georgelyon (u/georgelyon)

georgelyon commented on Unexpected security footguns in Go's parsers blog.trailofbits.com/2025... · Posted by u/ingve

glenjamin · 2 months ago

It’s worth noting that if you DisallowUnknownFields it makes it much harder to handle forward/backward compatible API changes - which is a very common and usually desirable pattern

georgelyon · 2 months ago

While this is a common view, recently I’ve begun to wonder if it may be secretly an antipattern. I’ve run into a number of cases over the years where additional fields don’t break parsing, or even necessarily the main functionality of a program, but result in subtle incorrect behavior in edge cases. Things like values that are actually distinct being treated as equal because the fields that differ are ignored. More recently, I’ve seen LLMs get confused because they hallucinated tool input fields that were ignored during the invocation of a tool.

I’m a little curious to try and build an API where parsing must be exact, and changes always result in a new version of the API. I don’t actually think it would be too difficult, but perhaps some extra tooling around downgrading responses and deprecating old versions may need to be built.

georgelyon commented on Clair Obscur Metacritic user score metacritic.com/game/clair... · Posted by u/tyleo

the__alchemist · 4 months ago

Does anyone else find the vibe to be... off-putting? From the trailers, videos etc, something about this doesn't gel with what I go for, but I can't put my finger on it. Maybe it's an uncanny valley feel between abstract and realistic, or may be it's just different from the games I play, and fiction I'm exposed to.

Edit: After watching more videos, I think it is, indeed, the mix of cartoon/early-video-game-era flashy animations on the screen (Or maybe think Batman comic books?), with a story-driven narrative, and characters that also toe the line between cartoon and realistic style.

georgelyon · 4 months ago

One thing is the graphics are a generation behind what you would usually expect from a game of this quality. I’ve been playing it and I can confirm it is wonderful, and the graphics just makes me impressed with the amount of focus the tiny team (33 people, I think?) put into making what matters great (though I’d be excited for a remaster in the future).

georgelyon commented on What if we made advertising illegal? simone.org/advertising/... · Posted by u/smnrg

massysett · 5 months ago

I’m not understanding why this is a good standard: right now, anyone who sees a billboard or a TV ad has no incentive to act according to the business’s demand, yet you want to ban those. So you think it would be OK to advertise to discoverers, but not to final purchasers.

georgelyon · 5 months ago

For the record, I’m not saying this is the perfect model and we should move to it immediately. My only claim is that it isn’t crazy.

I think the fundamental difference between advertising to discoverers vs advertising to consumers is that currently “discoverers” (platforms, content creators, billboard owners, etc.) make money directly from advertisers. Success as a “discoverer” is at least somewhat correlated to income (with more money, platforms can be more successful; content creators can create more compelling content; landowners can buy more billboards). If that money is coming from advertisers, you are biasing the market to prefer discoverers that can secure the most advertiser funding, which in turn preferences advertisers that can spend the most on advertising. This isn’t fundamentally bad, since a compelling product can make a lot of money that can then be spend on advertising, but it also creates anti-consumer incentives (like marketing something that is just good enough not to return as the next best thing). On the other hand, if discoverers are paid directly by consumers, that biases the market to prefer discoverers who identify products that bring the most value to consumers for their money.

georgelyon commented on What if we made advertising illegal? simone.org/advertising/... · Posted by u/smnrg

hedayet · 5 months ago

Advertising has consequences, and I’m not a big fan of it, but it’s also a necessary evil.

It’s easy to dismiss advertising as just a profit engine for ad platforms, but that’s only part of the picture. At its best, advertising plays a meaningful role in solution and product discovery, especially for new or niche offerings that users wouldn’t encounter otherwise. It also promotes fairer market competition by giving smaller players a shot at visibility, and by making alternatives accessible to customers, without relying solely on monopolistic platforms or the randomness of word-of-mouth.

That said, today’s ad ecosystem is far from ideal - often opaque, invasive, and manipulative. Still, the underlying idea of advertising has real value. Fair advertising is a hard problem, and while reform is overdue, banning it outright would likely create even bigger ones.

georgelyon · 5 months ago

The idea of product discovery has value. Advertising funds product discovery by taking some of the funds that you pay for goods, and funneling that money to platforms and creators that are willing to help others discover that product.

There is an alternative model where we simply pay professional product discoverers. Think influencers, but whose customer is the fan not the sponsor. It would be a massive cultural shift, but doesn’t seem so crazy to me.

georgelyon commented on The story of my home made pipe organ (2000) sentex.ca/~mwandel/organ/... · Posted by u/ynac

epiccoleman · 7 months ago

I love DIY music of any kind. Weird Javascript synths, PVC pipe flutes, badly tuned wooden vibraphones on the playgrounds, tissue box and rubber band guitars - give me all of it. Every time someone builds something to make a sound they're doing art, expressing one of the things I love most about humans - that we like to make interesting noises. (and ugly ones too!)

The _physicality_ of music is maybe the closest thing I can think of to real actual magic. We build these devices to modulate the pressure of air in specific ways so that we can transmit sound. Us humans have got built in hardware that is capable of incredibly fine control of air pressure and hardware for decoding those pressure waves into language - and even sometimes to bypass the language decoding and hit us directly in our emotions.

Take some time to really think about how sound works and how we're able to produce and receive it. It sounds like something out of a fantasy novel!

georgelyon · 7 months ago

Then you probably have already heard of this guy: https://www.youtube.com/channel/UCqzB9Ks5H939XLuSuVLuPVw

He does a bunch of awesome stuff with PVC and 3D printed parts.

georgelyon commented on Stop making me memorize the borrow checker erikmcclure.com/blog/stop... · Posted by u/signa11

georgelyon · 9 months ago

I’ve been wrestling with Swift’s region isolation checker recently and had a similar experience.

georgelyon commented on A subtle change to the iPhone’s contact-sharing permissions nytimes.com/2024/10/02/te... · Posted by u/2OEH8eoCRo0

georgelyon · a year ago

I’m genuinely surprised it took this long for Apple to do this. Having a full contacts list has long been one of the most valuable pieces of information for ad targeting. It’s why you can not be on Facebook but they still know everything they need to know about you because enough of your contacts are on their platforms.

georgelyon commented on Packaging Swift Apps for Alpine Linux mko.re/blog/swift-alpine-... · Posted by u/todsacerdoti

JCWasmx86 · a year ago

The biggest symbol of a statically linked swift binary that I have, is icudt_swift65_dat with 27.98MB, so I think that's not so easy to remove (nm v3.1.2 --size-sort --radix=d|swift demangle) And I think if you strip debuginfo it will be smaller (For a statically linked program of mine: 98MB -> 56MB)

But I think for a distribution it makes more sense to link swift programs dynamically against the runtime libraries, like it's the case for e.g. the C standard library, OpenSSL etc., as you can assume they all work with the same version and are ABI-compatible.

I tested it with a nearly static build (Still links against glibc and friends): 55MB get stripped to 44MB, so not that much. 27MB of that is icudt_swift65_dat, so I guess you would have to optimise that first

georgelyon · a year ago

If I’m not mistaken, the embedded swift mode aims to make ICU (the 27mb file for Unicode support) optional (and thus easily removed where it isn’t needed)

georgelyon commented on Thoughts on low latency trading if exchanges went full cloud blog.abctaylor.com/what-w... · Posted by u/arcza

posnet · a year ago

The biggest current limitation with cloud providers when it comes to exchange tech is the lack of real multicast support. It is rare outside of exchanges, but extremely low latency L1 multicast market data has become the backbone of exchanges, both for fairness and for scalability.

Knowing you can saturate your entire network with 10G traffic and every participant will get the same market data packets at the same time[0], and there will be zero queuing or bottlenecks is very hard to do otherwise. There is a pretty good podcast episode about it out of Jane Street[1].

I know AWS have 'multicast support' but last time I tested it, it was clearly just uni-cast traffic with a software switch doing fan-out/copying, I assume using the same tech as their transit gateway, I think it was called hyperplane or something.

[0]: for some definition of the same time, at least low enough that you can't measure it without equidistant optical splitters or White Rabbit synced devices.

[1]: https://signalsandthreads.com/multicast-and-the-markets/

georgelyon · a year ago

I ran into this problem a while back working at a company that was working to distribute video streams with low latency (lower than Low-Latency HLS) to a large number of viewers. Initially a prototype was built on top of AWS with fan-out/copying and it was terrible. This was partially due to inefficiency, but also due to each link being a reliable stream, meaning dropped packets were re-broadcast even though that isn't really useful to live video.

Moving to our own multicast hardware not only greatly improved performance, but also greatly simplified the design of the system. We required specialized expertise, but the overall project was reasonably straightforward. The biggest issue was that now we had a really efficient packet-machine-gun which we could accidentally point at ourselves, or worse, can be pointed at a target by a malicious attacker.

This 1-N behavior of multicast is both a benefit and a significant risk. I really think there is opportunity for cloud providers to step in and provide a packaged solution which mitigates the downsides (i.e. makes it very difficult to misconfigure where the packet-machine-gun is pointing). My guess is that this hasn't happened yet because there aren't enough use-cases for this to be a priority (the aforementioned video use case might be better served by a more specialized offering), but exchanges could be a really interesting market for such a product.

It would be pretty efficient to multi-cast market state in an unreliable way, and have a fallback mechanism to "fill in" gaps where packets are dropped that is out-of-band (and potentially distributed, i.e. asking your neighbors if they got that packet)

georgelyon commented on Develop in Swift Tutorials developer.apple.com/tutor... · Posted by u/Austin_Conlon

cassepipe · a year ago

Anyone developping in Swift on Linux ? How much of an uphill battle is it ?

georgelyon · a year ago

I have in several capacities over the past few years.

VSCode works pretty well with the sswg extension (powered by sourcekit-lsp). Devcontainers are particularly nice if you are into that sort of thing (I develop in a Linux container on a macOS host). I actually find it easier to experiment with new toolchains (for example, the nightlies) in the Linux container than on my host machine (which requires more manual setup).