kukkamario (u/kukkamario)

kukkamario commented on Improving performance of rav1d video decoder ohadravid.github.io/posts... · Posted by u/todsacerdoti

ohr · 3 months ago

Thanks! Would be interesting to see if Rust/LLVM folks can get the compiler to apply this optimization whenever possible, as Rust can be much more accurate w.r.t memory initialization.

kukkamario · 3 months ago

I think in this case Rust and C code aren't equivalent which maybe caused this slow down. Union trick also affects the alignment. C side struct is 32 bit aligned, but Rust struct only has 16bit alignment because it only contains fields with 16bit alignment. In practice the fields are likely anyway correctly aligned to 32bits, but compiler optimizations may have hard time verifying that.

Have you tried manually defining alignment of Rust struct?

kukkamario commented on Nextcloud cries foul over Google Play Store app rejection theregister.com/2025/05/1... · Posted by u/brodo

jeroenhd · 4 months ago

This permission has been a security issue since its introduction. Random apps have been caught iterating over used media to extract geolocation history based on EXIF information and other such metadata (for no good reason, data collection for data traders), so Google did the right thing and made file access permission-first.

Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.

The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.

As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.

The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).

EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.

kukkamario · 4 months ago

SAF documentation seems a bit misleading: takePersistableUriPermission part only talks about files, but other sources seem to indicate that it also works for directories so it should be possible to request permissions to a directory and then maintain it correctly.

kukkamario commented on Nextcloud cries foul over Google Play Store app rejection theregister.com/2025/05/1... · Posted by u/brodo

jeroenhd · 4 months ago

This permission has been a security issue since its introduction. Random apps have been caught iterating over used media to extract geolocation history based on EXIF information and other such metadata (for no good reason, data collection for data traders), so Google did the right thing and made file access permission-first.

Almost no apps need this permission, so being skeptical makes a lot of sense. File managers and other such apps are routinely permitted to use this permission, so it's not like Google is locking out utility apps or anything.

The current state of Google Play is the result of years of Google being too permissive by default and trying to patch things later while desperately trying to remain backwards compatible. Give advertisers a finger and they take the whole hand. Your average Android phone's internal storage used to be full of dotfiles, hidden directories, not-so-hidden directories, all full of identifiers and cross-identifiers to break the cross-app tracking boundary enforced by the normal API.

As far as I know, Google has made an API available for picking a directory to sync with. I'm not sure why NextCloud needs to see every file on my SD card when it can ask for folders to sync into and can use a normal file picker to upload new files without going through a file manager, but there's probably a feature somewhere hidden in their app that necessitates this permission.

The policy itself makes a lot of sense and I'd argue is beneficial for Google Play's user base. NextCloud's problem seems to be that Google isn't letting a human with common sense review their upload. Because of Google being Google, outcry is the only way to get attention from an actual human being when it comes to app stores (Apple has had very similar issues, though they claim their reviews are all done by humans).

EDIT: NextCloud states "SAF cannot be used, as it is for sharing/exposing our files to other apps, so the reviewer clearly misunderstood our app workflow." as a reason for not being able to use the better APIs, but I'm not sure if that's true. SAF has a dedicated API for maintaining access to a folder (https://developer.android.com/training/data-storage/shared/d...). I think NextCloud misinterpreted Google here.

kukkamario · 4 months ago

NextCloud currently has to copy all files that it wants to upload & back up to its own app directory which is pain to actual usability. I'm guessing this annoyance is also related to these fun permission limitations.

kukkamario commented on Supervisors often prefer rule breakers, up to a point journals.aom.org/doi/10.5... · Posted by u/rustoo

brabel · 5 months ago

I think you'll never find a case where someone got in trouble for not being a hero. I've recently found myself in a somewhat related situation where a guy turned violent in a pub... first I tried to calm him down and almost got hit... he then turned to other guys who were nearby, and one of them got punched in the face and fell unconscious. My family was with me and told me to stay the hell out of it, but I thought that would be extremely cowardly so I jumped at the guy to try to keep him down, but he was strong and I got a punch in the eye which cost me a week with a black eye, but could've easily turned out much worse for me. If I had just stayed quiet, would I be "negligent"?? The police told me what I did was good as I was trying to help someone, but I didn't have any obligation to do it.

In the case of a child in a pool, the difference is a matter of degree. What if I am terrified of water myself? Does that justify my inaction? What if I just "froze", which is common in stressful situations. Does anything justify not doing something?

kukkamario · 5 months ago

Here in Finland, there is legal obligation to help people in emergencies, but this does not mean that you are required to danger yourself or act beyond your abilities. So usually only thing you are actually legally required to do is to call for help.

kukkamario commented on Kubernetes Home – what do you do if your ISP changes your IP addresses? vegard.blog.engen.priv.no... · Posted by u/jandeboevrie

deathanatos · 6 months ago

> what do you do if your ISP changes your IP addresses?

I update the DNS record. Manually. It's a once in a blue moon thing, and I assume the probability of it is low enough that it will not occur when I'm so far from home that "it can wait until I get home" doesn't suffice.

15+ years or so now, and that strategy has worked just fine.

… TFA's intro could do with explaining why the IP is so hard coded in the cluster, or in the router? My home router just does normal port-forwarding to my home cluster. My cluster … doesn't need to know its own IP? It just uses normal Ingress objects. (And ingress-nginx.) I'm wondering if this is partly complexity introduced by having a |cluster| > 1, and I'm just on duck tales here. Y'all have multiple non-mobile machines? (I have a desktop & a laptop. I'm not running k8s on the laptop… because it's a laptop. I … suppose I could … and deal with connectivity to the desktop with like Wireguard or something but … why?)

My previous ISP offered static IP addresses, and I had one, since I had a somewhat special offer where the price wasn't terrible. It changed on me one day. They refused to fix that. I was very disappointed.

kukkamario · 6 months ago

MikroTik has dynamic DNS that is based on random unique number for their router. I just point my DNS record to that dynamic DNS address and everything just works.

kukkamario commented on (Reasonably) secure Azure Pipelines on-prem deployments rewiring.bearblog.dev/azu... · Posted by u/Mossy9

Mossy9 · 6 months ago

Thanks for the counterpoint - absolutely what I was looking for.

Running the agent on the app server seemed a bit risky since it will a) drain resources from the apps and b) needs to have a route open to Azure (Devops)

Apparently you have had good experiences with this? I'd be interested to learn more

kukkamario · 6 months ago

a) resource use is minimal when deployment isn't in progress. It just idling and waiting for commands b) Agent need to be able to connect to Azure DevOps servers, but it is connection from agent to Azure DevOps servers so no need to open any extra inbound ports or anything like that. Documentation lists the domains that need to be accessible from agents.

Agent permissions to Azure are restricted based on the pipeline configuration to only allow things that are used in the pipeline. So if your pipeline does not involve cloning git some private git repo, agent cannot do that. And even that gives only access to that particular resource. So you normally have a build pipeline that generates package from you application and then deployment pipeline that only has access to that generated package which is then distributed to agents configured for some particular deployment environment.

I don't really have much direct experience with deployment side of things so someone else can probably provide extra info.

kukkamario commented on Parsing JSON in 500 lines of Rust krish.gg/blog/json-parser... · Posted by u/KrishKrish

lelanthran · 6 months ago

I once (maybe a long time ago?) made a parser for JSON by:

1. Reading the entire file into RAM.

2. Providing a `const char *get_value(const char *jstring, const char *path, ...)` function with a NULL-terminated parameter list that would return the position of the value of the key at the specified path.

3. Providing a `copy_value(const char *position)` function to copy the value at the specified position.

Slow? Yup!

But, it was easy and safe[1] and used absolutely minimal RAM![2]. The recursive nature of the JSON tree also allowed the caller to use a returned value from `get_value` as the `jstring` argument in further calls to `get_value`.

I might still have a fork of it lying around somewhere.

[1] "Safe" meaning "Caller had to check for NULL return values, and ensure that NULL terminated the parameter list".

[2] GCC with `-O2` and above does proper TCO, eliminating unbounded stack growth.

kukkamario · 6 months ago

Better option would be to parse json into Bson and then use that as the in-memory format. It uses minimal memory and is actually also fast to access without parsing into some other data structure.

kukkamario commented on Tariffs result in 10% laptop price hike in U.S. says Acer CEO tomshardware.com/laptops/... · Posted by u/pseudolus

dheera · 6 months ago

In a progressive tax system, the poor end up paying a lot of the taxes of the rich, because the rich tend to own businesses and real estate and they just pass all their income taxes onto the poor in the form of price increases.

If you are a middle class person with a salary in the US you are likely paying upwards of 80% in taxes if you include second- and third-order taxes.

Your rent could be $1000 instead of $2000 if your landlord's income wasn't taxed so much. Your Chipotle meal could be $6 instead of $12 if the franchise owner and their commercial property landlord weren't taxed so much, let alone the workers.

kukkamario · 6 months ago

That is not how it works. You assume that the rich people can get as much net profit if income tax is higher due to progressiveness, which is not true. Also if there is a way to get more (gross) profit, they will use it regardless of the tax.

Profit of a company is small percentage of the moving money. Like 50c of $6 chipotle meal is profit and not all of that goes to the owner. Taxing owner at 50% rate instead of 25% would only increase cost a few cents. Same with landlords, there are fixed costs and loan costs that reduce profit. 100% of paid rent is not direct profit...

Actual issue of the progressive tax is truely rich people using tax evasion tactics to avoid it by structuring their income so that it belongs to some other tax category that doesn't have progressive tax.

kukkamario commented on Finland, Sweden complete repairs on Baltic Sea cables yle.fi/a/74-20128140... · Posted by u/Hamuko

ktsaver · 9 months ago

The article cites Russian involvement again, followed by mentioning the Yi Peng 3 anchor-dragging accusations.

It seems unlikely that the Chinese would get involved at the behest of the Russians. Russia depends on China now and not vice versa.

We see right now what an actual Russian retaliation for ATACMS strikes looks like: Oreshnik, taking out energy infrastructure in Ukraine, etc. Certainly the visual effects of Oreshnik were greater than a cable cut that just reduces gamer latency in Finland for a couple of days.

kukkamario · 9 months ago

Well Yi Peng 3 recently changed operating only between Chinese ports to operating only outside China and mostly to Russian ports. Current actual owner is probably some Russian oligarch.

kukkamario commented on Trump wins presidency for second time thehill.com/homenews/camp... · Posted by u/koolba

romwell · 10 months ago

>Under the Biden/Harris administration even software engineers were hurting and couldn't find work. Unprecedented

Sure.

And why do you think that might be?

In other words, do you think policy changes have instantaneous effect on issues like unemployment, or perhaps they take some time?

kukkamario · 10 months ago

It is rather annoying that larger policy changes easily take 2-4 years to actually affect anything so current party always gets both blame and thanks for the changes made by the previous administration.