacBook Pro owners about whether they use their headphone jacks.

                                                                      Apple seems increasingly out-of-touch with the professionals that helped make them the brand they are. I guess that doesn’t matter if you can hook the large masses of casual users.

                                                                      1. 28

                                                                        Apple was always about incompatible standards and limited extensibility:

                                                                        • In the Macintosh 128K memory could not be upgraded, did not have expansion slots, and used proprietary ports.
                                                                        • The first iPod could only be synced using Macs and used Fireware.
                                                                        • While it may now seem normal, the iPhone had a proprietary 30-pin connector, while the rest of the industry used standard USB connectors.
                                                                        • By the time that everyone has 30-pin connector accessories, they decide not to switch to USB, but invent another proprietary connector (lightning).
                                                                        • The 2011 MacBooks only had Thunderbolt as a faster connector, while it was already clear that USB 3.0 would be the standard. 2011 users are stuck between slow USB 2.0 devices or extremely expensive Thunderbolt devices.

                                                                        It wouldn’t be hard to find a handful of other examples. (I am still upset about removing IR remote support ;).) Apple’s history is full of incompatibilities and oddball interfaces. The professionals made them the brand they are despite this (me included).

                                                                        1. 9

                                                                          The 2011 MacBooks only had Thunderbolt as a faster connector, while it was already clear that USB 3.0 would be the standard. 2011 users are stuck between slow USB 2.0 devices or extremely expensive Thunderbolt devices.

                                                                          It’s worth noting Thunderbolt 3 IS a standard, and can carry DisplayPort signals, and most interestingly, PCI Express. Unfortunately, only Apple put it in wide adoption. Now USB Type C is actually carrying Thunderbolt signals.

                                                                          While it may now seem normal, the iPhone had a proprietary 30-pin connector, while the rest of the industry used standard USB connectors.

                                                                          A few years ago, most PDAs have their own proprietary connectors, as well as most flip phones. It was only just around that time others started to switch to USB, and even then, the first time around, it was mini USB, which got replaced quickly.

                                                                          Apple does use proprietary ends, but they’re good about sticking with it for a few years. The 30-pin connector lasted around a decade, but I hope Apple switches to Type C across the whole line soon. The Macs at least are getting that way.

                                                                          1. 5

                                                                            The original Mac was basically a reaction to the more complicated buyer experience of PCs and other micros of that era taking simplification of the UX to an extreme. Maybe too far. If you look at the rest of those choices in the context of when they were made they tend to make sense though.

                                                                            • iPod Firewire: USB 1 was too slow to fill the drive in a reasonable amount of time and didn’t supply enough power to charge it in a reasonable amount of time.
                                                                            • 30-pin connector: Mini-B was the closest connector USB had but it didn’t support audio. Remember the horrible quasi-USB connectors on WinCE smart phones of that era? Same reason.
                                                                            • Lightning instead of USB micro: Lightning is mechanically far better, supports more power, and has lines for audio etc.
                                                                            • 2011 Macbook USB 3: Did many people really care? I never noticed.
                                                                            1. 2

                                                                              Mini-B was the closest connector USB had but it didn’t support audio. Remember the horrible quasi-USB connectors on WinCE smart phones of that era? Same reason.

                                                                              My Motorola Razr had a standard USB connection a couple of years before the iPhone became available. I didn’t use it for anything else than charging though ;).

                                                                              2011 Macbook USB 3: Did many people really care? I never noticed.

                                                                              I did. It sucked.

                                                                              1. 1

                                                                                Ah, the memories: http://shop.windowscentral.com/smartphone-experts-mini-usb-stereo-adapter/11A75A2373.htm

                                                                                Who else was shipping USB3 laptops at the beginning of 2011? I don’t remember what the rollout was like.

                                                                                1. 4

                                                                                  It took until Haswell in 2013 to make USB 3 a standard part of the chipset. Until then, USB 3 was a separate chip.

                                                                                  1. 2

                                                                                    I didn’t get a USB 3 laptop until late 2012. The laptop I bought at the end of 2011 was USB 2 only.

                                                                                    1. 2

                                                                                      If I’m not mistaken the i7 X220 (released April 2011), has a single USB 3.0 port - oddly, I thought they were more mainstream by then. According to Wikipedia:

                                                                                      Intel released its first chipset with integrated USB 3.0 ports in 2012 with the release of the Panther Point chipset.

                                                                                      1. 2

                                                                                        Yeah, only on the i7 model. Not the base i5 models. So that’s like a $200 USB port. :) Default USB 3 didn’t arrive until the 230 series more than a year later.

                                                                                        1. 1

                                                                                          Also the W520 had two, and the T520 didn’t.

                                                                                  2. 2

                                                                                    The article also mentions “floppy drives, serial, or PS/2 ports”, and “12” MacBook removing MagSafe, USB, and Thunderbolt”.
                                                                                    IMHO A single USB on a desktop or laptop is the single most annoying thing Apple does.

                                                                                  3. 11

                                                                                    They don’t even support ZIP drives anymore!

                                                                                    1. 5

                                                                                      This is especially timely with Apple supposedly polling MacBook Pro owners about whether they use their headphone jacks.

                                                                                      I always wondered why that sort of information isn’t collected among the people who opt in to share data. Knowing how often ports are used and how many devices are attached seems like a non-privacy invading thing to monitor when people opt in.

                                                                                      Maybe I’ll eventually get a laptop with the 8000 USB ports I need.

                                                                                      1. 2

                                                                                        Apple seems increasingly out-of-touch with the professionals that helped make them the brand they are.

                                                                                        I think you got it the other way around. Professionals use Macs because Apple is the brand that it is, which is because they make the right products.

                                                                                        Of course professionals will always believe they ‘made the company’ since that sounds nicer to them, but if Apple didn’t exist, would these professionals have ‘made the company’ of Dell?

                                                                                      1. 1

                                                                                        I have short passwords, usually, but a different password for every site. I’m not worried about somebody cracking a specific site, just that the damage be contained.

                                                                                        1. 29

                                                                                          I wish people would stop spreading this rubbish. Neither RFC 822 nor 2822 nor 5322 specify the syntax of an email address. Nor for that matter do any of the SMTP or even IMAP specs. What all of these do give is quotation mechanisms that allow arbitrary email addresses to be encoded in them, because both of them have to be capable of processing such email addresses.

                                                                                          An email address is a series of arbitrary UTF-8 characters* (the local or box part), followed by an @ character, followed by either a valid domain name or an IP address in square brackets (the domain part). Since “arbitrary UTF-8 characters” includes things like spaces, angle brackets, colons, and even other @ signs (the domain part is what comes after the last @ character in an email address, not the first) which have various special meanings in Internet mail format and in the SMTP protocol, the specifications for these provide quotation mechanisms to allow those characters to be included in the text content of an email address and be correctly parsed.

                                                                                          Thinking that the quotation format of RFC 822 et al specifies what a valid email address is, and asking users to input their email addresses pre-quoted into it, is like thinking that the syntax of HTML entities specifies a what a valid Unicode string is and asking users to provide all string input in forms with e.g. &amp; replacing &.

                                                                                          In practice, many tools get email addresses wrong. Most of the special characters that are theoretically allowed in email addresses will be corrupted by MTAs, be incorrectly parsed by IMAP servers or mail clients, or both. The best practice for email validation (that’s future-proof against the move to Unicode email addresses but otherwise unlikely to be corrupted en route) is probably to split at the last @, then check that the local part matches something like (Unicode) ^[^\p{Z}\p{C}]+$, ensuring there are no spaces or control characters in it, and the domain part is a valid domain name (including the possibility that it’s an IDN).

                                                                                          * UTF-8 since the introduction of SMTPUTF8 and the message/global MIME type; before that US-ASCII.

                                                                                          1. 2

                                                                                            This website is garbage, but if you want to validate or recognize email addresses, it is possible to do so without throwing your head in the sand and claiming it’s impossible. Basically, if you run software that interacts with a variety of email services and other databases that have email addresses, you’ll grow a regex that works. For example, you might need to accept "John Smith"@asdf.org or john.smith(comment)@asdf.org, and recognize that the comment is a comment, or possibly even that they are “the same” email address. (These are real world examples that I’ve seen, names changed.). Meanwhile, you also might need to reject other strings.

                                                                                            1. 2

                                                                                              The email addresses you gave are in RFC 822/2822/5322 format with quotation. The actual email addresses are

                                                                                              John Smith@asdf.org
                                                                                              john.smith@asdf.org
                                                                                              

                                                                                              You could also have written John (Jonathan) Smith@asdf(ghjkl).org or \J\o\h\n\ \S\m\i\t\h@"asdf".org for the first. It’s still the same email address and both are different from the second.

                                                                                              1. 1

                                                                                                Obviously they’re different, otherwise there’d be no reason to point out that they needed to be treated “the same.”

                                                                                                I don’t know what an “actual” email address is, the point is that email addresses with spaces do exist in the real world, in email servers and other systems. And if you need to make a system that accepts valid and rejects invalid email addresses, or even, gasp, RFC quoted forms of them, because that’s what everything stores and uses, it’s possible to do a really good job of it. And ^[^\p{Z}\p{C}]+$ won’t get the job done.

                                                                                                1. 1

                                                                                                  You shouldn’t be storing RFC quoted forms of email addresses. You should quote at the last step — actually inserting them into the relevant address list field, as with anything (that’s how we protect against XSS attacks in HTML, for instance).

                                                                                                  What would constitute doing a ‘really good job of it’ in your books?

                                                                                                  1. 1

                                                                                                    Look, email systems store and transfer email addresses in all sorts of RFC and non-RFC formats, sometimes in-band with other junk. (Thanks, Lotus.) You are the one that has to deal with it and decide whether a piece of data is trying to be a real email address or if it’s garbage.

                                                                                                    A ‘really good job’ means, say, even if every mistake results in a ticket being filed and a costly unit of customer service, you can process a few million unique fields from multiple systems purporting to be or contain an email address, with one “bug” revealed. (And plenty of “wrong but valid” fields, if they’re human edited.)

                                                                                                    If you revise your address extractor/validator based on real data, the time period between each bug keeps increasing, and in my experience it increases very non-linearly. On the other hand, if you build a validator from first principles without feedback from reality, it’ll have a higher error rate.

                                                                                                    1. 2

                                                                                                      Okay, I’m increasingly convinced that we’re talking at cross purposes here. I’m not talking about extracting email addresses from any ‘in-band’ data in documents etc.

                                                                                                      What I mean is that if you have a form field like

                                                                                                      <input type=text name=email-address>
                                                                                                      

                                                                                                      and a database column it goes directly into, you should not be asking users to input a quoted form of their email address in if it contains spaces or other special character. You should be collecting it in a raw, unquoted format. Then you can do the validation I suggested at the start of this thread.

                                                                                                      That applies equally if you’re writing a mail client, etc. Unless you’ve deliberately designed it so that users have to enter raw header data themselves (a bad idea imho) the email address as input should be in unquoted format, then your email writing code should apply the quoting itself.

                                                                                                      This is not least because SMTP has a different special character system from RFC 822. You have to be able to speak both to be able to send messages.

                                                                                          1. 2

                                                                                            Folks, I’m a gonna buy the book. What are the differences between the 1996 ed (2nd ed) and the 1984 ed (1st ed) and are they important enough to get the 2nd ed? Did the 2nd ed lose anything important? Thanks!

                                                                                            1. 2

                                                                                              Read the Preface to the 2nd Edition, it explains things.

                                                                                              1. 1

                                                                                                https://mitpress.mit.edu/sicp/full-text/book/book-Z-H-6.html#%_chap_Temp_3

                                                                                                This edition emphasizes several new themes. The most important of these is the central role played by different approaches to dealing with time in computational models: objects with state, concurrent programming, functional programming, lazy evaluation, and nondeterministic programming. We have included new sections on concurrency and nondeterminism, and we have tried to integrate this theme throughout the book.

                                                                                            1. 48

                                                                                              I have met many programmers that don’t like to code in their spare time, and that has reliably revealed them to be sub-par developers.

                                                                                              I loathe this attitude and find it absurd. Imagine saying the same thing about aerospace engineers, or physicians.

                                                                                              If you wanted to say something like “the traits that make a good developer include a boundless intellectual curiosity, and this can manifest itself in coding as a pastime or any number of other active learning hobbies” or something that’s fine, but please stop demanding that we all work outside of work.

                                                                                              1. 25

                                                                                                Yeah, it’s the same nonsense that says every developer needs to have an active GitHub (on which your abilities will also, of course, be judged). Some people (like me) like to program in their spare time, and do have an active GitHub. But this says nothing at all about how good you are at programming. A very good friend and coworker of mine is a much better programmer than me (we’ll often get to the same code, but he does it a lot quicker and easier than I do). He has a GitHub, but there’s barely anything on it, and he doesn’t often program in his spare time. You know why? He’s married, and has two young children that require a lot of his time and attention. If he were judged solely on his GitHub with the mindset mentioned above, you may think he’s a terrible developer not worth your time to hire, and thereby miss out on a really skilled and talented person.

                                                                                                1. 16

                                                                                                  It’s another sorting mechanism by which groupthink is enforced. It’s “culture fit” nonsense, no more no less, and not in any predicative of any actual ability to do the work required, unless that work is furthering the given culture.

                                                                                                  1. 9

                                                                                                    While I agree with your premise, I think of it a little bit more softly: nobody really knows precisely what makes for successful workers of various kinds, so people tend to select for “similar to myself”. When those actually-squishy, please-more-people-like-me criteria are treated as objective, that’s a really unpleasant cultural complex.

                                                                                                    1. 4

                                                                                                      It’s not predicative but it is predictive! The set of people interested in programming in their free time is better on average than the set that isn’t. For starters because they do more of it, also because they’re more engaged when they do it.

                                                                                                      1. 8

                                                                                                        If we refine this to “the set of people calling themselves programmers who are interested in programming in their free time”, etc, then I don’t think that’s true. I think this is a fair refinement, since 99% of the population can’t program, so your assertion is then true but not for the reasons stated.

                                                                                                        I think that the set of programmers who program in their free time is going to have a higher percentage of people who can at least write code that roughly works, simply because they’ve got more practice. There will be many more programmers in the latter set and some of them will produce a far higher quality of code than the median in the first set. I state this because many of the people in the first set are younger and less experienced programmers, not yet with families, who may be brilliant technically but haven’t yet learnt enough about maintainability or robustness not just against external vagaries but against less skilled programmers making unwise changes and catching them early.

                                                                                                        So “programs in their spare time” is a filter which will reject many people you want, but those who do get through will at least meet a certain minimum bar. If you’re not prepared to put the time in at recruitment to test beyond that, then you’ll get a monoculture and it may work for you. You can win in business/recruiting with this strategy. That doesn’t mean it’s wise.

                                                                                                        This then leads into broader issues of what should make up a team.

                                                                                                        1. 2

                                                                                                          This is an important part of the interviewing equation too: unless you really know what you need quite exactly, you’re using tests that are inexact: tests for things that correlate with or are proxies for the really desired quality/skill/capability. And when you find a good candidate, then you hope(!) that the correlation holds.

                                                                                                          I think that inability to accurately define the set of needed capabilities and unwillingness to train people of evident aptitude are the two cardinal sins for those who “can’t hire enough qualified people!!!!”; their punishment is they have to struggle on, somehow, staffing up with a subset of the people who could do the work.

                                                                                                      2. 5

                                                                                                        Exactly - in this and so many ways, everyone is different. There have been times when I have coded quite a bit outside of work, however for me this has often corresponded to my doing a job with relatively limited intellectual stimulation or new learning. I find myself now learning several exciting new technologies at my job and working in a relatively fast-paced environment where I am learning and being productive most of the day, most days. I don’t have a whole lot of mental energy left after a fully realized workday to spend hobby coding, but I am the best at my job that I’ve ever been.

                                                                                                      3. 7

                                                                                                        Agreed. I used to spend a lot more free time on programming-related hobbies. Then I had kids. If anything, my rate of programming self-improvement has gone up with less time spent on it, because I focus only on the most valuable things, not every shiny new toy that comes along.

                                                                                                        Of course, I also view it as part of my job’s responsibilities to explore different programming approaches as appropriate, so I get a decent bit of exploration built into my workday.

                                                                                                        1. 4

                                                                                                          “the traits that make a good developer include a boundless intellectual curiosity, and this can manifest itself in coding as a pastime or any number of other active learning hobbies”

                                                                                                          That’s a good way to put it. Similarly, when hiring technicians for our optical lab I have found asking if they change their own oil in their car has correlated with good fits for the job. It’s not that I wouldn’t hire someone who didn’t, it’s just that doing that lines up with some of the things that made someone excel at that roll: hard working, mechanically inclined, and good with their hands.

                                                                                                          1. 5

                                                                                                            When I hire people I ask them if they can do a switch hardflip. It’s not a dealbreaker but it definitely shows technical ability.

                                                                                                          2. 1

                                                                                                            Learning is self-reinforcing. Spending offhours learning reinforces your on hours learning. This advantage accumulates over time, it becomes obvious over time.

                                                                                                          1. 6

                                                                                                            That’s the trick about a lot of the modern languages…I just don’t know of any that I expect to be around for 50 years. So far only Fortan, Cobol, and C seem to hold that staying power. And MUMPS, for some godforsaken reason.

                                                                                                            Java was looking good, but with Oracle and the J2EE thing going down, maybe not. JS, Ruby, Python? Hell no.

                                                                                                            1. 13

                                                                                                              Ruby’s been around for 21 years, and Python for 25. It doesn’t seem unreasonable to expect them to still be around in another 25, even if they aren’t getting new language features and are just being updated to keep running on new OS versions.

                                                                                                              1. 6

                                                                                                                Lisp is 58. There will be Perl and TCL scripts around until cockroaches conquer the world, and I’m quite certain a few Rails 2.0 apps will still be puttering along for at least the next few decades, to say nothing of frankenstein upgrades of Struts and other Java frameworks.

                                                                                                                Things that are “old” in the computing world are still around not only because they are still useful, but because change is difficult.

                                                                                                                1. 1

                                                                                                                  The Lisp of today or 20 years ago is a different language from 50 years ago though. It’d be like if we called C# “InterJava.”

                                                                                                                2. 3

                                                                                                                  I fully expect someone, somewhere in 2066 to be writing virtual augmented social reality software on Mars with common lisp and complaining bitterly about how stupid and retrograde all the languages that the robots use to talk to one another are.

                                                                                                                  1. 2

                                                                                                                    common lisp

                                                                                                                    all the common lispers were purged by the believers of the One True LISP. Even knowledge of the false LISP is forbidden, how would you know of such thing?

                                                                                                                  2. 3

                                                                                                                    Heck no! In the mainframe world you find a bunch of them. As usual, it depends on what you consider ‘staying power’, but I would add to that list: PL/I, JCL, NATURAL/ADABAS, SAS and RPG (for the AS/400).

                                                                                                                    1. 1

                                                                                                                      Sure, sure, but that’s exactly the point, right?

                                                                                                                      All those languages had commercial support and customers that were willing to keep burning money to keep them alive. I’m not sure any of the modern languages have the same. A lot of academic languages–good languages!–died out and were supplanted. Python might well end up being Pascal, while COBOL trundles on.

                                                                                                                    2. 1

                                                                                                                      I disagree. Once a programming language is popular enough, it’s basically around forever.

                                                                                                                      In 50 years JS, Ruby, and Python will be in the same position as Cobol today. Nothing new and exciting going on, but there will be plenty of big systems that work well enough that are too big and expensive and risky to replace, but require maintenance and upkeep.

                                                                                                                    1. 1

                                                                                                                      You are being advised to use *((char*)mempcpy(dst,src,strlen(src)))='\0';, and to make sure that dst is big enough. mempcpy(d,s,n) is exactly the same as (void*)(((char*)memcpy(d,s,n))+n) but it might be faster.

                                                                                                                      1. 0

                                                                                                                        If I have to call strlen, why wouldn’t I just do memcpy(dst, src, strlen(src) + 1);?

                                                                                                                        and to make sure that dst is big enough

                                                                                                                        Basically,

                                                                                                                        len = strlen(src);
                                                                                                                        if (len >= sizeof(dst))
                                                                                                                                return FAIL;    /* or truncate */
                                                                                                                        *((char *)mempcpy(dst, src, len)) = '\0';
                                                                                                                        

                                                                                                                        How is this better than if (strlcpy(dst, src, sizeof(dst)) >= sizeof(dst)) return FAIL;? Yes, it fails slightly faster, but it succeeds slower, as you have to walk src twice.

                                                                                                                        And if I’ve checked that the source string fits in dst, why wouldn’t I just use strcpy at this point?

                                                                                                                        but it might be faster.

                                                                                                                        memcpy may be implemented as a highly optimized built-in. Is mempcpy implemented similarly?

                                                                                                                        1. 3

                                                                                                                          If I have to call strlen, why wouldn’t I just do memcpy(dst, src, strlen(src) + 1);?

                                                                                                                          If you have a char *buf, size_t n pair, you don’t know that it’s a nul-terminated buffer (really of length n+1) unless that’s promised. And you don’t want to have that promise, because it’s better for your API’s to be simple.

                                                                                                                          How is this better than if (strlcpy(dst, src, sizeof(dst)) >= sizeof(dst)) return FAIL;?

                                                                                                                          That code is lame anyway because it uses a fixed target size. You should allocate a buffer of the appropriate size. But if you really did need a fixed size target, then checking the length after copying, or trying to do the check and then the copy in one fell swoop, is more likely to evolve into broken code. If you do need a fixed destination size here is one good way to write it.

                                                                                                                          // len is already computed, it was a parameter.
                                                                                                                          if (len > sizeof(dst) - 1) {
                                                                                                                            return FAIL;
                                                                                                                          }
                                                                                                                          memcpy(dst, src, len);
                                                                                                                          dst[len] = '\0';
                                                                                                                          

                                                                                                                          Every line has its intention made clear and explicit, reducing the chance that refactorings break stuff. Also, using > (or <) is the more idiomatic length check.

                                                                                                                          One remaining problem here might be that if you have a real need for a fixed destination size, you probably also want to fill the unused space with a defined value, otherwise you’ll output uninitialized memory. (Thus strlcpy would almost never be useful when writing good code.) Another is the paranoia that a refactoring might make dst be a pointer, and so using sizeof(dst) is unnecessarily risky. I might declare char dst[FOO];, and use FOO in place of sizeof(dst).

                                                                                                                          1. 1

                                                                                                                            If you have a char *buf, size_t n pair, you don’t know that it’s a nul-terminated buffer (really of length n+1) unless that’s promised. And you don’t want to have that promise, because it’s better for your API’s to be simple.

                                                                                                                            Of course I do, it’s a C string.

                                                                                                                            I sense confusion here. There are two canonical ways to deal with sequences of bytes in C. One is a buf, n pair (let’s call it a buffer). A buffer:

                                                                                                                            • has length alongside the address
                                                                                                                              • takes len + sizeof(size_t) bytes in memory
                                                                                                                            • may contain any byte value
                                                                                                                            • copied and searched using mem*() functions
                                                                                                                            • output using *write()

                                                                                                                            The other is a C string, which:

                                                                                                                            • is nul-terminated, thus doesn’t need an explicit length
                                                                                                                              • takes len + 1 bytes in memory
                                                                                                                            • may contain any character except nul
                                                                                                                            • copied and searched using str*() functions
                                                                                                                            • output using *puts() or *printf()

                                                                                                                            What you seem to propose is that src is a buffer but dst has to be a C string for some reason. This assumes src doesn’t contain nul bytes (otherwise copying it to a C string would not make sense). I can’t imagine the case in which this would be useful.

                                                                                                                            That code is lame anyway because it uses a fixed target size.

                                                                                                                            Replace sizeof(dst) with dstsiz the variable in your mind. Besides, fixed buffer sizes are useful when you have no malloc(), e.g., in embedded environments.

                                                                                                                            You should allocate a buffer of the appropriate size.

                                                                                                                            If it’s a C string, I’ll just strdup(). If it’s a buffer, I’ll malloc() and memcpy().

                                                                                                                            checking the length after copying, or trying to do the check and then the copy in one fell swoop, is more likely to evolve into broken code.

                                                                                                                            Why/how?

                                                                                                                            One remaining problem here might be that if you have a real need for a fixed destination size, you probably also want to fill the unused space with a defined value, otherwise you’ll output uninitialized memory.

                                                                                                                            How? If I treat dst as a C string, I’ll output it using puts()/printf(), and it’ll stop at '\0'. If I treat it as a buffer, I’ll use write() and all the talk about string handling code is irrelevant anyway. (And if I fill unused space with nuls and am dumb enough use write() on it, I’ll output spurious nuls.)

                                                                                                                            (Thus strlcpy would almost never be useful when writing good code.)

                                                                                                                            It’s useful exactly as advertised: when you want to copy a C string to a buffer that either is fixed length or you can reallocate, and you either can tolerate or want to detect truncation (or actually want to truncate). On the other hand, I can’t see when mempcpy is useful. Especially the incantation with = '\0', which I find contrived and confused.

                                                                                                                            And if you know your buffer lengths and are so sure you’re writing “good” code, you can just use strcpy.

                                                                                                                            Another is the paranoia that a refactoring might make dst be a pointer, and so using sizeof(dst) is unnecessarily risky.

                                                                                                                            This is a valid point. But the code I wrote above was just an example; in real life, it’d probably be in a function that length is passed to.

                                                                                                                            1. 2

                                                                                                                              Look, you can pretend I don’t know how C strings work if that makes you feel better. Data that comes from program input doesn’t come free of nul characters, so the way you’ll want to treat that is with a length and size. If you want nul-free data as an internal API guarantee, well, you’ve probably got much more specific data hygiene problems than that, so C strings aren’t the solution. And using C strings internally will inhibit making refactorings to your program if you ever do need to allow nul bytes, or permit other refactorings.

                                                                                                                              Generally, the answer to all your nits and questions derives from the fact that you should write your code in a way such that it’s unlikely to be broken, and unlikely to be broken in the future. A good understanding of risk factors for how code evolves will answer questions like how the code should be written. It’s why you should check the length before copying and why you shouldn’t write mempcpy(dest, src, n) = '\0'. That memcpy code is not “contrived and confused” – those words don’t mean anything. A rational argument against that construct is that people reading it will have to look up what mempcpy does, and that it’s more likely to evolve into something broken because it obscures the fact that the nth character of the buffer is assigned '\0'. But the real meat behind the decision isn’t the just-so story about how it obscures information, it’s the weightings of these risk factors that you get from experience, and the cheap price of the alternative.

                                                                                                                              1. 1

                                                                                                                                Data that comes from program input doesn’t come free of nul characters,

                                                                                                                                There are perfect reasons to strip nuls from strings or assume they aren’t there, e.g., if you’re dealing with Unix filenames or e-mail addresses, or are handling strings from strerror or static strings you prepared, or in a myriad of other cases.

                                                                                                                                so the way you’ll want to treat that is with a length and size. If you want nul-free data as an internal API guarantee, well, you’ve probably got much more specific data hygiene problems than that, so C strings aren’t the solution.

                                                                                                                                If you’re talking about buffers, not C strings, what is

                                                                                                                                dst[len] = '\0';

                                                                                                                                doing in your code sample above?

                                                                                                                                It’s why you should check the length before copying

                                                                                                                                Sometimes truncation is OK, sometimes it’s even desired. But in most cases I agree.

                                                                                                                                and why you shouldn’t write mempcpy(dest, src, n) = '\0'.

                                                                                                                                At least we agree on this.

                                                                                                                                That memcpy code

                                                                                                                                Just to make sure we’re on the same page: I was talking about mempcpy.

                                                                                                                                is not “contrived and confused” – those words don’t mean anything.

                                                                                                                                Sure.

                                                                                                                                But the real meat behind the decision isn’t the just-so story about how it obscures information,

                                                                                                                                I wasn’t talking about obscuring information at all.

                                                                                                                                it’s the weightings of these risk factors that you get from experience, and the cheap price of the alternative.

                                                                                                                                Evidently, my experience leads me to different risk factor assessment than yours leads you. I’ve seen people treating the same fixed size char array† as a buffer in one place and as a C string in another (bzeroed prior to copying, too), confusing (here’s that word again) another colleague who decided to pass it to printf, just to have it blow up when a maxlen string got copied into it.

                                                                                                                                I understand why people don’t like C strings. But then they should treat their buffers as buffers all the way, always using a ptr, len tuple (and declaring ptr as a void * for good measure) and never terminating them with nuls, to avoid confusion down the line.

                                                                                                                                Now, if you do choose to use C strings, I don’t understand how strlcpy is “almost never useful”.

                                                                                                                                † Embedded code, RAM measured in kilobytes, no malloc.

                                                                                                                          2. 1

                                                                                                                            Yes, it fails slightly faster, but it succeeds slower, as you have to walk src twice.

                                                                                                                            You have to “walk src twice” anyway, or you have to know the size of the string.

                                                                                                                            Truncation is always wrong because it destroys data, and it creates security risks that are not obvious.

                                                                                                                            How is this better than if (strlcpy(dst, src, sizeof(dst)) >= sizeof(dst)) return FAIL;

                                                                                                                            For the reason given, and because programmers don’t use strlcpy “correctly”. I looked at the first three pages of uses on a GitHub search and none of them used strlcpy correctly.

                                                                                                                            memcpy may be implemented as a highly optimized built-in. Is mempcpy implemented similarly?

                                                                                                                            Yes.

                                                                                                                            1. 1

                                                                                                                              You have to “walk src twice” anyway, or you have to know the size of the string.

                                                                                                                              strlcpy walks src once.

                                                                                                                              And I still don’t understand why, once I know the string length and make sure it fits, I can’t memcpy len+1 bytes or strcpy.

                                                                                                                              Truncation is always wrong because it destroys data, and it creates security risks that are not obvious.

                                                                                                                              Sometimes you’re dealing with a Unix filename that cannot be longer than PATH_MAX. Sometimes you’re pushing data to a socket one KB at a time. Sometimes you’re copying a string to a 16 character wide LCD display (and if you truncate, you start scrolling, i.e., copy from src+1 200ms later, or just forget it). And sometimes you have no malloc, so you have no choice but to deal with truncation somehow. “Never say ‘always’”, or however that quotation goes.

                                                                                                                              I looked at the first three pages of uses on a GitHub search and none of them used strlcpy correctly.

                                                                                                                              Seems like many of these uses are legitimate, either copying static strings, or copying from a smaller buffer to a bigger one. And thanks Todd it exists, otherwise they’d use strcpy (or worse, strncpy). I also looked at uses of strlcat, and most of those either know their buffer sizes or check the return value.

                                                                                                                              But guess what, I went through three pages of mempcpy use, and it doesn’t seem to be used for strings outside of GNU libraries.

                                                                                                                              1. 1

                                                                                                                                strlcpy walks src once.

                                                                                                                                In buggy code. In code without bugs, you need to know the string length, either by asking strlen() (and reading twice), or because you already had it.

                                                                                                                                And I still don’t understand why, once I know the string length and make sure it fits, I can’t memcpy len+1 bytes or strcpy.

                                                                                                                                Once you know the string length, you do not need to use strcpy.

                                                                                                                                You can use memcpy with len+1 if you want.

                                                                                                                                Sometimes you’re dealing with a Unix filename that cannot be longer than PATH_MAX.

                                                                                                                                Truncating may now be a security hole, whereas before the system would generate an error.

                                                                                                                                Sometimes you’re pushing data to a socket one KB at a time.

                                                                                                                                You do not need to copy in this situation. writev() is better.

                                                                                                                                Sometimes you’re copying a string to a 16 character wide LCD display (and if you truncate, you start scrolling, i.e., copy from src+1 200ms later, or just forget it).

                                                                                                                                There are no LCD displays I’m aware of that do this. They either have a memory mapped register that reads from a particular address, a fixed buffer, or it is a serial interface. In every one of these cases, strlcpy() is inappropriate, and even in your case it’s not ideal.

                                                                                                                                And sometimes you have no malloc,

                                                                                                                                I don’t use the system malloc() because I care about performance, and strlcpy() has nothing to do with this.

                                                                                                                                “Never say ‘always’”, or however that quotation goes.

                                                                                                                                Except when it’s always.

                                                                                                                                Seriously.

                                                                                                                                Don’t use strlcpy().

                                                                                                                                But guess what, I went through three pages of mempcpy use, and it doesn’t seem to be used for strings outside of GNU libraries.

                                                                                                                                So what? Every single use is a correct use because it’s a better interface.

                                                                                                                                You don’t have to use a GNU extension, but you shouldn’t use a stupid API.

                                                                                                                                1. 1

                                                                                                                                  In buggy code. In code without bugs, you need to know the string length, either by asking strlen() (and reading twice), or because you already had it.

                                                                                                                                  strlcpy has a return value for a reason. I may want to check it. And I’d rather write two lines using strlcpy than four lines (or five, including variable definition) using memcpy every time, and optimize buffer walking for the more common scenario where it doesn’t overflow.

                                                                                                                                  Or maybe I actually want to bound the string, because I’m assembling an SMS saying, “failed to process your SMS:[as much of the failed SMS as will fit]” in a buffer that will be sent later. (Likewise, “Mail delivery failed, here are the first N KB of the original message”.)

                                                                                                                                  Truncating may now be a security hole, whereas before the system would generate an error.

                                                                                                                                  Maybe I got the filename from the system or another source where I know it’s valid, so it’s safe, and I use strlcpy as the last line of defence against future programming errors. Or maybe not, so I have to check the return value, avoiding an allocation and failing earlier.

                                                                                                                                  You do not need to copy in this situation. writev() is better.

                                                                                                                                  Unless I don’t want to block. Or I have a thread generating data line by line, and another pushing it to the GSM modem a kilobyte at a time, with some encoding in between, using static buffers on a device with 16KB of RAM (real life example).

                                                                                                                                  There are no LCD displays I’m aware of that do this.

                                                                                                                                  I may be copying the string for another thread to do the writing. And yes, I have a valid reason not to pass it the original string.

                                                                                                                                  I don’t use the system malloc() because I care about performance,

                                                                                                                                  I don’t get what you’re trying to say here. I was talking about the situation where no memory allocation is possible. But if you can’t tolerate string truncation and your system has memory allocation, you would want to allocate memory somehow, whether you use system-supplied malloc or not.

                                                                                                                                  (also, get a better system.)

                                                                                                                                  So what? Every single use is a correct use because it’s a better interface.

                                                                                                                                  So mempcpy, never used but always correctly, is better than strlcpy that prevents buffer overflows (which always are security holes, unlike truncation) but is sometimes used incorrectly? I disagree.

                                                                                                                        1. 5

                                                                                                                          A comparison between two interfaces that use in-band error values.

                                                                                                                          1. 3

                                                                                                                            This is not one rogue example that is easily addressed.

                                                                                                                            Is this some joke? s/anything reachable via global variables/anything reachable via global variables that the function actually uses/.

                                                                                                                            This example cuts to the heart of the problem, which is that understanding aliasing in the face of functions with potentially unbounded side effects is notoriously difficult.

                                                                                                                            Then bound the side effects!

                                                                                                                            1. 3

                                                                                                                              I have been enjoying the combination of gcc function attributes and splint static type checker. I can claim properties for function to inform the optimiser and check'em with splint.

                                                                                                                              However this is all painfully clearly a kludge and a band aid.

                                                                                                                              I’d ditch C, splint, C++ and C++ Core Guidelines for D in a blink of an eyelid given a chance.

                                                                                                                              These concepts of purity, safety, immutable, const, …. need to be carefully thought out, baked into the language and checked by the compiler.

                                                                                                                              1. 1

                                                                                                                                Yay! Another D enthusiast! There are dozens of us!

                                                                                                                                I can’t get myself into Rust. Maybe if D grows enough, we’ll be able to fix its stupid license.

                                                                                                                                1. 2

                                                                                                                                  I was not aware of any license issue?

                                                                                                                                  From the D faq.

                                                                                                                                  Is D open source?

                                                                                                                                  The front end for the dmd D compiler is open source. The back end for dmd is licensed from Symantec, and is not compatible with open-source licenses such as the GPL. Nonetheless, the complete source comes with the compiler, and all development takes place publicly on github. Compilers using the DMD front end and the GCC and LLVM open source backends are also available. The runtime library is completely open source using the Boost License 1.0. The gdc and ldc D compilers are completely open sourced.

                                                                                                                                  1. 6

                                                                                                                                    Read the license. It’s incredibly stupid. It says that you have to acknowledge that the software can’t be used after 1999 (stupid, but harmless) and that you can’t use it in life critical situations (stupid and actually problematic, as it’s not merely a disclaimer of warranty). It also forbids distribution unless you get permission from them, a clause that everyone that is forking it on github is violating. I am sure that each forker isn’t first getting permission before they fork.

                                                                                                                                    Yeah, it’s a good thing that it’s possible to replace the backend with free alternatives, but the reference implementation is what everyone tells newcomers to use and where most of the action is.

                                                                                                                                    1. 1

                                                                                                                                      Hmm, the mathematician in me says it doesn’t apply.

                                                                                                                                      The Software is not generally available software. It has not undergone testing and may contain errors. The Software was not designed to operate after December 31, 1999. It may be incomplete and it may not function properly. No support or maintenance is provided with this Software. Do not install or distribute the Software if you are not accustomed to using or distributing experimental software. Do not use this software for life critical applications, or applications that could cause significant harm or property damage.

                                                                                                                                      ie. The compiler backend is untested and unsupported, if running it could cause damage don’t do that.

                                                                                                                                      However the absolute worst I have seen a compiler backend do is fill up my disk and overwrite a file.

                                                                                                                                      So running that compiler backend on the computer that controls your local nuclear power stations is forbidden.

                                                                                                                                      Do not install or distribute the Software if you are not accustomed to using or distributing experimental software.

                                                                                                                                      Why would one have a compiler on your disk if your weren’t?

                                                                                                                                      However if I test (in a safe environment) the results created by that backend and satisfy myself that it works correctly and safely… No problem. Go ahead.

                                                                                                                                      Sure that license is legalese stupid… Which never stopped Java… http://www.oracle.com/technetwork/java/javase/downloads/jre-6u21-license-159054.txt

                                                                                                                                      You acknowledge that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility

                                                                                                                                      The Open Source advocate in me says, yup, I can see why Debian won’t distribute DMD.

                                                                                                                                      But since I want something I can cross compile to embedded systems DMD isn’t particular interesting to me, gdc is.

                                                                                                                                      1. 3

                                                                                                                                        No, no, the Java case is different. It just disclaims warranty. It just makes you acknowledge something. Stupid, but harmless. The DMD license actually says that you can’t use it under certain (stupid) circumstances. It says “do not install, do not use, do not distribute”.

                                                                                                                                        Anyway, that’s not the biggest problem. The biggest problem is the part where it says you can’t distribute it unless you get permission. What’s doubly stupid is that this part is getting routinely violated.

                                                                                                                              2. 2

                                                                                                                                Is this some joke?

                                                                                                                                The article states its point clearly: “but what rule would reject it?”

                                                                                                                                s///

                                                                                                                                Same difference. If you pass something to a function, it may use it.

                                                                                                                                Then bound the side effects!

                                                                                                                                potentially. C++ permits unbounded side effects.