Readit News logoReadit News
MarkSweep commented on Patterns for Defensive Programming in Rust   corrode.dev/blog/defensiv... · Posted by u/PaulHoule
pornel · 12 days ago
What's really nice is where you don't need defensive programming in Rust.

If your function gets ownership of, or an exclusive reference to an object, then you know for sure that this reference, for as long as it exists, is the only one in the entire program that can access this object (across all threads, 3rd party libraries, recursion, async, whatever).

References can't be null. Smart pointers can't be null. Not merely "can't" meaning not allowed and may throw or have a dummy value, but just can't. Wherever such type exists, it's already checked (often by construction) that it's valid and can't be null.

If your object's getter lends an immutable reference to its field, then you know the field won't be mutated by the caller (unless you've intentionally allowed mutable "holes" in specific places by explicitly wrapping them in a type that grants such access in a controlled way).

If your object's getter lends a reference, then you know the caller won't keep the reference for longer than the object's lifetime. If the type is not copyable/cloneable, then you know it won't even get copied.

If you make a method that takes ownership of `self`, then you know for sure that the caller won't be able to call any more methods on this object (e.g. `connection.close(); connection.send()` won't compile, `future.then(next)` only needs to support one listener, not an arbitrary number).

If you have a type marked as non-thread safe, then its instances won't be allowed in any thread-spawning functions, and won't be possible to send through channels that cross threads, etc. This is verified globally, across all code including 3rd party libraries and dynamic callbacks, at compile time.

MarkSweep · 12 days ago
I don’t see how your comment is relevant, none of things you mention are covered in the article. This was an article about logic bugs that can exist in spite of the borrow checker.
MarkSweep commented on Java Decompiler   java-decompiler.github.io... · Posted by u/mooreds
webdevver · 22 days ago
i have no idea why nobody is doing it - it is such an obvious use case of LLMs. i guess the reveng market is much smaller than most people realized?

then again, who needs reveng when you can use said LLMs to write new software "just in time" with the same API.

reveng also was one of those industries that always had a very suspicious crowd of people - i dont mean malicious, i mean... a lot of them drew a disturbing amount of pleasure from doing incredibly labourious work, sort of like someone who enjoys putting together an airfix model over many months with a microscopic brush and tweezers.

so i wonder if a lot of them perversely enjoy starting at reams of bytes and putting together this 10,000 piece puzzle, and having an llm solve it for them is a deep affront to their tastes.

MarkSweep · 22 days ago
Is it really an obvious use case of LLMs? Traditional byte code to source decompilers are faster, use less memory, and are deterministic. Using a LLM to decompile code makes as much sense as using a LLM to compile code.

That said there are probably ways a LLM could improve a decompiler in a way that does not impact its correctness. Like deriving class and variables names based on context, when symbols are missing or obfuscated.

MarkSweep commented on .NET 10   devblogs.microsoft.com/do... · Posted by u/runesoerensen
formerly_proven · a month ago
License: https://www.nuget.org/packages/dotnet-debugger-extensions/9....

> a. Data Collection. The software may collect information about you and your use of the software, and send that to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may opt-out of many of these scenarios, but not all, as described in the software documentation. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft�s privacy statement. Our privacy statement is located at https://aka.ms/privacy. You can learn more about data collection and its use in the software documentation and our privacy statement. Your use of the software operates as your consent to these practices.

> You may not work around any technical limitations in the software:

> * reverse engineer, decompile or disassemble the software, or otherwise to derive the source code for the software, except and only to the extent required by third party licensing terms governing use of certain open-source components that may be included with the software;

> ...

> * share, publish, rent, or lease the software; or

> * provide the software as a stand-alone offering or combine it with any of your applications for others to use, or transfer the software or this agreement to any third party.

So you are not, for example, allowed to ship this in your application's docker image, you are in fact not allowed to redistribute it at all. So if you wanted to get a .NET debugger into your staging environment, you are not actually allowed to, unless you directly install it then-and-there with nuget. (I'm assuming we're talking about any type of enterprise context, where any given application is touched by contractors or employees from n>1 legal entities, so you are always distributing/sharing/transferring/making available).

Ya ya, I know you shouldn't have debuggers near prod, chiseled images, living off the land, yaddayadda. Regardless, it's needed or at least the easiest way at times, to actually be able to debug an application in staging or similar scenarios.

Also I'm not sure if e.g. blocking outgoing connections of the telemetry (even if by blanket policy) would already technically violate the license.

MarkSweep · a month ago
Yes, the restrictive license they place on their debugging components is frankly bizarre.
MarkSweep commented on .NET 10   devblogs.microsoft.com/do... · Posted by u/runesoerensen
jve · a month ago
There is WinDbg which can debug CLR code, but that is Windows only.
MarkSweep · a month ago
The .NET debugging extension (SOS) is not Windows only, it supports LLDB on Linux in addition to WinDbg:

https://learn.microsoft.com/en-us/dotnet/core/diagnostics/de...

MarkSweep commented on System.LongBool   docwiki.embarcadero.com/L... · Posted by u/surprisetalk
MarkSweep · 2 months ago
I assume this type is for compatibility with the 32-bit BOOL type on Windows. This is a common bugaboo when doing interoperability, as I think languages tend to define bool as a 8-bit value.

https://learn.microsoft.com/en-us/windows/win32/winprog/wind...

This must be a pretty slow news day for this to make the front page of Hacker News.

MarkSweep commented on Renaming the default branch of Rust-lang/rust   blog.rust-lang.org/inside... · Posted by u/sergiotapia
MarkSweep · 2 months ago
As long as changing the name of the default branch in a Git repo is worthy of the front page of Hacker News: I also changed my defaults this year. My muscle memory has changed so that “main” is now what I expect. I’ll just go with the flow and change the name of a branch whenever I trip over it.
MarkSweep commented on DoorDash and Waymo launch autonomous delivery service in Phoenix   about.doordash.com/en-us/... · Posted by u/ChrisArchitect
Balgair · 2 months ago
Flip the script!

Why have installations or stores at all? Just have a self driving and self making burrito trucks. You order one up, and on the way to you, it's being made in the back. Little hatch on the side, shoots out onto your doorstep or through your window.

Then, of course, you've now got an arms race of self making burrito trucks roaming about. Chipotle has one, Taco bell too. And, of course, if a Taco Bell truck knows that a Chipotle truck is next to it on the freeway, well, I mean, there's no one inside it of course. How could you prove that those nails came out of the bottom of the truck anyways?

Pretty soon, we've got burrito trucks duking it out, battle bots style, on the freeways and streets. And then you gotta deploy countermeasures, armor, etc. Just to get your burrito to you. Order up two from different companies and you've got dinner and a show.

And, honestly, is this not the future we all really want? Giant junk food filled mech-cars blasting each other at high speeds from the comfort of our couches.

MarkSweep · 2 months ago
Other people mentioned Zume pizza tried this in the past. Currently there is a company doing this San Mateo call Olhso:

https://www.olhsotruck.com/

They have not implemented the Mad Max style of vehicular combat you described, yet.

MarkSweep commented on ASP.NET Security Feature Bypass Vulnerability   nvd.nist.gov/vuln/detail/... · Posted by u/zeraye
ninjaoxygen · 2 months ago
There is no .NET Core or .NET Framework since .NET 5.0 in 2020. Maybe you mean ASP.NET Core, but then there is no ASP.NET Framework so the comment still does not make sense to me.

The vulnerable component is ASP.NET Core, which did not change name when .NET dropped the Core name to distinguish it from legacy ASP.NET.

--- edit: cut here - the sentence below is incorrect! ---

If somehow you were still using legacy ASP.NET / Framework 4.8 etc, you have much bigger problems - legacy ASP.NET has been unsupported since 2022 so will definitely not be receiving security updates.

MarkSweep · 2 months ago
.NET Core got renamed .NET in version 5. .NET Framework is still used as the name of the classic version of .NET that comes with Windows. See here:

https://learn.microsoft.com/en-us/dotnet/fundamentals/implem...

MarkSweep commented on Everything you need to know about California’s SB 79   mnolangray.substack.com/p... · Posted by u/bickfordb
ummonk · 2 months ago
Great for much needed housing, but this will poison the well for public transit and cause NIMBYs to triple down on opposition to public transit expansion…
MarkSweep · 2 months ago
Yeah, I fear this. This will also make pedestrian bridges that connect housing to transit some that NIMBYs dislike even more. For example.
MarkSweep commented on We found a bug in Go's ARM64 compiler   blog.cloudflare.com/how-w... · Posted by u/jgrahamc
MarkSweep · 2 months ago
I wonder if Go had a mode where you make it single step every instruction and trigger a GC interrupt on every opcode. That would make it easier to find these kinds of bugs.
M

u/MarkSweep

KarmaCake day2438March 30, 2010
About
I'm a software developer.

I can be contacted at AustinWise through gmail.

http://www.awise.us/

View Original