frumplestlatz (u/frumplestlatz)

frumplestlatz commented on Async DNS flak.tedunangst.com/post/... · Posted by u/todsacerdoti

dweekly · 5 days ago

Good points, all - there is a lot of subtlety here.

CFHostStartInfoResolution is deprecated, no? https://developer.apple.com/documentation/cfnetwork/cfhostst...:)

That leaves us with DNSServiceGetAddrInfo? https://developer.apple.com/documentation/dnssd/dnsservicege...:) or some kinda convoluted use of Network and NWEndpoint/NWconnection with continuations could do the same?

frumplestlatz · 5 days ago

Oh yes, good catch. Yeah, you want to use `NWConnection` (or one of the other higher-level supported networking APIs), which raises another issue with doing custom DNS resolution. You need those API's connect-by-name semantics to get VPN-on-Demand:

https://developer.apple.com/documentation/technotes/tn3151-c...

frumplestlatz commented on Async DNS flak.tedunangst.com/post/... · Posted by u/todsacerdoti

dweekly · 5 days ago

I was able in an afternoon to implement a pretty decent completely async Swift DNS resolver client for my app. DNS clients are simple enough to build that rolling your own async is not a big deal anymore.

Yes, there is separate work to discern what DNS server the system is currently using: on macOS this requires a call to an undocumented function in libSystem - that both Chromium and Tailscale use!

frumplestlatz · 5 days ago

Even once you use the private `dns_config*()` APIs on macOS, you need to put in heavy lifting to correctly handle scoped, service-specific providers, supplemental matching rules, etc -- none of which is documented, and can change in the future.

Since you're not using the system resolver, you won't benefit from mDNSResponder's built-in DNS caching and mDNS resolution/caching/service registration, so you're going to need to reimplement all of of that, too. And don't forget about nsswitch on BSD/Linux/Solaris/etc -- there's no generic API that let's you plug into that cleanly, so for a complete implementation there, you need to:

- Reimplement built-in modules like `hosts` (for `/etc/hosts`), `cache` (query a local `nscd` cache, etc), and more.

- Parse the nsswitch.conf configuration file, including the rule syntax for defining whether to continue/return on different status codes.

- Reimplement rule-based dispatch to both the built-in modules and custom, dynamically loaded modules (like `nss_mdns` for mDNS resolution).

Each OS has its own set of built-ins, and private/incompatible interfaces for interacting with things like the `nscd` cache daemon. Plus, the nsswitch APIs and config files themselves differ across operating systems. And we haven't even discussed Windows yet.

Re-implementing all of this correctly, thoroughly, and keeping it working across OS changes is extremely non-trivial.

The simplest and most correct solution is to just:

- Use OS-specific async APIs when available; e.g. `CFHostStartInfoResolution()` on macOS, `DnsQueryEx()` on Windows, `getaddrinfo_a()` on glibc (although that spawns a thread, too), etc.

- If you have a special use-case where you need absolutely need better performance, and do not need to support all the system resolver functionality above (i.e. server-side, controlled deployment environment), use an event-based async resolver library.

- Otherwise, issue a blocking call to `getaddrinfo()` on a new thread. If you're very worried about unbounded resource consumption, use a size-limited thread pool.

frumplestlatz commented on Async DNS flak.tedunangst.com/post/... · Posted by u/todsacerdoti

AndyKelley · 5 days ago

What's crazy is that it's almost good. All they had to do was make the next syscall return ECANCELED (already a defined error code!) rather than terminating the thread.

Musl has an undocumented extension that does exactly this: PTHREAD_CANCEL_MASKED passed to pthread_setcancelstate.

It's great and it should be standardized.

frumplestlatz · 5 days ago

That would have been fantastic. My worry is if we standardized it now, a lot of library code would be unexpectedly dealing with ECANCELED from APIs that previously were guaranteed to never fail outside of programmer error, e.g. `pthread_mutex_lock()`.

Looking at some of my shipping code, there's a fair bit that triggers a runtime `assert()` if `pthread_mutex_lock()` fails, as that should never occur outside of a locking bug of my own making.

frumplestlatz commented on Async DNS flak.tedunangst.com/post/... · Posted by u/todsacerdoti

01HNNWZ0MV43FF · 5 days ago

It's weird to me that event-based DNS using epoll or similar doesn't have a battle-tested implementation. I know it's harder to do in C than in Rust but I'm pretty sure that's what Hickory does internally.

frumplestlatz · 5 days ago

it’s a weird problem, in that (1) DNS is hard, and (2) you really need the upstream vendor to solve the problem, because correct applications want to use the system resolver.

If you don’t use the system resolver, you have to glue into the system’s configuration mechanism for resolvers somehow … which isn’t simple — for example, there’s a lot of complex logic on macOS around handling which resolver to use based on what connections, VPNs, etc, are present.

And the there’s nsswitch and other plugin systems that are meant to allow globally configured hooks plug into the name resolution path.

frumplestlatz commented on Async DNS flak.tedunangst.com/post/... · Posted by u/todsacerdoti

albertzeyer · 5 days ago

The first linked article was recently discussed here: RIP pthread_cancel (https://news.ycombinator.com/item?id=45233713)

In that discussion, most of the same points as in this article were already discussed, specifically some async DNS alternatives.

See also here the discussion: https://github.com/crystal-lang/crystal/issues/13619

frumplestlatz · 5 days ago

I am always amused when folks rediscover the bad idea that is `pthread_cancel()` — it’s amazing that it was ever part of the standard.

We knew it was a bad idea at the time it was standardized in the 1990s, but politics — and the inevitable allure of a very convenient sounding (but very bad) idea — meant that the bad idea won.

Funny enough, while Java has deprecated their version of thread cancellation for the same reasons, Haskell still has theirs. When you’re writing code in IO, you have to be prepared for async cancellation anywhere, at any time.

This leads to common bugs in the standard library that you really wouldn’t expect from a language like Haskell; e.g. https://github.com/haskell/process/issues/183 (withCreateProcess async exception safety)

frumplestlatz commented on Australia begins enforcing world-first teen social media ban reuters.com/legal/litigat... · Posted by u/chirau

dlisboa · 7 days ago

So, do absolutely nothing is your plan?

frumplestlatz · 7 days ago

Sometimes doing absolutely nothing is the right thing to do. Not everything can be improved through top-down intervention, and many things can only be made worse.

The comment you’re replying to raised the idea of empowering the users. That’s probably the way to look, but the danger is always if we do that using top down enforcement in a way that promulgates more harm, including stifling vibrant and necessary speech.

My very radical opinion is that section 230 of the CDA was our original sin. The Internet was better when it wasn’t divided into a few centrally managed private social media silos. It’s better to have a vibrant, messy, competitive, and very grass roots public square.

frumplestlatz commented on Commission fines X €120M under the Digital Services Act ec.europa.eu/commission/p... · Posted by u/nabla9

TZubiri · 12 days ago

> Caveat emptor. Sounds like the EU wants to push privacy-invading KYC requirements.

No, X wants to do that, or at least wants the benefit of pretending to offer it without the respondibility. Historically twitter offered blue checkmarks, now they offer it without verifying, simple as, it's a scam

frumplestlatz · 12 days ago

Previously it was a status symbol for people they approved of.

Now they offer blue checkmarks basically meaning “this person has a paid subscription and is probably human”.

Where’s the scam?

frumplestlatz commented on Commission fines X €120M under the Digital Services Act ec.europa.eu/commission/p... · Posted by u/nabla9

kodisha · 12 days ago

Why is this commend downvoted? What is false here?

frumplestlatz · 12 days ago

It’s not surprising that it inspires ire, even if that wasn’t my intent.

It’s a politically charged subject, and I’m taking a polarizing, US-centric, anti-regulatory position towards free speech, on top of my suggestion of using NATO funding as leverage to advance US speech policy.

Plus, a lot of people feel a great deal of partisan ill-will towards X and Elon Musk, irrespective of any of these issues.

frumplestlatz commented on Commission fines X €120M under the Digital Services Act ec.europa.eu/commission/p... · Posted by u/nabla9

frumplestlatz · 12 days ago

> On X, anyone can pay to obtain the ‘verified' status without the company meaningfully verifying who is behind the account, making it difficult for users to judge the authenticity of accounts and content they engage with.

Caveat emptor. Sounds like the EU wants to push privacy-invading KYC requirements.

> … and the failure to provide access to public data for researchers.

That’s a wild thing to try to force a company to do with our data. And I deeply suspect they’d use that data to justify more reasons to engage in regulatory lawfare against sites like X.

The entire complaint reads as remarkably invasive. I think it’s time for the US to put the EU and UK regulatory class back in their place. How about we withhold $X*100 dollars in NATO spending for every $X dollars they fine a US company under laws like this.

frumplestlatz commented on Programming peaked functional.computer/blog/... · Posted by u/Antibabelic

tarsinge · 13 days ago

That’s your opinion, but like I said it’s not valid to imply that it is the normal view and those not agreeing are biased. Instead of trying to hear understand and challenge what historians have to say you flee intellectually, which is ironic given your take on strong men.

I’m not historian but for example I could challenge the idea that a rhetoric about strength and keeping a masculine ideal for the young male population was non existent in European feodality where only nobility had the privilege of fighting, and 90% of the population were farmers. Or that 2000 years ago Jesus already challenged the idea that men needed to be strong in the traditional sense, and that real courage was loving and forgiving among others. I could go on with fashion and clothes but maybe just look at a West European king painting to reevaluate what masculinity is supposed to look like traditionally.

My understanding is that your rhetoric appears only recently (and is therefore not traditional) coinciding with nationalism rise and the need for bodies to throw in the total war (another modern invention) meat grinder.

You can disagree, and I’m open to hearing your counter arguments, because I’m not dismissing you as biased.

frumplestlatz · 13 days ago

> Instead of trying to hear understand and challenge what historians have to say

One self-described historian. On a Reddit post. Let’s not pretend this is the unified or authoritative voice of the discipline.

> I could go on with fashion and clothes but maybe just look at a West European king painting to reevaluate what masculinity is supposed to look like traditionally.

You’re conflating aesthetic masculinity with functional masculinity, and that’s a category error. The aphorism isn’t about how men dressed in the 17th century or how they signaled status — it’s about what kind of men can sustain a civilization.

In this context, “strong men” refers to individuals who demonstrate the discipline, competence, long-term responsibility, and willingness to bear risk that are required to build, maintain, and defend the institutions that keep a society stable — especially when conditions are difficult. It’s a sociological concept, not an aesthetic one, and it has nothing to do with your personal distaste (or favor) for particular cultural aesthetic expressions of masculinity.