Maybe the author is a selfish asshole with no appreciation for others, but I value humanity over productivity. GenAI guys are hard for slop and consume for consumption’s sake, like a capitalist psychosis.
A piece is left out. It’s the expectation that there will be a market for these hand crafted computational artifacts, like there is a market for hand-crafted luxury physical items and people are willing to pay more.
There won’t be a market.
Yeah, fuck you, pal. I’ve paid for Free Software and I’ll happily pay for hand-crafted software.
It was pretty harsh, I’ll admit that was an unfair thing to say. His post made me angry and I commented heedlessly. My point still stands - he doesn’t value creation, he values creations: the work of individuals is incidental and can be dismissed. I can’t elaborate just how vile a worldview this article presents to me.
OK, I’ll bite. I agree with what the author says about “artisanal software.” I don’t see what’s vile about viewing it as not inherently more valuable.
I think any hard work a human does is commendable. I respect people who memorize digits of pi or can solve a Rubik’s cube fast by hand. Even if machines can do both with more accuracy or speed, I don’t see why the human achievement shouldn’t be lauded.
But supposing I wanted several thousand digits of pi or my Rubik’s cube to be solved – and that a machine would do it cheaper – I wouldn’t hesitate to pick the machine. I don’t think it’s unreasonable for these people to then be out of a job if a machine obviates them.
BUT, this is in a hypothetical where I am asked to choose abstractly between machine-created and human-created software.
If in the present you asked me whether I would pay more for “handmade software” then I absolutely would because I would trust it far more.
If the reliability problem of AI-generated code is solved, then the question for me is an ethical one – assuming (not unreasonably) that the AI-generated software of the future continues to amass ethical concerns. In that case, I would argue that the author should not call it “artisanal” but rather “ethically-sourced”. And I should hope that we as consumers try to prefer the latter.
It is not about Rust, it is not about Assembly, nor ARM64 vs. RISC-V…
Just:
$ man setenv
...
ATTRIBUTES
For an explanation of the terms used in this section, see attributes(7).
┌─────────────────────┬───────────────┬─────────────────────┐
│Interface │ Attribute │ Value │
├─────────────────────┼───────────────┼─────────────────────┤
│setenv(), unsetenv() │ Thread safety │ MT-Unsafe const:env │
└─────────────────────┴───────────────┴─────────────────────┘
n.b. MT-Unsafe
Environment variables are a simple interface between the parent process (the environment) and the program being executed. Not a dynamic global thread-safe map.
Note that this is only true on the platform where you obtained that manual page. The people who wrote the implementation have made a choice not to make the interface safe.
If you look at https://illumos.org/man/3C/setenv ours is MT-Safe, and there’s really no reason that every other libc couldn’t make the same decision.
BTW: Does Illumos have independent env for threads or shared by whole process (and just thread-safe)? It might be useful or not… However at current state (env is usually not only shared but even MT-Unsafe), it is just a bad design if someone recklessly modifies env in a multi-threaded program or if a library can be parametrized only using env and does not provide any other per-thread configuration (like functions or thread-local variables).
The environment is definitely per process, not per thread. FWIW, I don’t think setenv(3C) is a good interface, and I don’t think people should use it (there are vastly preferable alternatives for every legitimate use case in 2025), I just don’t think it should be unnecessarily thread/memory unsafe!
What’s the preferable alternative for “i’m using a library which changes behavior based on environment variables and i need to control that behavior”? Note that libc itself is a library that does this (e.g. the TZ env var).
I think in general the environment variables are intended to allow control from outside the process; this applies to the ambient timezone and locale stuff especially. If you override them within the process you’re preventing those mechanisms from working as designed. In general, any library interface that can only be configured through environment is not a good interface.
In the case of locales, the newlocale(3C) routine was added to allow programs to look up a specific locale and get a handle to it, rather than use the ambient locale from LANG and LC_ALL in the environment. Probably we should be looking to add a newtimezone(3C) routine to allow a similar thing with timezones!
Cool project but where’s the source? I would think there should be some scripts to build the binaries and boot image and links or Git submodules to the code being used.
Somehow you went from OS parts and config files to a binary. I’m always suspicious of a binary dropped as a release for a code/script-free repository.
Maybe have the SVN projects mirrored in Git (migrated to preserve history), add your custom config.sys and autoexec.bat, plus whatever it was that made the binary. Visitors to the repo should be able to go from source to binary on their own, with the released binaries as just a convenience.
Somehow you went from OS parts and config files to a binary.
“A” binary? No. I installed the OS, using its stock installer. I added a few extra components, from its own repo using its own packaging tool: mouse driver, text editor, JEMM memory manager. I’ve listed them on Github.
You do know how installing a DOS works, right? The install media contain compressed binaries, and installation consists of uncompressing them and copying them to disk. That is all it consists of.
I did not create or modify any binaries whatsoever at any point in this process. I have not compiled a single line. There is absolutely no change in any binary in this image from what the SvarDOS project supplied.
I think that Apple Intelligence is a failure of a product from an implementation standpoint. This is frustrating because the foundation they are building on top of is nearly invincible.
Apple Intelligence is band new, it’s been out for less than six months! Seriously, go back and see what ChatGPT, Copilot, or any other consumer-branded AI system looked like at just six months. Go back and look at the original iPhone, at how limited it was, and how incredibly far Apple has come since then.
What’s frustrating is that everyone complaining here has lost perspective. Not everyone is the target audience. Not everything is perfect at launch (it even says it’s in beta), and AI is hard (not just integration, but getting good data for training while hopefully not infringing on someone else’s copyright, and making an attempt to preserve user privacy). And the Apple Intelligence is clearly marked as a beta product.
Another beta product is Tesla’s Autopilot. It’s not perfect, and surprise it too is a beta. So you can’t sleep at the wheel, watch a movie, or go sit in the backseat. You have to sit at in the driver’s seat with your hands on the wheel.
Wait and see what Apple has done with Apple Intelligence in iOS 20/Mac OS 17, then get out your judgy blog posts. I think you’ll find that Apple has done well and avoided pitfalls and controversies that other’s encountered.
I have to admit I was skeptical (I’m an idiot and bugged the author for references… which were already in the article and I missed ¬ ¬U), but the materials that Apple has released are much better than I expected. It’s certainly worth reading Apple’s materials.
Trusted computing is a fascinating topic, and Apple’s materials address many of my concerns about the topic. There’s plenty of independent auditing possibilities, although I missed independent auditing that validates that Apple is running the code they say they are running. Hopefully more knowledgeable people will research and validate this topic.
I think trusted computing is way harder than, say, E2EE. I think E2EE is doable, but I’m not even sure trusted computing has a lot to do with “technical” details. But I enjoy reading these materials and I’m glad big companies are working on this.
But then I think the main point of the article is about “Apple made this huge effort to do trusted computing… to run LLMs”, which is a premise I agree with. Actually, despite all the issues I have with LLMs, I think they can provide value, and I trust Apple much more than other players to find valid applications of the technology. And I think it’s highly unlikely that they will not use their private cloud compute for other, more useful, non-LLM stuff.
Don’t feel bad, it’s an easy thing to miss. It’s also a pretty outrageous claim, so you were right to be skeptical. I was, I planned on writing something about it but haven’t had the time to yet.
Super! Thanks for sharing. I wish CC would have taken off by now, and I’m glad that’s what Apple seems to be using even if with their own marketing name attached to it.
There are some very hard problems, depending on your threat model. If you assume that an attacker can modify DRAM, you need a Merkel tree over anything that leaves cache, which is really slow, or you need DRAM plus controllers to be in a sealed unit with end-to end authenticated encryption with the machine (this is the better solution, but requires modifying memory interfaces).
Apple is currently punting on this by relying on the intrusion detection systems, but since these are hidden in their data centres, you can’t audit them. It’s probably fine, but there are quite a few ways that Apple would be able to break their own systems. The test for that is probably random third-party audits.
Fun idea, but it runs client side, so it’s not really a functional CAPTCHA. Even if you captured input and ran Doom on the server, there’s no randomization.
Ironically I think this makes it significantly worse at being a captcha; humans will find it much more difficult, but for a computer the difficulty level shouldn’t make much of a difference.
lol just type “iddqd” (god mode) and “idkfa” (unlimited ammo, all weapons unlocked + all keys etc). The codes are burned into my memory and I was pleased to see it work here.
I passed it on the second attempt. The trick is to not run forwards. The monsters then come clustered together and it’s easy to just keep shooting.
A simple ML model could also reach the same conclusion, but that’s not why it!s a bad CAPTCHA: it’s deterministic. You could just record the key strokes and someone who passes and play them back and you’ll pass 100% of the time.
Move a little to the left of the starting position (don’t leave the hall), fire your pistol to alert monsters, and then pistol-snipe the zombies and sergeants that wander your way. If you fire continuously at whatever you see, you’ll prove your humanity before you die or run out of ammo. Just don’t go out into the open. I’m not sure whether it’s Nightmare or UV Fast, but either way it makes staying clear of fireballs a challenge.
Memories returning: punch the air to alert monsters, it will save one bullet. Still counts as “firing a weapon” and alerts anyone within earshot, even though it makes no real sense :)
Though not the original commenter, I would say it does not in my experience. The cost of using std::variant is much larger than that of Rust’s enum, even in the “unwound non-recursive” approach that is used by some implementations to support it’s storage.
The biggest cost factor is how visitation works. In Rust, you use match and can rely on the pattern matching to execute in a more or less safe switch. In C++, while you can use the .index() member function with a switch statement, you’ll typically have to manually keep track of each entry in a given variant.
At this point it’s no different than having a std::variant and then using an enum to keep track of the type so it’s easier to understand what’s going to execute (and then you need to manually extract the type, and since we don’t offer an “unsafe_get” to extract the underlying value from a variant without doing a bounds check, you’ll be doing a secondary check anyhow). If anything it’s quicker and easier to do an if-else chain with get_if, but that also has it’s costs as it’s also doing a bounds check on the index in every case.
Basically it is easier and more efficient for runtime operations to implement each variant-like type directly with an enum class and a proper type that returns said enum class from it’s index and then worry about managing the storage/construction for each individual type manually, possibly providing a match member function that can unroll any checks and be faster than std::visit.
That said if you don’t care about performance, go hog wild with std::variant. Sometimes it’s on a cold path or you can worry about the performance details later. 🙂
There is/was a paper to add an lvariant type to C++ to represent this concept (Authored by David Sankel), though some people in the room felt that enum union would make more sense, but it has since petered out.
The source video is better, but still doesn’t actually say what any of the mistakes Linus is thinking of are(there are many things you can point to, but which specific ones? :) )
Don’t change the title of a page into a question you have about the page! That is extremely unclear. If you have a question, add it as a comment.
Or ask the directly via their discord? I am not even sure why this topic is here.
If the team had posted “why”, then that would be an interesting thing to discuss.
I’m not asking them. I’m asking Lobsters. And I have seen others doing the same recently, so I am not sure why you’re attacking me for it.
To ask lobster.rs, post an #ask question without a link.
For context, what was the original question?
Previous discussions on this service:
https://lobste.rs/domains/delta.chat
Neat! I didn’t know lobster.rs had a URL to find stories by domain.
Cool idea! Multi-protocol projects like this are neat when not merely a bridge between two systems.
I’m happy to see that
powerpc64le-unknown-linux-muslis now Tier 2.Maybe the author is a selfish asshole with no appreciation for others, but I value humanity over productivity. GenAI guys are hard for slop and consume for consumption’s sake, like a capitalist psychosis.
Yeah, fuck you, pal. I’ve paid for Free Software and I’ll happily pay for hand-crafted software.
That is unnecessarily harsh. FYI, the author has pretty much devoted his career to helping others learn ML and Python. (I am not the author.)
It was pretty harsh, I’ll admit that was an unfair thing to say. His post made me angry and I commented heedlessly. My point still stands - he doesn’t value creation, he values creations: the work of individuals is incidental and can be dismissed. I can’t elaborate just how vile a worldview this article presents to me.
OK, I’ll bite. I agree with what the author says about “artisanal software.” I don’t see what’s vile about viewing it as not inherently more valuable.
I think any hard work a human does is commendable. I respect people who memorize digits of pi or can solve a Rubik’s cube fast by hand. Even if machines can do both with more accuracy or speed, I don’t see why the human achievement shouldn’t be lauded.
But supposing I wanted several thousand digits of pi or my Rubik’s cube to be solved – and that a machine would do it cheaper – I wouldn’t hesitate to pick the machine. I don’t think it’s unreasonable for these people to then be out of a job if a machine obviates them.
BUT, this is in a hypothetical where I am asked to choose abstractly between machine-created and human-created software.
If in the present you asked me whether I would pay more for “handmade software” then I absolutely would because I would trust it far more.
If the reliability problem of AI-generated code is solved, then the question for me is an ethical one – assuming (not unreasonably) that the AI-generated software of the future continues to amass ethical concerns. In that case, I would argue that the author should not call it “artisanal” but rather “ethically-sourced”. And I should hope that we as consumers try to prefer the latter.
Agreed, but the vile-ness doesn’t make it less likely.
But encouraging more people to recognize it as vile might.
Good. You’re awesome. You’re also in a very small minority.
It’s a minority that only grows, join us if you haven’t yet.
It is not about Rust, it is not about Assembly, nor ARM64 vs. RISC-V…
Just:
n.b.
MT-UnsafeEnvironment variables are a simple interface between the parent process (the environment) and the program being executed. Not a dynamic global thread-safe map.
Note that this is only true on the platform where you obtained that manual page. The people who wrote the implementation have made a choice not to make the interface safe.
If you look at https://illumos.org/man/3C/setenv ours is MT-Safe, and there’s really no reason that every other libc couldn’t make the same decision.
Agree, thanks.
BTW: Does Illumos have independent env for threads or shared by whole process (and just thread-safe)? It might be useful or not… However at current state (env is usually not only shared but even MT-Unsafe), it is just a bad design if someone recklessly modifies env in a multi-threaded program or if a library can be parametrized only using env and does not provide any other per-thread configuration (like functions or thread-local variables).
The environment is definitely per process, not per thread. FWIW, I don’t think setenv(3C) is a good interface, and I don’t think people should use it (there are vastly preferable alternatives for every legitimate use case in 2025), I just don’t think it should be unnecessarily thread/memory unsafe!
Here’s the source https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libc/port/gen/getenv.c
What’s the preferable alternative for “i’m using a library which changes behavior based on environment variables and i need to control that behavior”? Note that libc itself is a library that does this (e.g. the
TZenv var).I think in general the environment variables are intended to allow control from outside the process; this applies to the ambient timezone and locale stuff especially. If you override them within the process you’re preventing those mechanisms from working as designed. In general, any library interface that can only be configured through environment is not a good interface.
In the case of locales, the newlocale(3C) routine was added to allow programs to look up a specific locale and get a handle to it, rather than use the ambient locale from LANG and LC_ALL in the environment. Probably we should be looking to add a newtimezone(3C) routine to allow a similar thing with timezones!
I’m guessing MUSL’s versions aren’t thread-safe either https://git.musl-libc.org/cgit/musl/tree/src/env/setenv.c
Wow. £250m computer in 1978, 14 pages worth of Fortran, and the animation output was printed directly to film. Impressive.
1/4m gbp = 250k, still a lot of money ^^
Oops! I meant for that to be a k
Cool project but where’s the source? I would think there should be some scripts to build the binaries and boot image and links or Git submodules to the code being used.
I have no scripts or anything because I didn’t compile it. I did not build, link, make or in any other way compile a single byte of this.
It’s 2 (two) hand-edited config files (the classic DOS combo of
CONFIG.SYS+AUTOEXEC.BAT) and a big ol’ pile of existing code.SvarDOS has source, but note, in SVN not Git.
http://svardos.org/
Somehow you went from OS parts and config files to a binary. I’m always suspicious of a binary dropped as a release for a code/script-free repository.
Maybe have the SVN projects mirrored in Git (migrated to preserve history), add your custom config.sys and autoexec.bat, plus whatever it was that made the binary. Visitors to the repo should be able to go from source to binary on their own, with the released binaries as just a convenience.
“A” binary? No. I installed the OS, using its stock installer. I added a few extra components, from its own repo using its own packaging tool: mouse driver, text editor, JEMM memory manager. I’ve listed them on Github.
You do know how installing a DOS works, right? The install media contain compressed binaries, and installation consists of uncompressing them and copying them to disk. That is all it consists of.
I did not create or modify any binaries whatsoever at any point in this process. I have not compiled a single line. There is absolutely no change in any binary in this image from what the SvarDOS project supplied.
Apple Intelligence is band new, it’s been out for less than six months! Seriously, go back and see what ChatGPT, Copilot, or any other consumer-branded AI system looked like at just six months. Go back and look at the original iPhone, at how limited it was, and how incredibly far Apple has come since then.
What’s frustrating is that everyone complaining here has lost perspective. Not everyone is the target audience. Not everything is perfect at launch (it even says it’s in beta), and AI is hard (not just integration, but getting good data for training while hopefully not infringing on someone else’s copyright, and making an attempt to preserve user privacy). And the Apple Intelligence is clearly marked as a beta product.
Another beta product is Tesla’s Autopilot. It’s not perfect, and surprise it too is a beta. So you can’t sleep at the wheel, watch a movie, or go sit in the backseat. You have to sit at in the driver’s seat with your hands on the wheel.
Wait and see what Apple has done with Apple Intelligence in iOS 20/Mac OS 17, then get out your judgy blog posts. I think you’ll find that Apple has done well and avoided pitfalls and controversies that other’s encountered.
Tesla’s “beta” has been running long enough to kill people and change laws. I’m not sure this is a favorable comparison.
Tesla’s “beta” really was (is) a beta, even if people don’t treat it as such.
It’s pretty irresponsible to put such a beta in a car of all things.
I have to admit I was skeptical (I’m an idiot and bugged the author for references… which were already in the article and I missed ¬ ¬U), but the materials that Apple has released are much better than I expected. It’s certainly worth reading Apple’s materials.
Trusted computing is a fascinating topic, and Apple’s materials address many of my concerns about the topic. There’s plenty of independent auditing possibilities, although I missed independent auditing that validates that Apple is running the code they say they are running. Hopefully more knowledgeable people will research and validate this topic.
I think trusted computing is way harder than, say, E2EE. I think E2EE is doable, but I’m not even sure trusted computing has a lot to do with “technical” details. But I enjoy reading these materials and I’m glad big companies are working on this.
But then I think the main point of the article is about “Apple made this huge effort to do trusted computing… to run LLMs”, which is a premise I agree with. Actually, despite all the issues I have with LLMs, I think they can provide value, and I trust Apple much more than other players to find valid applications of the technology. And I think it’s highly unlikely that they will not use their private cloud compute for other, more useful, non-LLM stuff.
Don’t feel bad, it’s an easy thing to miss. It’s also a pretty outrageous claim, so you were right to be skeptical. I was, I planned on writing something about it but haven’t had the time to yet.
Check out Confidential Computing if Apple’s private computing is interesting to you.
We wrote an overview of Confidential Cloud Computing a few years back.
Super! Thanks for sharing. I wish CC would have taken off by now, and I’m glad that’s what Apple seems to be using even if with their own marketing name attached to it.
There are some very hard problems, depending on your threat model. If you assume that an attacker can modify DRAM, you need a Merkel tree over anything that leaves cache, which is really slow, or you need DRAM plus controllers to be in a sealed unit with end-to end authenticated encryption with the machine (this is the better solution, but requires modifying memory interfaces).
Apple is currently punting on this by relying on the intrusion detection systems, but since these are hidden in their data centres, you can’t audit them. It’s probably fine, but there are quite a few ways that Apple would be able to break their own systems. The test for that is probably random third-party audits.
Fun idea, but it runs client side, so it’s not really a functional CAPTCHA. Even if you captured input and ran Doom on the server, there’s no randomization.
The randomization could be that it starts on a random level. Good call though, I didn’t think of that.
Great work and I’m happy to see
gaimPidgin continues to be developed.Sad face
Too many monsters.
Agreed, it looks like Ultra-violence or Nightmare mode.
Ironically I think this makes it significantly worse at being a captcha; humans will find it much more difficult, but for a computer the difficulty level shouldn’t make much of a difference.
lol just type “iddqd” (god mode) and “idkfa” (unlimited ammo, all weapons unlocked + all keys etc). The codes are burned into my memory and I was pleased to see it work here.
I passed it on the second attempt. The trick is to not run forwards. The monsters then come clustered together and it’s easy to just keep shooting.
A simple ML model could also reach the same conclusion, but that’s not why it!s a bad CAPTCHA: it’s deterministic. You could just record the key strokes and someone who passes and play them back and you’ll pass 100% of the time.
That didn’t mean it wasn’t fun, of course.
It has indeed been set to nightmare difficulty. The “How it works” link on the page and the description on the repository confirms this.
Move a little to the left of the starting position (don’t leave the hall), fire your pistol to alert monsters, and then pistol-snipe the zombies and sergeants that wander your way. If you fire continuously at whatever you see, you’ll prove your humanity before you die or run out of ammo. Just don’t go out into the open. I’m not sure whether it’s Nightmare or UV Fast, but either way it makes staying clear of fireballs a challenge.
Memories returning: punch the air to alert monsters, it will save one bullet. Still counts as “firing a weapon” and alerts anyone within earshot, even though it makes no real sense :)
What about Fortran?
It’s nice to see support for Confidential Computing.
I wrote up some documentation on how all this works and known issues here: https://docs.fedoraproject.org/en-US/fedora-asahi-remix/x86-support/
You can also watch Alyssa’s talk at XDC2024 here: https://www.youtube.com/watch?v=pDsksRBLXPk (starts around ~20 minutes after stream start).
Thank you to everyone who worked to make all this possible! ^^
Wow… Fallout 4 on Linux on an M1. I would never have thought that possible. Incredible!
ya’ll are awesome! Inspired me to learn rust and get into hardware more!
I don’t have anything insightful to add but I’d like to say anyway that this is incredibly impressive.
love what you Asahi guys are doing! next level stuff
Very very nice! I sponsor one of you (sorry, I forget who… probably multiple) on github for a reason!
What’s the priority (if any) on getting these things working on the M3 or the soon-to-be-released M4? (and of course the Pro and Max variants)
The way the blogpost just drops well-known AAA games inline while discussing the latest efforts is hilarious.
Keep on hackin’!
The only DAVE software I know https://en.wikipedia.org/wiki/Thursby_DAVE
I’d really like for C++ to adopt Rust’s enum with internal data per variant, like:
Do you feel like std::variant doesn’t satisfy the algebraic data type/tagged union/sealed class goal?
Though not the original commenter, I would say it does not in my experience. The cost of using
std::variantis much larger than that of Rust’senum, even in the “unwound non-recursive” approach that is used by some implementations to support it’s storage.The biggest cost factor is how visitation works. In Rust, you use
matchand can rely on the pattern matching to execute in a more or less safe switch. In C++, while you can use the.index()member function with aswitchstatement, you’ll typically have to manually keep track of each entry in a given variant.At this point it’s no different than having a
std::variantand then using anenumto keep track of the type so it’s easier to understand what’s going to execute (and then you need to manually extract the type, and since we don’t offer an “unsafe_get” to extract the underlying value from a variant without doing a bounds check, you’ll be doing a secondary check anyhow). If anything it’s quicker and easier to do anif-elsechain withget_if, but that also has it’s costs as it’s also doing a bounds check on the index in every case.Basically it is easier and more efficient for runtime operations to implement each
variant-like type directly with anenum classand a proper type that returns saidenum classfrom it’sindexand then worry about managing the storage/construction for each individual type manually, possibly providing amatchmember function that can unroll any checks and be faster thanstd::visit.That said if you don’t care about performance, go hog wild with
std::variant. Sometimes it’s on a cold path or you can worry about the performance details later. 🙂There is/was a paper to add an
lvarianttype to C++ to represent this concept (Authored by David Sankel), though some people in the room felt thatenum unionwould make more sense, but it has since petered out.I find std::variant to be very awkward (Just like std::optional).
It shouldn’t be possible to call
get<n>()without checking if the variant being accessed is correct.I’ll have to check that out…
Unfortunately a somewhat content-free article as it does not provide examples of what mistakes he is talking about.
Agreed. The article can be boiled down to “hardware is hard”.
Source video: https://www.youtube.com/watch?v=1Y82U450zcI
The source video is better, but still doesn’t actually say what any of the mistakes Linus is thinking of are(there are many things you can point to, but which specific ones? :) )