Congratulations to Let’s Encrypt. I do wish there was something akin to them for code signing. OV and EV certificates are out of reach for many indie devs.
Readit NewsDeleted Comment
Deleted Comment
hgs3 commented on Rust in the kernel is no longer experimental lwn.net/Articles/1049831/... · Posted by u/rascul
I am not a system programmer but, from my understanding, Torvalds has expressed strong opinions about microkernels over a long period of time. The concept looks cleaner on paper but the complexity simply outweighs all the potential benefits. The debate, from what I have followed, expressed similar themes as monolithic vs microservices in the wider software development arena.
I'm not a kernel developer myself, but I’m aware of the Tanenbaum/Torvalds debates in the early 90’s. My understanding is the primary reason Linus gave Tanenbaum for the monolithic design was performance, but I would think in 2025 this isn’t so relevant anymore.
And thanks for attempting to answer my question without snark or down voting. Usually HN is much better for discussion than this.
hgs3 commented on Rust in the kernel is no longer experimental lwn.net/Articles/1049831/... · Posted by u/rascul
Rust in the kernel feels like a red herring. For fault tolerance and security, wouldn’t it be a superior solution to migrate Linux to a microkernel architecture? That way, drivers and various other components could be isolated in sandboxes.
hgs3 commented on Thoughts on Go vs. Rust vs. Zig sinclairtarget.com/blog/2... · Posted by u/yurivish
hgs3 commented on Hardening the C++ Standard Library at scale queue.acm.org/detail.cfm?... · Posted by u/ndesaulniers
In fact, most software isn't security critical, at all. If you are writing software which is security critical, then I can understand this confusion; but you have to remember that most people don't.
Language maintainers have no idea what code will be written. The people writing libraries have no idea how their library will be used. The application developers often don't realize the security implications of their choices. Operating systems don't know much about what they're managing. Users may not even realize what software they're running at all, let alone the many differing assumptions about threat model implicitly encoded into different parts of the stack.
Decades of trying to limit the complexity of writing "security critical code" only to the components that are security critical has resulted in an ecosystem where virtually nothing that is security critical actually meets that bar. Take libxml2 as an example.
FWIW, I disagree with the position in the article that fail-stop is the best solution in general, but there's experimental evidence to support it at least. The industry has tried many different approaches to these problems in the past. We should use the lessons of that history.
> The people writing libraries have no idea how their library will be used.
Unless you're paying them, the people writing the libraries have no obligation to care. The real issue is Big Tech built itself on the backs of volunteer labor and expects that labor to provide enterprise-grade security guarantees. That's entitled and wholly unreasonable.
> Take libxml2 as an example.
libxml2 is an excellent example. I recommend you read what its maintainer has to say [1].
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/913#note_243...
hgs3 commented on The current state of the theory that GPL propagates to AI models shujisado.org/2025/11/27/... · Posted by u/jonymo
Copyleft isn't about the software authors freedom, it's about the end-users freedom. Copyleft grants the end-user the freedom to study and modify the code, i.e. the right to repair. Contrast this with closed-source software which may incorporate permissively licensed code: the end-user has no right to study, no right to modify, and no right to repair. Ergo less freedom.
> I feel that prototypes are harder to wrap one’s head around compared to classes.
This is sad to read because prototypes are conceptually easier to understand than classes. It’s unfortunate that most developers experience with them is JavaScript, because its implementation is extremely poor. I recommend trying Io which is very Self inspired as well as Lua.
Some of the best tools I’ve used felt like they started as someone’s private playground that only later got hardened into “serious” software. Letting yourself park Boo, go build a language, and come back when it’s fun again is probably how we get more Rio/Boo-style experiments instead of yet another VS Code skin with a growth deck attached.
I think its worse then that. It seems the narrative is everything needs to be enterprise-scale by default. Those who value small languages and tools, experimentation, self-hosting, and the do-it-yourself mindset are the counterculture.