HackerLangs
TopNewTrendsCommentsPastAskShowJobs

rstuart4133

2,711 karmajoined vor 12 Jahren

Submissions

[untitled]

1 points·by rstuart4133·vor 3 Monaten·0 comments

comments

rstuart4133
·gestern·discuss
Not disagreeing about the need for sentinel values, but Rust also has NonZero. When combined with Option, you get a similar result to outcome to C's -1.

Similar because it's a compiler hack, as in the compiler treats std::num::NonZero specially. You can't create your own type with the same properties as you can in C.
rstuart4133
·vorgestern·discuss
> they do seem to be causing fewer dollars to leave the country in imports.

Hmmm.

2026-07-07 "Canada's trade surplus in May jumps to a four-year high as US exports surge": https://www.tradingview.com/news/reuters.com,2026:newsml_L4N...

2026-07-06 "US trade deficit surges amid artificial intelligence spending boom": https://www.aljazeera.com/economy/2026/7/7/us-trade-deficit-...

If Trump's tariffs were supposed to lower the trade deficit, they haven't started working yet.
rstuart4133
·vor 5 Tagen·discuss
> This would be extremely difficult, I would say impossible from a practical standpoint.

It's not only practical and possible, it's so common it even has a name in software engineering circles: change control. It boils down to this: you delay installing the software until it's been reviewed, tested and deployed by others. Or as Linus would put it, until the many eyeballs have had their say.

As for "the person in control of the platform": the solution is to remove some of that control. You make new versions of the software available for anonymous download, so the provider has no idea who is upgrading. All open source distributions provide their software in that way. No proprietary platforms I'm aware of do, because they want a "billing relationship" with the customer. Once downloads are anonymous, the owner of the software can't target individuals with a tailored Trojan Horse binary. Everyone gets the same binary, and so there are lots of eyeballs looking at it.

The final piece of the puzzle is reproducible builds, which ensures the many eyeballs can see the code use to build the binary.

All this has been around for a while now, so it's largely a solved problem in open source distributions. The problem with web-based cryptography is it isn't managed like an open source distribution. Downloads aren't anonymous, the source isn't available or signed, and it changes so fast change control isn't possible. So yeah, as things stand it's snake oil. But it doesn't have to be - it's just the way things are now.
rstuart4133
·vor 5 Tagen·discuss
> the anti-vax crowd kept talking about being found in the veins/arteries of folks who took the Covid vaccine?

"The deal" is the clot issue was a problem for Astrazeneca. Astrazeneca is not an mRNA vaccine. It came out first, and was offered to a lot of people - until the clots started showing up.

Australia's response (where I live) was to withdraw the Astrazeneca vaccine and go into lockdown instead. They exited lockdown once a safe replacement vaccine was manufactured and could be mass administered, which happened many months later. The safe replacements were predominantly mRNA vaccines.

From memory the final statistics were Astrazeneca, which was only available for a month or two killed 1 in every 1 million doses, the mRNA replacements which now have been used for years have caused about 1 death for every 55 million doses. You wouldn't want to be the unlucky 1 in 55 million, but you would not want to miss out on taking the mRNA vaccines either - they saved 1000's of lives.

In the high risk groups, Astrazeneca turned out to be worth its risks in over-60s in Australia, but killed more people than it saved in the lower risk groups. But Australia was among the best countries to manage the COVID pandemic. In countries like Mexico where the death rates from COVID were far higher, taking Astrazeneca increased your chances of surviving the pandemic, despite the higher complication rate.

The meme that mRNA causes clots seems to be remarkably common, despite being wrong. It is why to this day many people are vaccine hesitant. It's unfortunate. I think the underlying cause of the large number of people with clots was the mass roll out of Astrazeneca as soon as it passed testing. Normally the take up of a new medicine is gradual. The high prices of the early batches mean they are only given to people who stand to benefit most. The less common side effects are caught in that phase. The phase didn't happen for Astrazeneca.
rstuart4133
·vor 7 Tagen·discuss
> i dont think there is any software on the planet that i would consider "truly life changing", so i find it a bit weird to hold ai up to that standard.

Off the to of my head web browsers, the algorithms that made WiFi / 5G / Bluetooth possible, public key encryption, GPS, SQL, TCP/IP, Reed Solomon codes spring to mind. Without them like today would be very different. Sounds life changing to me.

The current valuations of AI companies suggest AI will have a similar effect. I think it will, in the long term. People tend to overestimate/oversell the short term effects of technology, and underestimate the long term effects.
rstuart4133
·vor 8 Tagen·discuss
> has nothing to do with CO2 and seemingly everything to do with a lack of oxygen.

If you lack oxygen because you can't breathe in, then CO2 will be building up because you can't breathe out.

Neither sound like a good explaination for the suffocation response being winded causes, because most people can hold their breath for a least a minute with too much discomfort. It's more likely due to a primitive response to unexpected airway restriction - the same as choking.

PS: pigs have the same CO2 response as us, maybe stronger as they can detect C02 at lower concentrations. I find that hard to reconcile with pig abattoirs killing pigs by lowering them into a pit of 90% CO2. N2 would do the same job without the pig realising what is going on, but CO2 is heavier than air so it stays in the pit, making it more economical.

https://pmc.ncbi.nlm.nih.gov/articles/PMC11948533/
rstuart4133
·vor 8 Tagen·discuss
> This is false. There are many problems with age verification, but the EU approach does not involve the id provider in the verification flow. The site requiring verification presents a QR code which encodes a presentation request and the provider controlled URL

The nit you look to be picking is "redirect" means "a web page directs your browser to go to another URL". That is an interpretation you could use, but I was using a broader one. In the EU case, it isn't the browser following the redirect, it's you. The "server" you are redirected to is a government-provided app on your phone that implements openid4vp. But the underlying principle is still the same - you are "redirected" to a third-party proof-of-age provider, who sends a reply signed by the provider.

To the OP: openid4vp is an example of a protocol that is about as private as you can get. It all works offline, so the government does not know what sites you have visited. And the age verifier has no idea who owns the phone. As you say, the connection between the phone and the person holding it is a weakness; junior could just borrow big brother's phone to prove his age.
rstuart4133
·vor 9 Tagen·discuss
Another fun fact: the body's suffocation response isn't caused by lack of oxygen. It's caused by high CO2 levels in the blood [0]. If your car floods the air with CO2, you will respond like someone is holding your head under water.

Carbon monoxide kills you by binding more strongly to the hemoglobin than the O2. You don't notice, because the CO2 removal mechanism continues to work fine. You'll usually die before realising anything is wrong.
rstuart4133
·vor 9 Tagen·discuss
> But if they reveal nothing, isn't it wide open for abuse?

Good point, they do contain more information than "They are over 18". The primary (usually only) thing is who is attesting they are over 18. That might be the government, or a bank.

That's inevitable, because the usual flow is rather like Google's OAuth - the site needing you to prove your age rediects to the provider (Google, or whoever), who asks questions to verify your identity, and then replies with "over 18" or "not over 18".

This can leak other information aside from the site knowing who is verifying your age. For example, done the wrong way, the Google / the government could know what porn sites you like. OAuth, for example leaks that sort of information. But there is no technical reason it has to be that way.

The major barrier to all this isn't whether it's possible to design a protocol that proves your age, having a driver's licence or even an amount in a bank account. It is absolutely possible. It's that to be useful, everyone has to agree on the same protocol. That has so far proved to be near insurmountable.
rstuart4133
·vor 11 Tagen·discuss
> A few dollars per false claim seems like a good starting point to consider from.

A nominal fee to lodge a claim seems more practical. No courts, no lawyers, just a government web form that pay for itself. It won't stop vexatious claims, but it will stop mass speculative Hail Mary's.
rstuart4133
·vor 13 Tagen·discuss
https://archive.is/ziMkc
rstuart4133
·vor 14 Tagen·discuss
> Keep dreaming of a technological solution -- there is none that does not lead to the world that FIRE is warning about, except to accept that we can only make a solution "good enough" and leave it at that, without expanding into full on identity verification.

The world that FIRE is warning about already exists in Australia, whose age verification laws prompted the article.

I'm an Australian. Our government passed the Assistance and Access bill on New Year's Eve in 2018, without much debate. The law allows them to demand "assistance" (code word for: you shall develop an undetectable spy app for us), and "access" (code word for: you shall silently install that app on the devices of any persons we nominate). Both requests are subject to a gag order.

As an example of what's possible, this allows them to demand Google "assists" them to develop an undetectable app that records the phone screen and keyboard usage at periodic intervals, and send it back to them, and then to demand Google installs it on devices owned by persons of interest.

The world has continued on. That may be because the tech bros are resisting helping (there were threats by a government head of security implying they weren't getting the level of compliance they wanted). But it may also be because we are a democracy, and blatant misuse of powers like this is likely to get you unelected. I've seen a few cases where it "felt" like the government bureaucracies used this tool against whistleblowers, which made me feel distinctly uncomfortable. But I don't know, and until recently they had a remarkably good track record against local terrorism. The recent exception is the recent Bondi killings, where a completely bonkers father convinced his son to go on a shooting spree. But they managed to maintain complete radio silence during the perpetration stage - I guess it was all planned over the kitchen table. That couldn't be detected by any surveillance network.

So for now, it looks like they have used the tool according to the rules laid down in the bill. All spying requires independent judicial orders, which I'm fairly sure they obtained. (To put that into perspective - when the threshold is "the person broke the law" and you get to write the laws, the threshold is not quite as high as it might appear - particularly for government whistleblowers that pissed off the incumbents.)

But for most of us, whose "crimes" are at most indulging in naughty pleasures, the bill offers pretty good privacy guarantees. If the government doesn't follow its own laws all bets are off, of course - and yes, this very scenario is playing out in another Five Eyes country. But if the government does follow its own rules, then any government-backed zero-knowledge proof scheme that includes a snitch code that can only be unlocked by a judicial order is going to be fine.

TL;DR: for the scenario FIRE is worried about, the horse bolted 8 years ago in Australia. The current alternative of being forced to hand over photos, identity documents, and god knows what other PII to random web sites is far worse in terms of privacy than a zero-knowledge proof of age issued by the government - even if isn't truly private.
rstuart4133
·vor 14 Tagen·discuss
This quote from your link is positively scary:

> Some examples we saw when evaluating GPT-5.6 Sol included the model packaging exploits in its intermediate submissions to reveal information about a task’s hidden test suite and, in another task, extracting hidden source code detailing the expected answer.

It rhymes with the behaviour Alibaba saw [0], but that was in training. This is in a (semi) released model.

[0] https://www.forbes.com/sites/boazsobrado/2026/03/11/alibabas...
rstuart4133
·vor 16 Tagen·discuss
As an Aussie who's spent time in Germany in one of these heat waves, this is definitely one aspect. But it's not just "keep the heat in". They are designed with huge thermal mass, so once warm they stay warm for a day or so.

When the heat wave struck, initially that thermal inertia works in your favour as the cool building keeps the interior cool. But after a day or two it heats up. Once that happens, the temperature at night doesn't drop. As you say, ventilation is not good, so the humidity rises too. The thing becomes an overnight sauna.

After one night of this, I went looking for a fan. In my Australian home, every room has a ceiling fan. In this German dwelling (rented by my daughter, an Aussie, for the past few years) there wasn't a single fan in the house, and worse none of the nearby shops sold fans. It looked to me like there was no "social knowledge" of fans or how to handle heat in general. I eventually got a fan off Amazon, who thankfully delivered the next day.

We were also there in another year in winter. These same buildings were amazing the cold. They could maintain a cosy inside temperature with very little extra energy. But geeze, you don't want to be in one in a heatwave that goes on for days.
rstuart4133
·vor 20 Tagen·discuss
> I was mentored out of it, and while I still like my patches to be complete, I balance that with the available bandwidth of the team and what the team can reasonably actually process.

I struggle with the same issue. In my experience you can't reduce the total number of lines. If the feature took 10k or 15k loc to deliver it, you aren't going to be able to reduce that meaningfully.

You can usually break it into stacked series of commits. New code can be split up into stand alone modules, which all compile and pass their unit tests. They could even be shipped, although they wouldn't be used because the changes to the UI are always the last piece of the puzzle. If you are refactoring, you can usually find a way to split the refactor into smaller steps, each building on the previous one. That is almost certainly possible in this case.

The issue with both approaches is while you can review each step independently, what you miss by looking at just that commit is the motivation for doing it. You can only get that from the big picture, and to get the big picture you need the entire 10k or 15k loc available.

That means you have to push the entire series of commits. If you want to make it plain they are individually reviewable you push them as stacked PRs. Either way, it's a 15k loc push.

I don't see a way out of that for the same reason neither bottom up nor top down design works on their own. You have two edges - the upper (often the UI), and the lower (the OS, standard library - things you have to use to get anything done). You work from both edges simultaneously, each working towards the other, hopefully so that when they meet in the middle and the two fit together nicely. The point is, you have to review like that too. You can't just look at how neatly the blocks are stacked on the foundations, you have to evaluate if they are taking the best route to the destination. The review can fail in both ways - the UI can be beautiful but it stands on a mess, or the code could have built up a beautiful series of abstractions that bubble through to the top level and ultimately confuse the end user. So you have to review the code from both perspectives, and to do that you ultimately need to get your head around all 15k loc.

This means a reviewer demanding they be spoon fed a few thousand lines of code at a time is being as unreasonable as the person delivering 15k loc in one commit. They are demanding a simple solution to their problem, and it is wrong. They should be demanding all 15k loc be delivered in the form the author intends to ship, but split into digestible commits that clearly explain the path and reasoning taken between the top and bottom edges, so both the top and bottom level designs are plainly visible.

What happens when I do that is I get into fights over forced pushes. Everyone hates them, and for good reason. They asked for a simple change in their review, and what they want to see is a small commit reflecting their request. Hiding that by doing a rebase is met with howls of pain: "no forced pushes!". So you insert your commit reflecting just the change they asked for into the stack of commits the large feature necessitated. Doing that rebases every commit that depends on it, of course. You push the result and are treated with a chorus of "NO FORCED PUSHES".

Forbidding all forced pushes makes about as much sense as forbidding a 15k loc change, even through its well-structured into commits. It makes me wonder if unis bother to teach modern software engineering practices.
rstuart4133
·vor 23 Tagen·discuss
Those places grew out of an approach that had its origins in WW2. It was pretty obvious to the powers that be the USA won because science and engineering produced more and better weapons, transport and logistics than the enemy could. They eventually squashed both Germany and Japan with sheer industrial might.

Post WW2, the USA continued the same approach by adopting the Vannevar Bush model, which boiled down to the USA pouring money into basic research, which is never profitable. That fed the companies like the ones you list, who were willing to make bets on medium-term things that might return a profit in a decade or so. If the USA's dominance of world science and engineering in the later 20th century is any indication, it worked a treat.

The Vannevar Bush model started to be wound back in the Reagan years, and Trump seems bent on excising it entirely. Other countries noticed its success. Most OECD countries put a few percent of public money into basic research now. The country that seems to have really taken the lesson to heart is China. They've gone way beyond what the Vannevar Bush model did even in its heyday. The end result is they dominate some areas of science and engineering and consequently manufacturing now (who here remembers Huawei was the brains behind 5G), and now the USA has thrown in the towel that dominance will grow to cover most areas in time. The gap between the West and China on AI and semiconductors is at most a few years.

The USA is crying China is cheating with subsidies and yes that's true - for example it seems the AI models are mostly developed using public money, whereas the USA is relying on VC funding to do the same. The USA's funding of AI development will very likely slow down after the IPOs happen and the companies must become profitable. China's funding of AI won't slow down.

This is the result of a policy choice China made long ago in the Deng Xiaoping era, back in the 1980s. It's taken 40 years to bear fruit, but my it is fruiting vigorously now. The USA position is also a consequence of policy choices it's been making over the last 40 or so years, starting in the Reagan era.

If you want to see how far this has gone, look up: https://www.aspistrategist.org.au/aspis-critical-technology-... It makes for sobering reading. Some key metrics they measured:

- Research Leadership: China leads the world in high-impact research in 69 out of 74 critical technologies.

- Recent Overtakings: China recently overtook the US in foundational AI and biotech fields, including Natural Language Processing (NLP) and genetic engineering.

- Monopoly Risk: ASPI tracks 41 technologies where China's research concentration is so high it poses a severe future monopoly risk, largely driven by massive hubs like the Chinese Academy of Sciences.

There is now little doubt how this will pan out over the next few decades. The USA and the rest of the West end up buying products made in China, using Chinese technology, and protected by a Chinese patent wall. They will wonder what happened. They will try and recover by going to Chinese universities, and adopting parts of Chinese culture. It won't be a big change for most of the West - the name on the label just changed from the USA to China. It will come as a hell of a shock to most of the USA.

The ironic thing will be - the change has very little to do with the things people will focus on, like who manufactures what, or patent walls, or political systems, or excellence in universities. China pulled that off by adopting some key USA policies, while the USA abandoned those same policies.
rstuart4133
·vor 25 Tagen·discuss
The feeling I get is LLM's are the new Excel. I've seen lots of people develop little web based apps that tickle their interest. Things like dashboards for data that would didn't fit on their phone, table tennis scoring (really!), small account keeping apps, plotting calculated GPS path on a map.

These are tiny single use stuff. Exactly the sort of thing the company nerd would create spreadsheets for. The GUI is more advanced, but it is no more maintainable or scalable.
rstuart4133
·vor 25 Tagen·discuss
> having the coffee warm is kinda important.

Cold drip coffee is a thing, done well a very nice thing.
rstuart4133
·vor 29 Tagen·discuss
GLM 5.1 gets close to 4.6. It can happily run for hours and achieve a result. It given it bugs like a race condition that lead to a count being out by 1 after millions of operations, somewhere in a hundred thousand lines of C code littered with locks and atomic swaps, and it found (as did Opus). Most other models can't.

I'm using Fable now and GLM 5.1 doesn't really compare. But it's literally 1/20 the price. I can't use Fable for coding - it's too expensive. So now we have three levels of models - lightweight ones you dispatch en masse to find things, ones capable of agentic coding tasks that can run for hours like Opus, and GLM (and possibly open source ones - I've only tried a few), and now Fable, which is a truly helpful "architecture buddy". Fable still makes many, many, mistakes, so you have to review every word it writes.
rstuart4133
·vor 29 Tagen·discuss
Why did the word "skynet" pop into my mind?