> "Democracy" is when "bad actors" (as defined by the establishment) are shut out of all online discourse.
The point of ID laws is not to stop "bots" or "sockpuppets", it's to enable governments to shut down the speech of their political adversaries by painting them as dangerous. That is not democracy, that is authoritarianism, even if you absolutely hate the people that are being shut up.
Western countries are not in the midst of polarized political crises because of "external bad actors" or "sockpuppets". They're in these crises because of fundamental contradictions in values and desired policies between different segments of the populace.
The Europeans are currently full steam ahead in attempting to "fix" the situation by criminalizing dissent, which will, in the end, only exacerbate the political crisis by making the democratic system illegitimate.
The Internet is already all but dead. We could fix it (as I propose). Or we let it die.
I'm fine with either outcome.
> criminalizing dissent
When has that not been true? Serious question.
Socrates was compelled to commit suicide. Jesus was nailed to a cross. Journalist and activists are routinely murdered. How many political prisoners are there right now?
Probably the lack of pictures. Maybe the moderation. Maybe the slight niche.
It could die if it becomes profitable to spamers. Or maybe it's dead now and one or both of us are llms.
But as long as the content quality meets my personal utility threshold, it makes sense for me to visit it, regardless of whether it is a victim of DIT. Ultimately it's probably up to webmasters to understand if the traffic on their site is either profitable or of a high enough quality to justify the operating costs of a hobby.
No ads. No algorithmic hate machine. Active moderation.
Two other fine examples of thriving online communities are metafilter and ravelry.
I'm sure there's many more on the web. I just don't get out much.
And many, many not on the web. Using discord, telegram, old school BBSes, etc. But, as dead Internet theory notes, they're not publicly visible and therefore not discoverable, not being indexed.
>[1] https://github.com/swiftlang/swift-evolution/blob/main/propo... -- apologies to the authors, but even as a previous C++ guy, my brain twisted at that. Inside Swift is a slim language waiting to get out... and that slim language is just a safer Objective C.
These kinds of features are not intended for use in daily application development. They're systems-language features designed for building high performance, safe, very-low-level code. It will be entirely optional for the average Swift developer to learn how to use these features, just in the same way that it's optional for someone to learn Rust.
The "Swift has too many keywords now" meme makes me want to go insane. The vast majority of Swift code never runs into any of that stuff; so, what advocates of it are saying is in effect "we don't want Swift to expand into these new areas (that it has potential to be really good at) even if it's in a way that doesn't affect current uses at all."
That said, the Swift 6 / Strict Concurrency transitions truly have been rough and confusing. It's not super clear to me that much of it could have been avoided (maybe if the value of Approachable Concurrency mode had been understood to be important from the beginning?), and the benefits are real, but my gut feeling is that a lot of the "Swift is too complicated" stuff is probably just misplaced annoyance at this.
Swift's concurrency story is what happens when a multi-year project meets Apple's fixed six month Swift release timeline. And being written by highly knowledgeable but low level engineers who've never written an iOS app in their life, means that there was a huge approachability hole they've only recently worked their way out of, but even that has major issues (MainActor default on in Xcode but not Swift itself).
The EU DMA says they have to allow third party browser engines access to the same resources (the JIT) that Safari has. It specifically allows them to place reasonable requirements on those third party alternatives:
> The gatekeeper shall not be prevented from taking, to the extent that they are strictly necessary and proportionate, measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
Access to rwx memory is inherently dangerous, and it's completely reasonable to expect third parties to have proven that they are serious about producing a usable browser engine before putting such a risky product on the market for consumers to download. The law does not require them to allow any third party application to access the JIT, only a third party application that competes with Safari (a usable web browser).
Yes, but that doesn't require rendering performance or anything like that, but absence of security problems.
You can't justify a requirement for a minimum level of performance or some capability. You can justify a requirement of a guaranteed absence of security bugs, provided that that's a standard you impose on yourself throughout the system.
> You are claiming that static code analysis tools extensively used in C++ cannot detect all conceivable and hypothetical memory issues. The weasel words in here is that it is possible to detect them, but some can conceivably slip through.
No, there are entire classes of memory vulnerabilities that are impossible to check with static analysis because checking them is equivalent to the halting problem.
> To drive the point home, there are already a few CVEs even from use-after-free bugs in Rust code. What does that make out of the all assertion? Would this be a reasonable argument to reject Rust as an unsafe language?
The CVE that you referenced in the other comment was Rust calling into unsafe C code, as I pointed out. If you have a real example feel free to post it.
> The problem with these claims is that they rely on weak strawmen arguments and a very superficial analysis of the problem space. I get the need to do marketing, but if the audience is technical them don't you think arguments should stand on solid technical ground?
The views I have laid out here are the consensus among compiler engineers and in theoretical computer science. You only have to look at the compiler group at Apple:
- heavily invested in static analysis
- maintains the clang static analyzer
- maintains number of runtime memory analysis tools in Xcode
- not invested in rust at all and seemingly not interested
The reason for this is that static analysis simply cannot do it when the semantic information about lifetimes is lost, even for a group that knows how to write strong static analysis tools. Program flow is too ambiguous without it, so it becomes impossible to detect such memory vulnerabilities without running the program and fuzzing it – an expensive, time consuming, and probabilistic process.
> No, there are entire classes of memory vulnerabilities that are impossible to check with static analysis because checking them is equivalent to the halting problem.
This is the sort of goalpost-moving that lays bare how superficial and misleading these accusations are. You're trying to argue that some very specific types of memory vulnerabilities can't be detected with static code analysis tools. That is different than claiming that it's not possible to detect memory vulnerabilities in languages such as C or C++, isn't it? But somehow this strawman is used to imply that Rust is invulnerable whereas developers using any other language are prevented from ever learning that standard FLOSS compilers support out of the box things such as detecting use of uninitialized variables.
This is not a very good example, because this Rust code is a thin wrapper around pthread_mutex, which is an unsafe API that can cause undefined behavior (such as use after free) if used incorrectly. The Rust code in question is using the unsafe C API incorrectly.
One could say "Rust doesn't stop you from calling out into unsafe C code, so it's still possible to produce memory vulnerabilities in Rust", and it would be true, but it kind of misses the point and only really bolsters the Rust people when they say they want to rewrite everything in Rust.
In Rust, an API with a rule such as "you must check that the mutex is unlocked before you can destroy it" would be implemented using the type system in such a way as to make it impossible to drop it without checking its state. This is something that is not possible to do in C and cumbersome to do in C++.
There are a few interesting trends in that list. One of them is that there's an increasing amount of Rust. People are going to write many of the high level bugs (e.g. logic mistakes) in any language, but if they're not using your language they won't write any in your language. Lots are written in Rust.
But another is that the kind of things even reported is different. There's a case a while back where C++ and Rust have identical APIs which make an identical promise. The obvious way to implement that API on popular platforms introduces a TOCTOU race, and so that race was present in Rust's stdlib and in all three popular C++ standard library implementations. Rust reported the TOCTOU race and its fix, there's a CVE number. The three C++ libraries just decided it's a QOI issue and silently made equivalent changes over the next few months or years.
In C++ the argument goes like this: C++ says that if any other programs are running on your computer, all filesystem access is Undefined Behaviour. Simply do not run more than one program per computer, then there's no TOCTOU race, no bug. Rust says duh, obviously multi-processing has been a thing since the 1960s so we have to assume other programs may be running, the TOCTOU race is a bug and must be fixed.
> mainstream compilers provide support to detect and throw warnings/errors for some of these issues
You cannot detect all of these issues with static analysis. Rust does it by requiring the programmer to annotate lifetime dependencies in the source code. Without this additional semantic information, static analysis cannot fully reason about the lifetimes of variables.
There are efforts by some to introduce lifetime annotations to C++ (https://news.ycombinator.com/item?id=30888172), but any changes to the core language face a very steep uphill battle with the C++ standards committee, so any movement on this is likely to be compiler-specific attribute-based systems, adopted largely by companies invested in a particular compiler ecosystem (such as Apple or Google) to annotate their proprietary code.
On top of this, Rust is a very expressive language, with its features (like enum sum-types, traits etc) making it very easy to implement patterns such as compiler-checked state machines and polymorphism that doesn't involve the recognized downsides of class hierarchies.
It is not for everyone, and not for every kind of project, but its features resonate positively with a lot of people in systems programming because of their experiences with other systems languages and their downsides.
This is why Rust is popular today, particularly in certain communities.
It depends on what you call "performance". IO throughput can be the same. So can be CPU utilization. Memory consumption will always be larger though, and the kind of code you need to write in Java to achieve parity might not look like any Java most people are familiar with.
CMake support started as a community project but was adopted officially by Apple after they started adopting some Swift in the compiler codebase – an extremely large and complex CMake project – so the support is extremely robust now.
Comments like this are the clearest sign that this topic has become so politicized that rational judgement is out the window. If fluoride in the water is opposed by *those people*, or is supported by *those people*, then even if new clear evidence comes out one way or another, it will be undermined by not wanting to hand the other side a ‘W’.
In an era where conspiracy theories are rampant, yeah, I'm kind of averse to letting conspiracy theorists win anything.
I'm not going to put myself in danger to avoid it. But when the evidence is marginal, social factors are something I'll take into account.
Even if there is indeed a problem with fluoridated water, it only shows up in a small effect that requires a large sample to see. The conspiracy theorists were guessing, even if they guessed right. And they ignored the data that had been gathered.
Science changes its mind, but conspiracy theorists never do. They accumulate, and it looks to me as if we're about to drown in them.
We literally just got a ruling against the EPA on fluoridation as being dangerously risky levels. As even The Guardian admits, it’s possible there actually is something to the claims of danger.
Of course, the EPA would never live it down if the anti-fluoridation people actually had something to their claims. However, I’m not the EPA. If they were wrong, screw them.
That’s not an accurate summary of the ruling. The ruling orders the EPA to re-evaluate the safety of fluoridation, but does so because the statutory evidentiary standard here is preponderance, not overwhelming evidence.
(It’s also not a ruling “against” the EPA. It’s entirely consistent with the statute, and the EPA will presumably act in accordance with it and produce yet another study demonstrating marginal-to-zero harm associated with fluoridation below 1.5mg/L.)
You are only feeding the growth of conspiracy theories if, when confronted with one that is true, you continually deny it. If they see actual evidence being denied, they think there’s something there.
I'm not planning to deny evidence. But I don't think the conspiracy theorists need my help to think there's something there. If I don't give them something they will just make something up. That is the definition of a conspiracy theory.
The point of ID laws is not to stop "bots" or "sockpuppets", it's to enable governments to shut down the speech of their political adversaries by painting them as dangerous. That is not democracy, that is authoritarianism, even if you absolutely hate the people that are being shut up.
Western countries are not in the midst of polarized political crises because of "external bad actors" or "sockpuppets". They're in these crises because of fundamental contradictions in values and desired policies between different segments of the populace.
The Europeans are currently full steam ahead in attempting to "fix" the situation by criminalizing dissent, which will, in the end, only exacerbate the political crisis by making the democratic system illegitimate.