Threads for hackguy

    1. 5

      Why not just write it as a multiplication with 257, as usual and easily mathematically derivable for other depth transforms ((2^16-1)/(2^8-1))?

      256+1=257, so we can see the bitshift and added original value easily. This is not magic.

      1. 3

        Because bit shifts can be computed faster than multiplication. This is especially important in computer graphics contexts.

        1. 2

          Benchmark it. The compiler will probably turn the multiplication into bitshift+or anyway, or leave it.

          1. 5

            A quick check on quick-bench shows that it compiles to the same assembly with O3 on latest clang and GCC.

            1. 3

              You’re not wrong, but your test is broken. Both versions are just storing a constant into memory n times, because the value of small is known a priori, so the computation of big is optimized out entirely. The DoNotOptimize enforces that the value of big is considered “used” (otherwise the loop would have no observable effects and could be removed entirely), but movw $0x2727, 0xe(%rsp) is enough to satisfy that. It doesn’t force the computation of big to be executed.

              1. 1

                Ah, you are right. I redid the code by making small a random number continually changed each pass of the loop. It does still come out to the same assembly with either implementation but now the all important shl $0x8,%eax is there.


      2. 3

        That’s a cool way to think about it, thank you for bringing it up. I think both direct bit copying and multiplication need an explanation anyway if you aren’t familiar with the problem and its solution, so it’s not clearly a win clarity-wise.

        When it comes to performance, well bit operations are always fast so at least you’ll get a peace of mind when opting for those, even if it doesn’t matter in the end.

      3. 2

        I played around with this and seems like you can’t do it with multiplication if the high bit depth isn’t divisible by the low one. For example RGB565 pixel formats are common and you need to expand 5-bit channels to 8-bit ones to display them on screen.

        I don’t think you can do that with integer multiplication because you need to “fill” 3 low bits and you only have integer factors of a 5-bit number at hand. I added a mention to the article.

      4. 1

        Multiplying by 257 looks like magic (although less so if you write it 0x101 or 0b10000001). Shift-and-or tells you exactly what you really need to know: 00 becomes 0000, FF becomes FFFF, everything in between is monotonic.

    2. 2

      Neat! I love how the integer endianness is exploited to be able to store a small string contiguously. I wonder, would swapping the order of prt and len be enough for this trick to also work on big endian architectures?

    3. 7

      Curious to know what’s your (you, the reader of this comment) take on why it’s OK to not “misbehave” as the OP puts it. Ego? Hope that your good deeds will be rewarded?

      Because I certainly - like the OP - feel inclined to “behave,” but - also like the OP - I can’t really come up with a good argument for why one should do so. Certainly society teaches us that “behaving” is righteous and “misbehaving” is not, but I suppose I never took the time to question why we value good behavior.

      1. 8

        A sense of personal integrity. I’ve never intentionally done bad work, though I admit I’ve put in less effort that I could have at times when the company has been particularly dysfunctional.

        I feel good when I do something well. Maybe other people are wired differently, but I’m not convinced. My happiness and satisfaction is something I can have a huge influence on - why would I willingly do things that are less satisfying just as some form of… revenge?

        1. 3

          But sometimes the amount of effort to be able to “do something well” far outstrips the benefit you get, and risking your job by taking risks is also not something everyone can afford. Doing as your told is always safe and less effort, so it can be an easy pattern to fall into especially in dysfunctional situations such as you find at every large company

      2. 6

        Very hot take:

        I think in this situation it’s not just OK, but mandatory to misbehave - for the sake of the company. The more people misbehave, the more legible the outcome is. People with honor and pride muck everything up.

        It’s like how neural networks “want to work”, so you can make terrible bugs in your training and eval code and your network will adapt (badly). Or how Bing (GPT-4) will google a query, then ignore the result if it disagrees. To a certain extent, doing a bad thing if it’s implied by the system you are embedded in can lead to better outcomes, because it creates a more legible optimization signal.

        (For the same reason, homeowners who charge less rent than the market will bear are problematic rather than benevolent, because they distort and lengthen the feedback cycle between city regulations and city elections.)

        1. 4

          Interestingly, I came to this conclusion through a somewhat different route. In my case, the signal I needed to send was accomplished by obeying objectively awful policy and other management decisions which would cost productivity even while productivity targets were raised. The incentives for going above and beyond actually were quite good, but they weren’t enough for what the business appeared to expect, and a big part of that was that they didn’t seem to be aware of the costs of their other decisions.

          But it’s ultimately for the same reason - heroism is not a sustainable resource as a foundation for a business plan. Burning myself out by working out of hours to make up for time lost to boneheaded leadership choices is only a short-term viable way of meeting all the expectations put upon me as a worker, and if I did so while telling leadership why their decisions were wrong, then in their eyes I’d be self-evidently a liar.

          Ultimately, it’s best to confront organizations with the honest reality of the consequences of their decisions. You can’t just tell them verbally because you can’t talk to an organization, just your manager or someone else’s. The signal has to be sent on a channel the organization actually comprehends so it can respond accordingly with a policy change, contract renegotiation, or whatever is needed to align what it actually wants with what it’s doing.

        2. 2

          This fails the universalising maxim.

          1. 5

            I don’t think it does. The whole point is to universalize economic self-interest.

            A separate argument: a society where everybody is nice can work. A society where everybody is thoroughly self-interested can also work. But a society that mixes the two will unfairly distribute load onto nice people. So the problem is exactly a lack of universalization.

      3. 5

        My pet theory is that we have developed a deathly fear of being abandoned in those couple hundred thousand years we lived in packs. So we try to make others like us by being proactive and helping them. This obviously brutally backfires in a mostly transactional economy.

        In other words, it is your built-in sense of insecurity that drives the need to give your best. And capitalism does not reciprocate. The only meaningful way forward (without going insane) is to figure out how to help individuals (ideally those who tend to reciprocate) around you.

        That could have many forms. From “how to make sure we are not detected while silent quitting” to “how to make sure we are not woken up in the middle of night by a bug” to “how to start our own co-op and ditch the corp” and so on.

      4. 5

        I think some have already pointed this out, but personal professional development is a thing. What might not get you a bonus might give you experience for the future. And sometimes it just feels right, and you feel satisfied with yourself for doing the “right thing”.

        Now, I realize the OP is talking about a workplace that does not appreciate the extra effort of their employees, but that does not hold for all such positions. Sometimes you know your boss/leader can and will appreciate you efforts and will make sure you’re rewarded one way or another.

      5. 4

        Hope that your good deeds will be rewarded?

        Frankly, that tends to work for me. It’s not an immediate gain, but I do notice it years down the line.

        I remember a case when a co-worker was the “misbehaving” one. I was okay with him doing that – no incentives, no extra effort. I kept doing my job as I thought it should be done, and after a while, when my wage was raised, my co-worker’s wage was lowered (legally). I don’t think he held it against me (I don’t feel like I set him up or anything), but it stuck with me as an example of how “behaving” does occasionally get rewarded, while “misbehaving” is indeed being noticed.

        There’s been other cases like that too – me putting the effort in and another co worker “coasting” for years, and then between the lines of the conversation noticing that he gets paid a fraction of what I do, being noticeably unhappy about it, and yet I knew that I not only got decent raises whenever I asked, I’d get raises and bonuses even if I didn’t.

        I remember these examples, and with good old cynicism (and some naivety) I assume that if I work near the full extent of my abilities I’d get more money in the long run and get more leverage in negotiations than the other folks. So far it seems to be working.

        1. 7

          Sounds like your coworkers would be more effective if the company were more forthright about compensation?

      6. 1

        I think one of the incentives is not getting fired. Specially when there are PIPs and curves that you get fit into. If you are just mediocre and doing bare minimum, there’s a high chance that you will be at the bottom of the curve.

        1. 8

          There’s an assumption in your last sentence that the company is capable of effectively judging performance. In my experience, they aren’t.

        2. 1

          I’d like to believe this too. Despite being assured I was meeting expectations at work, I still felt pressure from the voice in the back of my head to work harder so I wouldn’t be laid off. But I also believe this comment from olliej. And I anecdotally have seen a coworker or two do practically nothing (or - somehow - negatively contribute!) and not get fired because the people who should have fired them were too busy or ignorant or policy made it hard to let them go.

          But let’s say I weaken my comment. Maybe it’s a bit of a leap for me to go from goody two-shoes to Homer Simpson. What about the person OP wrote about who is not plugging a 100k/mo leak? They aren’t exactly “misbehaving” if it isn’t their problem directly. That said, if I saw and knew how to fix something like that, I would point it out. Do you think my inclination to do this is justifiable, knowing that at best I’ll likely get somewhere between a pat on the back and a percent of the /year savings and at worst I’ll perform worse because I’m encumbered by patching the leak?

          I feel like a lot of the stories I read growing up extolled this kind of greater… virtuosity? Like the lazy grasshopper dies when winter comes. I sort of hope that it’s just confirmation/survivor bias and these misbehavers are very uncommon - and like you suggest, the majority of them get fired quickly.

    4. 2

      The following distinction rubs me in a wrong way:

      RSA is an asymmetric public-private key scheme where we distribute a public key, and we keep a private key. Only the private key can decrypt the material encrypted with the public key.

      Elliptic Curves on the other hand uses symmetric encryption. This means that the key encrypting something, and the key decrypting something uses the same key for both these tasks.

      If I remember correctly, encrypting material with the public RSA key directly is considered bad practice, and instead a random key for symmetric encryption should be generated and encrypted using the public key. This way, RSA should also use symmetric encryption, even though the scheme is inherently asymmetric.

      1. 1

        If I remember correctly, encrypting material with the public RSA key directly is considered bad practice, and instead a random key for symmetric encryption should be generated and encrypted using the public key. This way, RSA should also use symmetric encryption, even though the scheme is inherently asymmetric.

        I’m no cryptographer, but quickly skimming Wikipedia says

        RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data. More often, RSA is used to transmit shared keys for symmetric-key cryptography, which are then used for bulk encryption–decryption.

        Which to me sounds like the accurate position. It’s not really bad practice, it’s just very slow.

          1. 1

            Heh, well I should probably have kept the “no cryptographer” disclaimer in the blog post :)

            Reading this I do think the RSA implementation as used in age-plugin-tpm is sane, the age plugin design uses wrapped x25519 keys to encrypt the actual plain text. You avoid the 256 byte message limitation in RSA OAEP, but I’m not sure about the forward secrecy aspects on the top of my head.

            1. 3

              Static-Ephemeral X25519 is only forward-secure from the sender’s perspective. If you want forward secrecy on both ends, you need an authenticated key exchange (e.g. X3DH, which I’ve implemented in TypeScript).

        1. 3

          It’s not really bad practice, it’s just very slow.

          It’s bad practice because if an attacker gets the private key, you don’t have any forward secrecy. With a good scheme, even if they steal your key, they can’t read your old messages because the symmetric key has been lost to time.

    5. 1

      Learn a bunch about linker scripts, to hopefully get something running on an RV32I core I implemented in Logisim.

    6. 1

      Interesting, I hoped for more details about how it works, but I guess I’ll wait for their announcement.

    7. 9

      How do JavaScript and Python, the 1st and 4th most popular languages in the entire world, have an asterisk next to “ubiquity”? I guess it’s a waste of time to nitpick clearly arbitrary standards in these checkmark feature tables but still, that stood out as being obviously factually incorrect. Perl is way, way down that same list.

      Edit: okay, I see what they mean by ubiquity is “comes pre-installed”. Disregarding that every web browser in the world is a javascript development environment, searching online shows that perl is starting to lose its default install status among newer linux distributions. FreeBSD also intentionally worked to remove it. Seems to still be present on newer versions of macOS, not Windows though.

      1. 12

        Seems to still be present on newer versions of macOS

        It will be a challenge for macOS to stop shipping Perl, since they’ll have to first reimplement their libc’s wordexp which currently uses perl:

        1. 2

          Ah yeah, the line noise style of C programming where every variable name is abbreviated to be illegible.

          No idea what this does without spending serious time going through it.

      2. 3

        Exactly, with Windows being the most popular desktop environment by far the “it is installed by default everywhere” just doesn’t hold up.

        1. 2

          What would be the most default-installed language if one is interested purely in Windows-based platforms? I don’t use Windows myself but I’m genuinely curious if I’ve missed a more ubiquitous alternative.

          1. 6

            PowerShell, in newer versions of Windows.

            1. 4

              Let’s not bring up the batch language because it is bad.

              PowerShell has come with Windows since 7 sp1.

              Windows Scripting Host has shipped with Windows by default since 98 (was available for 95 but not in the default install) and it comes with VBscript and JScript.

              I believe JScript is a faithful implementation of ES3? ES3 sucks, but it’s a version of ES good enough that you can do all the “JavaScript: the Good Parts” things in it. It’s amenable to structuring data at least.

              I have tried using WSH JScript for some one off task just once to see if it was any good (I think mass renaming mp3 files according to a pattern or something) and I can’t remember anything about the experience other than that a) it worked and b) I think the APIs exposed to it for filesystem and stuff are all synchronous, no callbacks. Seemed reasonable for light accepting.

              1. 3

                You’re conveniently leaving out that every version of Windows shipped with a different version of PowerShell, sometimes SPs were adding a new one and the longer you went back the less features it had. To the point of providing a curl alias that did not behave like curl…

                We tried to replace our batch script for Leiningen with PowerShell but just a few days of testing on all Windows machines I could get a hold of were so sobering that we shelved it.

                It’s a nice idea if you’re operating a fleet of systems with a defined feature set, or are even able to roll out a certain version - but to just hand a random user on the internet a PowerShell script and assume it will work? Nope. Even if that should be better now (who knows?) with just Win10 and Win11 supported, you still have to make them silence the warning that they should not run bad code from the internet.

                I was very surprised about the cool features in PS, way back when they showed it for the first time, but I think to every non-Windows-Admin it will be a niche, if I go by the last.. 15 years or so.

                1. 1

                  Ah, I only mentioned a release timeline for PSH because I wanted to point out that WSH is older and more widely deployed. :)

            2. 3

              I think it starts with an older version of powershell, though.

          2. 2

            Batch still works too. It has loops, conditionals and subroutines. I think that must qualify it as a kind of language. A lot of the concepts that I’ve used in Python and C, I first came across in batch scripts.

            It might be primitive, but you can also execute other programs from batch scripts, so you can make some amazing things happen. You can even add a GUI.

          3. 1

            Windows doesn’t really come with anything “good” installed, unless they recently started installing the latest Powershell. Your best bet is to install Python.

            1. 4

              It comes with a web browser where you can run JS ;-)

        2. 1

          I think Android and iOS both have similar installed bases to Windows these days and I don’t believe either comes with Perl installed either.

      3. 2

        I believe Perl is still used in OpenBSD as part of the build process.

        1. 2

          I don’t think anyone will move to change that anytime soon, either.