Readit News logoReadit News
RVuRnvbM2e commented on Thoughts on Go vs. Rust vs. Zig   sinclairtarget.com/blog/2... · Posted by u/yurivish
wrs · 16 days ago
> In Go, a slice is a fat pointer to a contiguous sequence in memory, but a slice can also grow, meaning that it subsumes the functionality of Rust’s Vec<T> type and Zig’s ArrayList.

Well, not exactly. This is actually a great example of the Go philosophy of being "simple" while not being "easy".

A Vec<T> has identity; the memory underlying a Go slice does not. When you call append(), a new slice is returned that may or may not share memory with the old slice. There's also no way to shrink the memory underlying a slice. So slices actually very much do not work like Vec<T>. It's a common newbie mistake to think they do work like that, and write "append(s, ...)" instead of "s = append(s, ...)". It might even randomly work a lot of the time.

Go programmer attitude is "do what I said, and trust that I read the library docs before I said it". Rust programmer attitude is "check that I did what I said I would do, and that what I said aligns with how that library said it should be used".

So (generalizing) Go won't implement a feature that makes mistakes harder, if it makes the language more complicated; Rust will make the language more complicated to eliminate more mistakes.

RVuRnvbM2e · 16 days ago
> There's also no way to shrink the memory underlying a slice.

Sorry, that is incorrect: https://pkg.go.dev/slices#Clip

> It's a common newbie mistake to think they do work like that, and write "append(s, ...)" instead of "s = append(s, ...)". It might even randomly work a lot of the time.

"append(s, ...)" without the assignment doesn't even compile. So your entire post seems like a strawman?

https://go.dev/play/p/icdOMl8A9ja

> So (generalizing) Go won't implement a feature that makes mistakes harder, if it makes the language more complicated

No, I think it is more that the compromise of complicating the language that is always made when adding features is carefully weighed in Go. Less so in other languages.

RVuRnvbM2e commented on Americans no longer see four-year college degrees as worth the cost   nbcnews.com/politics/poli... · Posted by u/jnord
rayiner · 21 days ago
That's historical revisionism. The percentage of American adults over age 25 who have a college degree was only 20% as recently as 1990. When America was truly at the top of the world in the 1950s and 1960s, it was under 10%. A high fraction of college attendance is better correlated with the 21st century decline in America's situation.
RVuRnvbM2e · 21 days ago
The reason for US economic domination starting in the 50s is the fact that society and infrastructure in the rest of the developed world had been utterly devastated by the second World War. The rate of college education is utterly irrelevant.
RVuRnvbM2e commented on Exploring the Fragmentation of Wayland, an xdotool adventure   semicomplete.com/blog/xdo... · Posted by u/viraptor
RVuRnvbM2e · a month ago
This is analogous to calling unix account separation "fragmentation". Why can't I just run all my services as root? It has worked for years!?

The answer is that it is a fragile, unmaintainable security nightmare.

Wayland has separation of concerns to fix that problem, with the tradeoffs described in the blog post.

RVuRnvbM2e commented on State of Terminal Emulators in 2025: The Errant Champions   jeffquast.com/post/state-... · Posted by u/SG-
christophilus · 2 months ago
Foot is excellent. Wayland only, but it is very fast to launch, and uses few resources. I love it.
RVuRnvbM2e · 2 months ago
I'm quite confused why this article tests foot v1.16.2, which is two years old at this point. The latest version is 1.25.0.

By contrast, the tested version of ghostty v1.2.3 is two weeks old.

RVuRnvbM2e commented on We all dodged a bullet   xeiaso.net/notes/2025/we-... · Posted by u/WhyNotHugo
kardianos · 3 months ago
> We need some deeper changes in the ecosystem.

I avoid anything to do with NPM, except for the typescript compiler, and I'm looking forward to the rewrite in Go where I can remove even that. For this reason.

As a comparison, in Go, you have minimum version spec, and it takes great pains to never execute anything you download, even during compilation stage.

NPM will often have different source then the github repo source. How does anyone even trust the system?

RVuRnvbM2e · 3 months ago
Fucking this.

I have seen so many takes lamenting how this kind of supply chain attack is such a difficult problem to fix.

No it really isn't. It's an ecosystem and cultural problem that npm encourages huge dependency trees that make it impractical to review dependency updates so developers just don't.

RVuRnvbM2e commented on XZ Utils Backdoor Still Lurking in Docker Images   binarly.io/blog/persisten... · Posted by u/torgoguys
RVuRnvbM2e · 4 months ago
I don't understand the point of this article. Container images are literally immutable packaged filesystems so old versions of affected packages are in old Docker images for every CVE ever patched in Debian.

How is this news?

RVuRnvbM2e commented on XZ Utils Backdoor Still Lurking in Docker Images   binarly.io/blog/persisten... · Posted by u/torgoguys
DiabloD3 · 4 months ago
When I was doing my stuff at my former stint as a hatrack, I made the choice to ban Docker from anywhere inside the company.

_Docker_ is a security hazard, and anything it touches is toxic.

Every single package, every single dependency, that has an actively exploited security flaw is being exploited in the Docker images you're using, unless you built them yourself, with brand new binaries. Do not trust anyone except official distro packages (unless you're on Ubuntu, then don't trust them either).

And if you're going to do that... just go to _actual_ orchestration. And if you're not going to do that, because orchestration is too big for your use case, then just roll normal actual long lived VMs the way we've done it for the past 15 years.

RVuRnvbM2e · 4 months ago
This is hyperbolic.

Unpatched long-lived VMs are much more cumbersome to fix than an outdated Docker image. And good luck reproducing your long-lived VM with years of mutation-via-patch.

RVuRnvbM2e commented on Show HN: unsafehttp – tiny web server from scratch in C, running on an orange pi   unsafehttp.benren.au... · Posted by u/GSGBen
throwaway1492 · 4 months ago
Nice effort but this isn’t interesting at all. You skipped the most interesting part; parsing http. This is beejs networking tutorial with writing a file to a socket.

Harsh? Maybe, but you’re posting this to a site with some of the most talented developers on planet. Real talk, sorry.

RVuRnvbM2e · 4 months ago
Obviously you aren't one of them with an attitude like that.
RVuRnvbM2e commented on Debian 13 “Trixie”   debian.org/News/2025/2025... · Posted by u/ducktective
b112 · 4 months ago
You can still use sysvinit, I've already tested servers and desktop builds.

From my build box:

  chroot $MOUNTPOINT/ /bin/bash -c "http_proxy=$aptproxy apt-get -y --purge --allow remove-essential install sysvinit-core sysvinit-utils systemd-sysv- systemd-"
There is a weird depends you cannot get around without simultaneously removing and installing in parallel. A Debian bug highlighted the above, with a "-" for systemd-sysv- systemd- as a fix, along with allow remove essential.

After this fix, sysvinit builds with debootstrap were almost identical as to bookworm. This includes for desktops.

As per with bookworm through buster, you'll still need something like this too:

  $ cat /etc/apt/preferences.d/systemd

  # this is the only systemd package that is required, so we up its priority first...
  Package: libsystemd0
  Pin: release trixie
  Pin-Priority: 700

  # exclude the rest
  Package: systemd
  Pin: release *
  Pin-Priority: -1

  Package: *systemd*
  Pin: release *
  Pin-Priority: -1

  Package: systemd:i386
  Pin: release *
  Pin-Priority: -1

  Package: systemd:amd64
  Pin: release *
  Pin-Priority: -1

RVuRnvbM2e · 4 months ago
Why would you want to do this?
RVuRnvbM2e commented on What to expect from Debian/Trixie   michael-prokop.at/blog/20... · Posted by u/exiguus
LooseMarmoset · 5 months ago
systemd-resolved is an effing nightmare when combined with network-manager. these two packages consistently manage to stomp all over DNS resolution in their haste to be the one true source of name resolution. i tried enabling systemd-resolved as part of an effort to do dns over https and i end up with zero dns. i swear that /etc/resolv.conf plus helper scripts is more consistent and easy.
RVuRnvbM2e · 5 months ago
I've been using this combination successfully for a long time with no issues. In fact it is the only way to handle complex DNS setup on Linux.

If you have specific issues, please file them over at systemds GitHub issue tracker.

R

u/RVuRnvbM2e

KarmaCake day790April 24, 2014View Original