esprehn (u/esprehn) - Readit News

esprehn commented on Dangerous advice for software engineers seangoedecke.com/dangerou... · Posted by u/gxhao

esprehn · 18 hours ago

In my experience orgs need a mix of both rule followers and rule breakers to function.

I really like Dimitri Glazkov's "Sailors and Pirates" framing of this:

https://glazkov.com/2023/04/02/sailors-and-pirates/

esprehn commented on "Remove mentions of XSLT from the html spec" github.com/whatwg/html/pu... · Posted by u/troupo

esprehn · 7 days ago

Fwiw the XSLT implementation in Blink and WebKit is extremely inefficient. For example converting the entire document into a string, to parse it to a format that's compatible with libxslt, to then produce a string and parse it back into a node structure again. I suspect a user space library could be similarly as effective.

Ex. https://source.chromium.org/chromium/chromium/src/+/main:thi...

https://source.chromium.org/chromium/chromium/src/+/main:thi...

https://github.com/WebKit/WebKit/blob/65b2fb1c3c4d0e85ca3902...

Mozilla has an in-house implementation at least:

https://github.com/mozilla-firefox/firefox/tree/5f99d536df02...

It seems like the answer to the compat issue might be the MathML approach. An outside vendor would need to contribute an implementation to every browser. Possibly taking the very inefficient route since that's easy to port.

esprehn commented on "Remove mentions of XSLT from the html spec" github.com/whatwg/html/pu... · Posted by u/troupo

ummonk · 8 days ago

This seems like the kind of thing that won't require any resources to maintain, other than possible bugfixes (which 3rd parties can provide). It only requires parsing and DOM manipulation, so it doesn't really require any features of JS or WASM that would be deprecated in the future, and the XSLT standard that is supported by browsers is frozen - they won't ever have to dedicate resources to adding any additional features.

esprehn · 7 days ago

That is an interesting approach, you could suggest it? In general using JS to implement web APIs is very difficult, but using WASM might work especially for the way XSLTProcessor works today.

esprehn commented on Adult sites are stashing exploit code inside svg files arstechnica.com/security/... · Posted by u/The-Old-Hacker

ajross · 17 days ago

SVG really is just an awful format. What the market wanted was a clean, easily parseable specification for vector image data based on a solid rendering specification. What it got was an extensible HTML-like scripting language where all the vector stuff was ad hoc and poorly implemented, and where (this is the bit that absolutely drives me up the wall) the actual image data is not stored in the metadata format they chose. You have to parse this entirely different string format if you want to extract the points on your curve or whatever!

esprehn · 17 days ago

To be fair the format was invented in an era before gzip compression. The very compact format and silly attribute names like d are from optimizing for that.

esprehn commented on US Coast Guard Report on Titan Submersible news.uscg.mil/Press-Relea... · Posted by u/rwmj

jerlam · 21 days ago

I'm not even sure it's the first manned carbon fiber submersible.

Deepflight Challenger [...] is the first deep-diving sub to be constructed with a pressure hull (central tube portion) of carbon fibre composite, built by Spencer Composites for HOT. Its carbon fiber design would later influence the tube for the sub Titan,[12] which imploded...

https://en.wikipedia.org/wiki/DeepFlight_Challenger

esprehn · 17 days ago

Notable from that page is this paragraph though:

""" Based on testing at high pressure, the DeepFlight Challenger was determined to be suitable only for a single dive, not the repeated uses that had been planned as part of Virgin Oceanic service. As such, in 2014, Virgin Oceanic scrapped plans for the five dives project using the DeepFlight Challenger, as originally conceived, putting plans on hold until more suitable technologies are developed. """

esprehn commented on XMLUI blog.jonudell.net/2025/07... · Posted by u/mpweiher

koito17 · a month ago

> Full Browser window size cancas ... and draw everything yourself

This was already tried to some extent with Flash. Many sites were a single Flash module (or multiple). Implementing accessibility then required maintaining an invisible DOM representation of the Flash canvas. I personally don't want to return to the era where login and register buttons were dedicated Flash modules (MegaUpload did this back in ~2009) and many sites were an 800x600 image using the <area> tag for hitpoints.

Even Flutter has a DOM target because painting to a full <canvas> violates at the very least the operating system's text rendering, scrolling, and accessibility.

esprehn · a month ago

Flutter sadly deprecated the DOM renderer: https://docs.flutter.dev/platform-integration/web/renderers

esprehn commented on XMLUI blog.jonudell.net/2025/07... · Posted by u/mpweiher

esprehn · a month ago

This was tried with Polymer way back in 2014 too, ex. making network requests with <iron-ajax> - https://github.com/PolymerElements/iron-ajax

There was also Adobe Flex of the similar era that exists these days as Apache Royale: https://apache.github.io/royale-docs/features/mxml

There was also XAML and inside Microsoft they made NetUI and FlexUI to make Office 2007+ too.

It all seems great on paper, but in practice the markup abstraction turned out to be worse than code first solutions like JSX even for novices.

esprehn commented on NASA's Voyager Found a 30k-50k Kelvin "Wall" at the Edge of Solar System iflscience.com/nasas-voya... · Posted by u/world2vec

ojosilva · 2 months ago

Yes, and I would add my favorite hypothesis to the paradox, an anthropocentric assumption theory of self importance... or let's call it an anthropocentric bias:

Humans tend to define intelligence, life, and communication based on our own structure -carbon-based biology, electromagnetic signaling, language, symbolic thought, etc. This narrows the scope of our search.

We assume other civilizations want to communicate, would use similar media (radio, light, mathematics), and would send signals we could interpret. This ignores other potential modalities (quantum, neutrino, gravitational, exotic matter, etc.) or entirely non-signal-based forms of interaction.

We may not even recognize signs of intelligent activity if they don't resemble our expectations, ie entire civilizations could exist in forms of computation or energy we can’t perceive.

We assume ET intelligences are aligned with our timeframe or curiosity. Maybe they don’t care to communicate, see us as trivial, or operate on million-year attention spans.

It may reflect less the silence of the cosmos and more the limits of our understanding, especially the assumption that we're capable of detecting or interpreting intelligence beyond Earth. A epistemic humility, or rather our lack of it.

esprehn · 2 months ago

The counter argument is that even if civilizations exist with all the properties you described, given the vastness of space, there should be another civilization that pattern matches to us.

esprehn commented on Google Cloud Incident Report – 2025-06-13 status.cloud.google.com/i... · Posted by u/denysvitali

jsnell · 2 months ago

> it could have just as likely been an assert() in another language

Asserts are much easier to forbid by policy.

esprehn · 2 months ago

That's fair, though `if (isInvalidPolicy) reject();` causes the same outage. So the eng process policy change seems to be failing open and slow rollouts to catch that case too.

esprehn commented on Google Cloud Incident Report – 2025-06-13 status.cloud.google.com/i... · Posted by u/denysvitali

esprehn · 2 months ago

I work on Cloud, but not this service. In general:

- All the code has unit tests and integration tests

- Binary and config file changes roll out slowly job by job, region by region, typically over several days. Canary analysis verifies these slow rollouts.

- Even panic rollbacks are done relatively slowly to avoid making the situation worse. For example globally overloading databases with job restarts. A 40m outage is better than a 4 hour outage.

I have no insider knowledge of this incident, but my read of the PM is: The code was tested, but not this edge case. The quota policy config is not rolled out as a config file, but by updating a database. The database was configured for replication which meant the change appeared in all the databases globally within seconds instead of applying job by job, region by region, like a binary or config file change.

I agree on the frustration with null pointers, though if this was a situation the engineers thought was impossible it could have just as likely been an assert() in another language making all the requests fail policy checks as well.

Rewriting a critical service like this in another language seems way higher risk than making sure all policy checks are flag guarded, that all quota policy checks fail open, and that db changes roll out slowly region by region.

Disclaimer: this is all unofficial and my personal opinions.