Relevant discussion thread https://news.ycombinator.com/item?id=38010992
I loved your "do things that don't scare" story from the other thread!
Readit NewsCongrats on the launch! I'm biased, but you should probably consider changing the webhooks to follow https://www.standardwebhooks.com/ for greater compatibility and library support.
tasn commented on Hand-picked selection of articles on AI fundamentals/concepts aman.ai/primers/ai/... · Posted by u/vinhnx
I was curious what the AI would include if promoted to create a similar list. I prefer the human version.
Ref: https://chatgpt.com/s/t_689a00f83f7c8191b70d07912a092f86
Chandler Carruth told a similar story in one of his talks.
He met Ken Thompson and saw beautiful C code for the first time because he had encountered a performance problem in a service. The service had to choose a policy to enforce (or something) based on the incoming request. It was taking too long to match the criteria of each potential policy against the request.
Ken wrote a finite automata based pattern matcher that would simultaneously advance through all of the policies' predicates. It was perfect, and it was much faster than the existing code.
Then somebody noticed that 99.9% of requests matched a particular policy, so they changed the existing code to just check that predicate first, and the code sped up a zillion times, much more than with Ken's solution.
This is such a great anecdote, thanks for sharing!
Somehow relatedly, I still remember the first time I heard about profile-guided optimization which is essentially the same but for all of your code at once (well, same idea, not sure it's aggressive enough to reach the same result as the anecdote you shared).
tasn commented on We built an air-gapped Jira alternative for regulated industries plane.so/blog/everything-... · Posted by u/viharkurama
I just learned air-gapped includes private networks. I was under the impression this strictly meant isolated non-networked computers. Was this always the case or has the term diluted over time?
In my circles we include private networks going back at least 15 years. So maybe diluted, but if diluted, at least not new.
tasn commented on Why not to use iframes for embedded dashboards embeddable.com/blog/ifram... · Posted by u/rogansage
While i agree that is better than nothing, i've always had my doubts about this approach.
Do people really audit such code? I doubt it. Does the code really not insert any additional code that allows bypassing the whole scheme (esp. If the point is to dynamically insert content).
I also think most of the time, the biggest threat is not the vendor being intentionally evil but the vendor making a mistake that leads to XSS which someone else exploits. After all, if the vendor is intentionally being malicious they can probably sneakily bypass this sort of thing.
How is that different to any other library? Supply chain risk is a big problem.
tasn commented on Why not to use iframes for embedded dashboards embeddable.com/blog/ifram... · Posted by u/rogansage
> Security teams have raised red flags about iframes for years. Cross-frame scripting, clickjacking, and credential phishing are common exploits, since the frame executes third-party code inside your trusted domain
I would disagree.
Yes iframes have security risks, but they generally pale in comparison to giving some other random site full control of your page, which is the alternative.
Another alternative is loading a library and setting it to a fixed version.
You're still giving a 3rd party full access to your website, but at least it's more auditable and safe.
Fwiw, I think iframes are great!
tasn commented on The borrowchecker is what I like the least about Rust viralinstruction.com/post... · Posted by u/jakobnissen
> [The pain of the borrow checker is felt] when your existing project requires a small modification to ownership structure, and the borrowchecker then refuses to compile your code. Then, once you pull at the tiny loose fiber in your code's fabric, you find you have to unspool half your code before the borrowchecker is satisfied.
Probably I just haven't been writing very "advanced" rust programs in the sense of doing complicated things that require advanced usages of lifetimes and references. But having written rust professionally for 3 years now, I haven't encountered this once. Just putting this out there as another data point.
Of course, partial borrows would make things nicer. So would polonius (which I believe is supposed to resolve the "famous" issue the post mentions, and maybe allow self-referential structs a long way down the road). But it's very rare that I encounter a situation where I actually need these. (example: a much more common need for me is more powerful consteval.)
Before writing Rust professionally, I wrote OCaml professionally. To people who wish for "rust, but with a garbage collector", I suggest you use OCaml! The languages are extremely similar.
I've mostly experienced it when moving from borrowing to ownership and vice versa. E.g. having a struct that takes ownership over its fields, and then moving it to a borrow with a lifetime.
It's not super common though, especially if the code is not in the hot path which means you can just keep things simple and clone.
Also, whoever takes your old residence is probably not malicious (they just want the house because they want a house), but whoever takes your email address is much more likely to be malicious (as the acquisition cost is low and it scales).