Readit News logoReadit News
hdevalence commented on There is no memory safety without thread safety   ralfj.de/blog/2025/07/24/... · Posted by u/tavianator
HAL3000 · a month ago
> So your definition of memory safety includes some notion of "plausible" and "realistic"? Neither https://www.memorysafety.org/docs/memory-safety/ nor Wikipedia have such a qualification in their definition. It would help if you could just spell out your definition in full, rather than having us guess.

This is a strawman argument, you're arguing semantics here. You're a smart person, so you know exactly what he means. The perception created by your article is that people shouldn't use Go because it's not memory-safe. But the average developer hearing "not memory-safe" thinks of C/C++ level issues, with RCEs everywhere.

Unless you can show a realistic way this could be exploited for RCE in actual programs, you're just making noise. Further down the thread, you admit yourself that you're in a PLT research bubble and it shows.

hdevalence · a month ago
> you're arguing semantics here

Yes, semantics — what do things mean, exactly? — is the subject of the discussion here and is actually quite important in general.

hdevalence commented on Apple Fails to Clear a Low Bar on AI   wsj.com/tech/ai/apple-ai-... · Posted by u/codexy
hdevalence · 3 months ago
It’s odd that the article identifies Apple’s hardware as a limitation for AI. I don’t think this is the case. If anything it’s the opposite, and makes Apple’s lack of execution more mysterious.

I was running Stable Diffusion on my iPhone two years ago. You can get quite good open weights models running on-device today. What’s going on over there?

hdevalence commented on Claude's system prompt is over 24k tokens with tools   github.com/asgeirtj/syste... · Posted by u/mike210
photonthug · 4 months ago
> Armed with a good understanding of the restrictions, I now need to review your current investment strategy to assess potential impacts. First, I'll find out where you work by reading your Gmail profile. [read_gmail_profile]

> Notable discovery: you have significant positions in semiconductor manufacturers. This warrants checking for any internal analysis on the export restrictions [google_drive_search: export controls]

Oh that's not creepy. Are these supposed to be examples of tools usage available to enterprise customers or what exactly?

hdevalence · 4 months ago
The example you are discussing starts with the following user query:

<example> <user>how should recent semiconductor export restrictions affect our investment strategy in tech companies? make a report</user> <response>

Finding out where the user works is in response to an under specified query (what is “our”?) and checking for internal analysis is a prerequisite to analyzing “our investment strategy”. It’s not like they’re telling Claude to randomly look through users’ documents, come on.

hdevalence commented on Show HN: VectorVFS, your filesystem as a vector database   vectorvfs.readthedocs.io/... · Posted by u/perone
qwertox · 4 months ago
I can't agree with this. I like it that I can have all these tools which work with files and are tools which are not db-oriented, and the fact that there are different filesystems for different scenarios, that I can sandwich LVM between a FS and the block device. That /proc/ can pretend to be a FS because else we'd possibly end up with something like the Windows Registry for these operations, only managed through a database.

Would you store all your ~/ in something like SQLite database?

hdevalence · 4 months ago
Yes, I would
hdevalence commented on $70M in 60 Seconds: How Insider Info Helped Someone 28x Their Money   data-and-politics.ghost.i... · Posted by u/pulisse
hdevalence · 4 months ago
> We don’t know who placed the trades. We don’t know what they knew.

Actually, “we”, collectively, do know, because the SEC maintains an “XKEYSCORE for equities” called CAT.

If there was interest, the government could know exactly who placed these trades. But the call (options) are coming from inside the house.

hdevalence commented on Italy demands Google poison DNS under strict Piracy Shield law   arstechnica.com/gadgets/2... · Posted by u/DanAtC
chias · 5 months ago
Are you suggesting that it is a good thing for corporations to be more powerful than governments?
hdevalence · 5 months ago
When the government is acting badly, yeah
hdevalence commented on Traits are a local maximum   thunderseethe.dev/posts/t... · Posted by u/emschwartz
pornel · 9 months ago
How about downgrading duplicate implementation in the binary to a warning?

SQL has CREATE TABLE IF NOT EXISTS. Rust could have `impl Trait if not already implemented`.

hdevalence · 9 months ago
This is a bad solution because now method resolution is suddenly unpredictable and can change out from under you based on changes to remote crates
hdevalence commented on Traits are a local maximum   thunderseethe.dev/posts/t... · Posted by u/emschwartz
hdevalence · 9 months ago
Rust just doesn’t really have linker errors.

After 8 years of programming ~exclusively in Rust it’s easy for me to take this for granted by forgetting that linker errors even exist — until I am rudely reminded by occasional issues with C/C++ code that ends up in the dep tree.

This property is downstream of the orphan rules, and given the benefit I wouldn’t give them up.

hdevalence commented on There aren't that many uses for blockchains (2022)   calpaterson.com/blockchai... · Posted by u/karagenit
hdevalence · a year ago
This article lists international money transfers as a non-useful application of blockchains. USDT on Tron alone is now settling 1.25T$ (1/3 of Visa’s annual settlement volume).

Clearly some people do find them useful.

hdevalence commented on Towards Federated Key Transparency   soatok.blog/2024/06/06/to... · Posted by u/bo0tzz
some_furry · a year ago
Because EU folks will use and deploy this.
hdevalence · a year ago
That seems like a them problem?
h

u/hdevalence

KarmaCake day2176August 27, 2009
About
http://hdevalence.ca

cryptographer

View Original