HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dochtman

no profile record

Submissions

The Rule of Three and Four

bcg.com
1 points·by dochtman·2 माह पहले·0 comments

Weekend at Bernie's – assessing critical open source repos

nesbitt.io
4 points·by dochtman·2 माह पहले·0 comments

GitHub Actions is the weakest link

nesbitt.io
252 points·by dochtman·3 माह पहले·93 comments

Bringing Rust to the Pixel Baseband

security.googleblog.com
2 points·by dochtman·3 माह पहले·0 comments

mmdr: 500-1000x faster Mermaid rendering, zero browser dependencies

github.com
3 points·by dochtman·5 माह पहले·0 comments

The state of the kernel Rust experiment

lwn.net
119 points·by dochtman·7 माह पहले·130 comments

comments

dochtman
·27 दिन पहले·discuss
> I wonder if someone could create a GitHub account using my name and claim ownership of them...

AIUI the crates are actually linked to the account via a different identifier, not directly to the username.
dochtman
·पिछला माह·discuss
GitButler now employs/has hired the gitoxide maintainer, I think? So no doubt they’re aware.

I guess they found that gitoxide isn’t good enough and/or to expensive to extend/improve for their use cases?
dochtman
·2 माह पहले·discuss
A lot of Let’s Encrypt is not the software but a bunch of auditing and process that ensure compliance and make it legible to the required auditors.
dochtman
·5 माह पहले·discuss
That's the policy, but we've been a bit more conservative in practice. `main` currently targets 1.88, but that's only because a security issue in the time crate has forced our hand (one reason I don't like the time crate all that much). Before that, it was 1.83 (from November 2024). Our last release targets 1.71 (from July 2023).
dochtman
·5 माह पहले·discuss
I'd bet a supermajority of Swift commits comes from Apple developers. Pretty sure the rust-lang/rust commit authors would be much less centralized.
dochtman
·5 माह पहले·discuss
See also:

https://github.com/1jehuang/mermaid-rs-renderer

Just submitted a HN thread about it:

https://news.ycombinator.com/edit?id=46807750
dochtman
·6 माह पहले·discuss
I think the way Rust checks borrows also makes it a lot more feasible to avoid allocations/copies; not because it is impossible to do in C, but because doing it in C requires writing very careful documentation and the caller to actually read that documentation. In (safe) Rust this is all checked by the compiler such that libraries can leverage it without blowing their complexity budget.
dochtman
·6 माह पहले·discuss
There’s also a compounding effect: I’ve heard from a hardware vendor that they spend a lot of time optimizing OpenSSL to get the most out of their silicon, so for their customers they suggest using OpenSSL to get the most out of the hardware.
dochtman
·8 माह पहले·discuss
How is the HiDPI situation, and font rendering? Last time I tried it on my M1 Max with Asahi it still looked substantially worse.
dochtman
·10 माह पहले·discuss
I'm pretty sure private PKIs are an option that is pretty straightforward to use.

Security is still a lot better because the root is communicated out of band.
dochtman
·10 माह पहले·discuss
When I asked about financial support, the Senior Principal Software Engineer from Mozilla I talked to said "Mozilla has no money".

To be fair, we've gotten a great amount of code contributions from the Mozilla folks, so it's not like they haven't contributed anything.

(I am one of the Quinn maintainers.)
dochtman
·11 माह पहले·discuss
I would argue that regexes are often more complex than simple parsers.
dochtman
·11 माह पहले·discuss
No, they don’t.

Selling support contracts is actually hard.

GPL/AGPL preclude widespread adoption (these days) — the grandparent explicitly mentioned “permissive” licenses.
dochtman
·पिछला वर्ष·discuss
Part of the fingerprint is stuff like the ordering of extensions, which Chrome could easily do but AFAIK doesn’t.

(AIUI Google’s Play Store is one of the biggest TLS fingerprinting culprits.)
dochtman
·पिछला वर्ष·discuss
How does performance compare to running native code?
dochtman
·5 वर्ष पहले·discuss
Both bloggers know each other (this is pretty obvious if you read some of their online stuff), so Dan Luu probably reviewed the other post early and thought it interesting enough to add his own take.
dochtman
·7 वर्ष पहले·discuss
Good throughput with GC seems to come with significant extra memory use:

"We compare explicit memory management to both copying and non-copying garbage collectors across a range of benchmarks using the oracular memory manager, and present real (non-simulated) runs that lend further validity to our results. These results quantify the time-space tradeoff of garbage collection: with five times as much memory, an Appel-style generational collector with a non-copying mature space matches the performance of reachability-based explicit memory management. With only three times as much memory, the collector runs on average 17% slower than explicit memory management. However, with only twice as much memory, garbage collection degrades performance by nearly 70%."

https://people.cs.umass.edu/~emery/pubs/gcvsmalloc.pdf

So you're still paying for it, just in a different dimension.
dochtman
·11 वर्ष पहले·discuss
I liked Michael Lopp's (also known as Rands, from Rands in Repose) book, Managing Humans, when I first became a team lead 18 months ago.

http://www.amazon.com/Managing-Humans-Humorous-Software-Engi...