PieFed.zipBB_C, bb_c@programming.dev
Instance: programming.dev
Joined: 2 years ago
Posts: 3
Comments: 74
Posts and Comments by BB_C, bb_c@programming.dev
c/programming
c/programmingcirclejerkComments by BB_C, bb_c@programming.dev
Rust@programming.dev
nice CLAUDE.md. got it on the contributor list too.
An actually serious project that is not at the "joke" stage. Zero LLM use too:
https://nihav.org/
For audio at least, people should be aware of:
https://github.com/pdeljanov/Symphonia
software-rendered implemented-in-C++ terminal
you fail the cult test 😉
GolangI don’t do Go (thankfully). But that description reminded me of *"A False Midnight"*, which is a Python story from almost 12 years ago (time flies).
The fact that these two stories concern Python and Go, the two supposedly easy and simple languages, are good examples of why such descriptors were always intellectual smell.
C Programming Language@programming.dev
This is unnecessarily complicated
really!
and I don’t see how your second version is supposed to be more optimal?
It was a half-joke. But since you asked, It doesn’t do any duplicate range checks.
But it’s not like any of this is going to be measurable.
Things you should/could have complained about:
* [semantics] not checking if h and l are in the [0, 9] range before taking the result of h*10 + l.
* [logical consistency] not using a set bet for [0, 100] and a set bit for [1, 12], and having both bits set for the latter.
* [cosmetic/visual] not having the props bits for p0 on the left in the switch.
And as a final note, you might want to check what kind of code compilers actually generate (with -O2/-O3 of course). Because your complaints don’t point to someone who knows.
The whole premise is wrong, since it’s based on the presumption of C++ and Rust being effectively generational siblings, with the C++ “designers” (charitable) having the option to take the Rust route (in the superficial narrow aspects covered), but choosing not to do so. When the reality is that C++ was the intellectual pollution product of “next C” and OOP overhype from that era (late 80’s/ early 90’s), resulting in the “C with classes” moniker.
The lack of both history (and/or evolution) and paradigm talk is telling.
C Programming Language@programming.dev
Maybe something like this
#include <stdio.h>
// reads next 4 chars. doesn't check what's beyond that.
int get_pair() {
int h = getchar() - 48;
int l = getchar() - 48;
return h * 10 + l;
}
int main(){
int p0 = get_pair();
int p1 = get_pair();
if (p0 < 0 || p1 < 0 || p0 > 100 || p1 > 100) {
// not 4 digi seq, return with failure if that's a requirement
}
if ((p0 == 0 || p0 > 12) && (p1 >= 1 && p1 <= 12)) {
printf("YYMM");
} else if ((p1 == 0 || p1 > 12) && (p0 >= 1 && p0 <= 12)) {
printf("MMYY");
} else if ((p0 >= 1 && p0 <= 12) && (p1 >= 1 && p1 <= 12)) {
printf("AMBIGUOUS");
} else {
printf("NA");
}
return 0;
}
or if you want to optimize
#include <stdio.h>
#include <stdint.h>
// reads next 4 chars. doesn't check what's beyond that.
int get_pair() {
int h = getchar() - 48;
int l = getchar() - 48;
return h * 10 + l;
}
uint8_t props (int p) {
if (p >= 1 && p <= 12) {
return 0b10;
} else if (p < 0 || p >= 100) {
return 0b11;
} else {
return 0b00;
}
}
int main(){
int p0 = get_pair();
int p1 = get_pair();
switch (props(p0) | (props(p1) << 2)) {
case 0b1010: printf("AMBIGUOUS"); break;
case 0b1000: printf("YYMM"); break;
case 0b0010: printf("MMYY"); break;
default: printf("NA");
}
return 0;
}
LinuxNo. This one is actually cool, useful, and innovative. And it tries to do some things differently than everyone else.
Rust@programming.dev
/me putting my Rust (post-v1.0 era) historian hat on.
The list of (language-level) reasons why people liked Rust was already largely covered by the bullet points in the real original Rust website homepage, before some “community” people decided to nuke that website because they didn’t like the person who wrote these points (or rather, what that person was “becoming"). They tasked some faultless volunteers who didn’t even know much Rust to develop a new website, and then rushed it out. It was ugly. It lacked supposedly important components like internationalization, which the original site did. But what was important to those “community people” (not to be confused with the larger body of people who develop Rust and/or with Rust) is that the very much technically relevant bullet points were gone. And it was then, and only then, that useless meaningless “empowerment” speak came into the picture.
Rust@programming.dev
less likely to be insecure
Evidenced by?
requires reviewing all source code
This is exactly the la-la-land view of what distributors do I was dispelling with facts and reality checks. No one is reviewing all source code of anything, except for cases where a distro developer and an upstream member are the same person. And even then, this may not be the case depending on the upstream project, its size, and the distro developer’s role within that project.
to make sure it meets interoperability
Doesn’t mean anything other than “it builds” and “API is not broken” (e.g. withing the same .so version), and “seems to work”.
These considerations happen to hardly exist with the good tooling provided by cargo.
and open-source standards.
Doesn’t mean anything outside of licensing (for code and assets), and “seems to work”.
Your argument that crates.io is a known organization therefore we should trust the packages distributed is undermined by your acknowledgement that crates.io does not produce any code. Instead we are relying on the individual crate developers, who can be as anonymous as they want.
Largely correct. But that was me comparing middle-man vs. middle-man. That is if crates.io operators can be described as middle-men, since their responsibilities (and consequently, attack vectors) are much smaller.
Barring organizational attacks from within, with crates.io, you have one presumably competent/knowledgable, possibly anonymous, source, and operators that don’t do much. With a binary distro, you have that, AND another “middle-man” source, possibly anonymous, and with competence and applicable knowledge <= upstream (charitable), yet put in a position to decide what to do with what upstream provides, or rather, provided.. X years ago, if we are talking about the claimed "stable" release channel.
The middle man pulls sources from places like crates.io anyway. So applying trivial “logic"/"maths”, it can’t be “better”, in the context being discussed.
Software doesn’t get depended on out of thin air. You are either first in line directly depending on a library, and thus you would naturally at least make the minimum effort to make sure it’s minimally “fit for purpose”. Or you are an indirect dependant, and thus looking at your direct dependencies, and maybe “trusting” them with the “trickle down”.
More processes, especially automated ones, are always welcome to help catch “stuff” early. But it is no surprise that the “success stories” concern crates with fat ZERO dependants.
Processes that help dependants share their knowledge about their dependencies (a la cargo vet) are unquestionably good additions. They sure trump the dogmatic blind faith in distros doing something they simply don’t have the knowledge or resources to do, or the slightly less dogmatic faith in some library being “trustable” if packaged by X or XX distros, assuming at least someone knowledgable/competent must have given a thorough look (this has a rough equivalent in the number of dependants anyway).
This is all obvious, and doesn’t take much thought from anyone active from the inside (upstreams or distros), instead of the surface “knowledge” that leaks, and possibly gets manipulated, in route to the outside.
Rust@programming.dev
While it may never be “enough” depending on your requirements (which you didn’t specifically and coherently define), the amount of “review”, and having the required know-how to do it competently, is much bigger/higher from your crate dependants, than from your distro packages.
It’s not rare for a distro packager to not know much about the programming language (let a lone the specific code) of some packages they package. It’s very rare for a packager to know much about the specific code of what they package (they may or may not have some level of familiarity with a handful of codebases).
So what you get is someone who pulls source packages (from the interwebs), possibly patching them (and possibly breaking them), compiling them, and giving you the binaries (libs/execs). With source distros, you don’t have the compiling and binary package part. With crates.io, you don’t have the middle man at all. Which is why the comparison was never right from the start. That’s the pondering I left you to do on your own two comments ago.
Almost all sufficiently complex user-space software in your system right now has a lot of dependencies (vendored or packaged), you just don’t think of them because they are not in your face, and/or because you are ambivalent to the realities of how distros work, and what distro developers/packagers actually do (described above). You can see for yourself with whatever the Debian equivalent is to pactree (from pcaman).
At least with cargo, you can have all your dependencies in their source form one command away from you (cargo vendor), so you can trivially inspect as much as you like/require. The only part that adds unknowns/complexities is crates that usebuild.rs. But just like unsafe{}, this factor is actually useful, because it tells you where you should look first with the biggest magnifying glass. And just like cargo itself, the streamlining of the process means there aren’t thousands of ways/places in the build process to do something.
Rust@programming.dev
Debian (and other “community” distros) is distributed collaboration, not an organization in the sense you’re describing. You’re trusting a scattered large number of individuals (some anonymous), infrastructure, and processes. The individuals themselves change all the time. The founder of the whole project is not even still with us for example.
Not only the processes did nothing to stop shipping the already mentioned xz backdoor (malicious upstream). But the well-known blasé attitude towards patching upstream code without good reason within some Debian developer circles actually directly caused Debian-only security holes in the past (If you’re young, check this XKCD and the explanation below it). And it just happens that it’s the same blasé attitude that ended up causing the xz backdoor to affect PID 1 (systemd) in the first place. While that particular malicious attack wasn’t effective/applicable in distros that don’t have such an attitude in their "culture" (e.g. Arch).
On the other hand, other Debian developer(s) were the first to put a lot of effort into making reproducible builds a thing. That was a good invaluable contribution.
So there is good, and there is very much some bad. But overall, Debian is nothing special in the world of "traditional" binary distros. But in any case, it’s the stipulation “trusting an organization because it has a long track record of being trustworthy” in the context of Debian that would be weird.
(The "stable distro" model of shipping old patched upstreams itself is problematic, but this comment is too long already.)
crates.io is 10+ years old upstream-submitted repository of language-specific source packages. It’s both not that comparable to a binary distro, and happens to come with no track record of own goals. It can’t come with own goals like the “OpenSSL fiasco” in any case, because the source packages ARE the upstreams. It is also not operated by any anonymous people, which is the first practical requirement to have some logically-coherent trustworthiness into an individual or a group. Most community distros can’t have this as a hard requirement by their own nature, although top developers and infrastructure people tend to be known. But it takes one (intentionally or accidentally) malicious binary packager…
You don’t seem to have a coherent picture of a threat model, or actual specific factualities about Debian, or crates.io, or anything really, in mind. Just regurgitations about "crates.io BAD" that have been fed mostly by non-techies to non-techies.
Rust@programming.dev
So, we established that “pulled in from the interwebs” is not a valid differentiator.
which has existed for much longer than has crates.io
True and irrelevant/invalid (see below). Among the arguments that could be made for <some_distro> packages vs. crates.io, age is not one of them. And that’s before we get to the validity of such arguments.
In this case, it is also an apples-to-oranges comparison, since Debian is a binary distro, and crates.io is a source package repository. Which one is "better", if we were to consider this aspect alone, is left for you to ponder.
and has had fewer malicious packages get into it.
The xz backdoor was discovered on a Debian Sid system, my friend. Can you point to such “malicious packages” that actually had valid users/dependants on crates.io?
Rust@programming.dev
Why do you keep making these “no context” posts?
They read like random gibberish.
Rust@programming.dev
fastrand has zero dependencies.
And all external dependencies are “pulled from the interwebs” nowadays (in source and/or binary form), irrespective of language. This includes core, alloc, and std, which are crates that came with your compiler, which you pulled from the interwebs.
Not knowing about opt-in telemetry doesn’t convey lack of experience, or lack of (relevant) knowledgeability. Especially considering the fact that Arch purposefully keeps the existence of it low-key to avoid the possibility of pissing off anyone.
I was already an Arch user when that opt-in telemetry was introduced. And only heard about it because I was relatively active in Arch communities back then (relatively young, relatively new to Arch). If pkgstats were introduced two years later, I would have never heard of them. Because believe it or not, Arch is just a reliable OS, where you don’t have to interact with anything other than reading the odd announcement every other year. It’s not a “community”, or a “way of life”, or anything in that bracket.
The premise of the question is wrong, since it assumes a general preference.
If you’re asking 👉 this 👈 Arch user, the answer is “NONE”.
EDIT: The majority of users, especially experienced ones, don’t enable pkgstats. So such stats always end up in some form of self-selection (biased towards users who would use a DE in this case).
They know you can just do if ((age < 18)) in bash, right?
Or rather if ((10#$age < 18)) because age=021 would not be adult 😉 Hopefully, they protect against that at least.
(I had to double-check this stupid default is still a thing, since I moved to zsh many years ago.)
Rust ProgrammingWith GPU rendering, you should learn about GPU processing and memory usage too, not that it would matter much for such a use-case.
nvtop is nice for displaying all that info (it’s not nvidia-specific).
Also % CPU usage is not a good metric, especially when most people forget to set CPU frequencies to fixed values before measuring. And heterogenous architectures (e.g. big.LITTLE) make such numbers meaningless anyway (without additional context). But again, none of this really matters in this use-case.
is considered harmful.
I don’t know if someone wrote that blogpost for me
zramso swapping doesn’t immediately slow things to a crawl.cargo check, often. You don’t need to always compile.release-devprofile that inheritsrelease, use cranelift for codegen in it, and turn offlto.Otherwise, it would be useful to know what kind of system you’re running, and how is the system load without any rust dev involvement. It would also be helpful to provide specifics. Your descriptions are very generic and could be entirely constructed from rust memes.
The majority of actual rustaceans don’t care about these polls (or any "official community" activity for that matter).
If you want actually relevant (and objective) stats, look here.
Were those nonsensical
Differencepercentages obtained via an existence that claims intelligence by any chance?One can use custom viewers via
core.pagerandinteractive.diffFilterin git configuration, not to mention defining customdifftools directly.I primarily use delta for this (sometimes packaged as
git-delta), which itself is implemented in Rust too.For example, save this as a script called
delta-ssomewhere in$PATH:Then, in
~/.gitconfig, addAnd the you can just
You can further create an alias for that too of course.
Didn’t read the whole thing because I had to stop at the right column at the start.
Federated is “decentralized”. The correct word the author is looking for is “distributed”. And even then, direct exclusive P2P is only one form of “distributed”. Hybrid/Multiple approaches are also wide-spread (torrents anyone!).
Not sure how a technical writer gets such a basic aspect wrong.
Also, beyond the closed source aspect, and being a closed up platform in general, Discord was always literal spyware. And pretending like open-source projects who chose to use it didn’t know what they were doing, and glossing over the actions that ranged from collective nagging to almost literal fights in some communities because of such choices, reeks of willful blindness.
It’s laughable before you even get to the code. You know, doing “eval bad” when all the build scripts are written in bash 🤣
There is also no protection for VCS sources (assuming no revision hash is specified) in makepkg (no “locking” with content hash stored). So, if an AUR package maintainer is malicious, they can push whatever they want from the source side. They actually can do that in any case obviously. But with VCS sources, they can do it at any moment transparently. In other words, your primary concern should be knowing the sources are coming from a trustable upstream (and hoping no xz-like fiasco is taking place). Checking if the PLGBUILD/install files are not fishy is the easier part (and should be done by a human). And if you’re using AUR packages to the extent where this is somehow a daunting time-consuming task, then there is something wrong with you in any case.
Edit: That is not to say the author of the tool wouldn’t just fit right in with security theater crowd. Hell, some of them even created whole businesses using not too dissimilar theater components.
@kadu@scribe.disroot.org
No. It’s how you (explicitly) go from ref to deref.
Here: *
pis&PathBuf*
*pisPathBuf***pisPath(Deref) * And&**pis&Path.Since what you started with is a reference to a non-Copy value, you can’t do anything that would use/move
*por**p. Furthermore,Pathis an unsized type (just likestrand[T]), so you need to reference it (or Box it) in any case.Another way to do this is:
Some APIs use
AsRefin signatures to allow passing references of different types directly (e.g. File::open()), but that doesn’t apply here.Cool.
Is it all in rust-mail repo?
And how much of “Rust” in this image is actually open?
Let’s do this incrementally, shall we?
First, let’s
make get_files_in_dir()idiomatic. We will get back to errors later.Now, in
read_parquet_dir(), if the unwraps stem from confidence that we will never get errors, then we can confidently ignore them (we will get back to the errors later).Now, let’s go back to
get_files_in_dir(), and not ignore errors.Now,
SerializedFileReader::try_from()is implemented for&Path, andPathBufderefs to&Path. So your dance of converting to display then to string (which is lossy btw) is not needed.While we’re at it, let’s use a slice instead of
&Vec<_>in the signature (clippy would tell you about this if you have it set up with rust-analyzer).Now let’s see what we can do about not ignoring errors in
read_parquet_dir().Approach 1: Save intermediate reader results
This consumes all readers before getting further. So, it’s a behavioral change. The signature may also scare some people 😉
Approach 2: Wrapper iterator type
How can we combine errors from readers with flat record results?
This is how.
Approach 3 (bonus): Using unstable
#![feature(gen_blocks)]NCDC (No Code, Don’t Care)
As with all ads, especially M$ ones..
No Code, Don’t Care
At least if the code was available, I would find out what they mean by “spoofed Mime” and how that attack vector works (Is the actual file “magic” header spoofed, but the file still manages to get parsed with its non-"spoofed” actual format none the less?!, How?).
Also, I would have figured out if this is a new use of “at scale” applied to purely client code, or if a service is actually involved.
dyncompatibility of the trait itself is another matter. In this case, an async method makes a trait not dyn-compatible because of the implicit-> impl Futureopaque return type, as documented here.But OP didn’t mention whether
dynis actually needed or not. For me,dynis almost always a crutch (exceptions exist).If I understand what you’re asking…
This leaves out some details/specifics out to simplify. But basically:
This meant that you couldn’t just have (stable) async methods in traits, not because of async itself, but because you couldn’t use impl Trait in return positions in trait methods, in general.
Box<dyn Future>was an unideal workaround (not zero-cost, and otherdyndrawbacks).async_traitwas a proc macro solution that generated code with that workaround. soBox<dyn Future>was never a desugaring done by the language/compiler.now that we have (stable) impl Trait in return positions in trait methods, all this dance is not strictly needed anymore, and hasn’t been needed for a while.
I was just referring to the fact that they are macros.
printfuses macros in its implementation.^ This is from glibc. Do you know what
va_startandva_endare?Derives expand to “regular code”. You can run
cargo expandto see it. And I’m not sure how that’s an indication of “bare bone"-ness in any case.Such derives are actually using a cool trick, which is the fact that proc macros and traits have separate namespaces. so
#[derive(Debug)]is using the proc macro namedDebugwhich happens to generate “regular code” that implements theDebugtrait. The proc macro namedDebugand implemented traitDebugdon’t point to the same thing, and don’t have to match name-wise.Not sure if you’re talking about the language, or the core/alloc/std libraries, or both/something in-between?
Can you provide specific examples, an which specific languages are you comparing against?
Wild linker v0.8 released (and updated benchmarks) (github.com)
(didn’t read OP, didn’t keep up with chimera recently)
From the top of my head:
The init system. Usable FreeBSD utils instead of busybox overridable by gnu utils (which you will have to do because the former are bare-bones). Everything is built with LLVM (not gcc). Extra hardening (utilizing LLVM). And it doesn’t perform like shit in some multi-threaded allocator-heavy loads because they patch musl directly with mimalloc. It also doesn’t pretend to have a stable/release channel (only rolling).
So, the use of
apkis not that relevant. “no GNU” is not really the case with Alpine. They do indeed have “musl” in common, but Chimera “fixes” one of the most relevant practical shortcomings of using it. And finally, I don’t think Chimera really targets fake “lightweight"-ness just for the sake of it.'0'..'9'(characters in ASCII) are(0+48)..(9+48)when read as integer values.For readability you can do:
And as I mentioned in another comment, if this was serious code, you would check that both
handlare between0and9.Note that one of the stupid quirks about C is that
charis not guaranteed to be unsigned in certain implementations/architectures. So it’s better to be explicit about expecting unsigned values. This is also whyman 3 getcharstates:>