Readit News logoReadit News
txdv commented on Show HN: Sandboxing untrusted code using WebAssembly   github.com/mavdol/capsule... · Posted by u/mavdol04
csense · 9 days ago
I had to do some research to figure out what this is actually doing. When you try to pass e.g. strings through WASM functions you end up writing the data to memory and passing offset / length, which is obviously inconvenient and potentially has security implications. WASM components [1] is a spec that tries to improve on this with an IDL called WIT that lets you define functions that pass complex types with a proper ABI.

This all seems sensible for languages like C or Zig that neatly cross compile to WASM. But I was very confused how this could ever work with a duck-typed interpreted language like Python, so I did some digging.

Apparently "run your Python as WASM" part is implemented by componentize-py which cross compiles CPython to WASM as libpython3.14.so [2].

I'm not sure whether I should be impressed or horrified...

[1] https://component-model.bytecodealliance.org/

[2] https://github.com/bytecodealliance/componentize-py/blob/79e...

txdv · 9 days ago
js string builtin in wasm is a thing now, might be sharable across runtimes with special compile flags
txdv commented on Finding and fixing Ghostty's largest memory leak   mitchellh.com/writing/gho... · Posted by u/thorel
LgWoodenBadger · a month ago
The contrast between the attitude here https://news.ycombinator.com/item?id=46461860 and in this story is a bit wacky to me.
txdv · a month ago
Only contrast I see is that he thought it was much more of a corner case which turned out to be not that true anymore since everyone started using claude code.
txdv commented on DeepSeek uses banned Nvidia chips for AI model, report says   finance.yahoo.com/news/ch... · Posted by u/goodway
the_pwner224 · 2 months ago
I was just selling my RTX 4090 on Ebay recently and got a ton of bids from Chinese accounts. The winner ($2,325) had Australia set as the country on their profile, but a Chinese name on the account, and the order shipping address was to a different Chinese name (to a regular single-family house in Delaware). Most bidders straight up had China as their profile country.

So my 4090 (24 GB) is probably going to get turned into a 48/96 GB VRAM frankenstein in a Chinese chop shop. I haven't watched the full 3.5 hour documentary you linked but from the first few minutes, it seems quite interesting. And covers this exact thing.

Edit: Again, I checked the address, it was a house, not a freight forwarder warehouse. And if it was actually going to AU, the forwarder would be on the west coast in CA/WA, not east coast (had another order go to Thailand with a forwarder in SF. And Miami is the big hub for South America). For legit freight forwarding they also wouldn't have different names on the account & shipping address. As the parent comment's YT video describes, these are often just normal Chinese-Americans or international students who do this to make a bit of extra money.

txdv · 2 months ago
Can't they do it here? or will the authorities go after these kind of upgrades?
txdv commented on The RAM shortage comes for us all   jeffgeerling.com/blog/202... · Posted by u/speckx
jsheard · 2 months ago
I wonder if Apple will budge. The margins on their RAM upgrades were so ludicrous before that they're probably still RAM-profitable even without raising their prices, but do they want to give up those fat margins?
txdv · 2 months ago
on one hand they are loosing profit, on the other hand they are gaining on market share. They will probably wait a short while to assess how much they are willing to sacrifice profits for market share
txdv commented on The RAM shortage comes for us all   jeffgeerling.com/blog/202... · Posted by u/speckx
mastax · 2 months ago
> And those companies all realized they can make billions more dollars making RAM just for AI datacenter products, and neglect the rest of the market.

> So they're shutting down their consumer memory lines, and devoting all production to AI.

Okay this was the missing piece for me. I was wondering why AI demand, which should be mostly HBM, would have such an impact on DDR prices, which I’m quite sure are produced on separate lines. I’d appreciate a citation so I could read more.

txdv · 2 months ago
Just like the GPUs.

NVIDIA started allocating most of the wafer capacity for 50k GPU chips. They are a business, its a logical choice.

txdv commented on Valve reveals it’s the architect behind a push to bring Windows games to Arm   theverge.com/report/82065... · Posted by u/evolve2k
craftkiller · 2 months ago
That is why I bought a steam deck: to financially support Valve's Linux efforts. I barely play games anymore but thanks to the Wine devs, CodeWeavers, and Valve, I no longer have to listen to the knuckle-draggers claiming that "Linux sucks because it can't play games". In fact, now it is the opposite: Linux is outperforming Windows[0].

[0] https://www.youtube.com/watch?v=CJXp3UYj50Q

txdv · 2 months ago
> knuckle-draggers claiming that "Linux sucks because it can't play games"

they still do it because you can't play all the multiplayer games with kernel level anticheats

txdv commented on Valve reveals it’s the architect behind a push to bring Windows games to Arm   theverge.com/report/82065... · Posted by u/evolve2k
levocardia · 2 months ago
Valve is one of the few companies regularly seen on HN where the headline is something like "[company] is secretly doing something really great" as opposed to "[company] is secretly doing something evil"
txdv · 2 months ago
"We will make linux a viable gaming before we increment that number to 3!"

But I totally agree, I still install windows for gaming on my machine, but it looks like that for my purpose of gaming I can stay with Linux (I play mainly older games or indie games).

txdv commented on How to use Linux vsock for fast VM communication   popovicu.com/posts/how-to... · Posted by u/mfrw
dymk · 3 months ago
This is a weird article. It’s titled “how to use vsock” but 95% is how to set up Bazel, gRPC, and building a C++ project. And then 5% is a link to an off-site Twitter thread of screenshots for setting up a Linux VM image and running that in qemu.

This should have been a VM with a basic server and socat’ing the vsocket. I don’t know why so much space was dedicated to unrelated topics. Also zero qualifications or benchmarks for “fast” compared to tcp/virtio.

Author says “no ssh keys” when ssh is an orthogonal concept. sshd can listen on a vsock interface, it’s not specific to tcp/ip.

From the “Under the hood” section, which should be the part actually about vsock:

> I haven’t delved into the low-level system API for vsocks, as frameworks typically abstract this away.

txdv · 2 months ago
> This is a weird article. It’s titled “how to use vsock” but 95% is how to set up Bazel, gRPC, and building a C++ project.

This is just what happens when you use bazel to quickly set up your project.

txdv commented on How did the Win 95 user interface code get brought to the Windows NT code base?   devblogs.microsoft.com/ol... · Posted by u/ayi
userbinator · 3 months ago
moving changes from Windows 95 to Windows NT involved manually doing three-way merges for all of the files that changed since the last drop. I suspect that this manual process was largely automated, but it was not as simple as a git merge.

The first release of git was in 2005, around a decade after Windows 95.

txdv · 3 months ago
maybe merging patch files was a thing way before git?
txdv commented on Uv is the best thing to happen to the Python ecosystem in a decade   emily.space/posts/251023-... · Posted by u/todsacerdoti
zmmmmm · 3 months ago

    > Instead of 
    >
    > source .venv/bin/activate
    > python myscript.py
    >
    > you can just do
    >
    > > uv run myscript
    >
This is by far the biggest turn off for me. The whole point of an environment manager is set the environment so that the commands I run work. They need to run natively how they are supposed to when the environment is set, not put through a translation layer.

Side rant: yes I get triggered whenever someone tells me "you can just" do this thing that is actually longer and worse than the original.

txdv · 3 months ago
you can just point a shotgun at your foot and pull the trigger, isn't that covenient?
t

u/txdv

KarmaCake day506March 30, 2013View Original