HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dralley

18,227 karmajoined 9 tahun yang lalu

Submissions

A Man Who Ran Putin's Hit Squad [video]

youtube.com
6 points·by dralley·22 hari yang lalu·0 comments

Update on supply chain compromise of Red Hat cloud-services NPM packages

access.redhat.com
3 points·by dralley·bulan lalu·0 comments

RHSB-2026-006 Supply chain compromise of RedHat-cloud-services NPM packages

access.redhat.com
2 points·by dralley·bulan lalu·0 comments

[untitled]

1 points·by dralley·3 bulan yang lalu·0 comments

Russia's doping program is run by the same FSB team that poisoned Navalny

theins.press
99 points·by dralley·3 bulan yang lalu·90 comments

A more efficient implementation of Shor's algorithm

lwn.net
1 points·by dralley·3 bulan yang lalu·0 comments

How Russia's new elite hit squad was compromised by Google Translate

theins.press
34 points·by dralley·4 bulan yang lalu·6 comments

I caught an Illegal Russian Spy [video]

youtube.com
2 points·by dralley·4 bulan yang lalu·1 comments

Ukraine After 4 Years of War [video]

youtube.com
3 points·by dralley·7 bulan yang lalu·0 comments

Russia's Spy Hotel – Unit 29155 [video]

youtube.com
3 points·by dralley·9 bulan yang lalu·0 comments

Four arrested as France thwarts assassination attempt on Russian Putin opponent

novayagazeta.eu
3 points·by dralley·9 bulan yang lalu·0 comments

France Arrests 4 Suspected of Assassination Plot Against Russian Dissident

themoscowtimes.com
3 points·by dralley·9 bulan yang lalu·0 comments

Russia's Secret War in Europe – Unit 29155 – Episode 4 [video]

youtube.com
10 points·by dralley·9 bulan yang lalu·0 comments

comments

dralley
·kemarin dulu·discuss
Possible, yes. But it's not like it's terribly difficult to verify correct usage of "unsafe" that amounts to a basic function call to a C library. Trivial uses of unsafe are pretty innocuous.
dralley
·16 hari yang lalu·discuss
It's a shame they missed out on the AI server boom.
dralley
·17 hari yang lalu·discuss
The same people attacked Iran without a plan for what to do if they closed the Strait of Hormuz
dralley
·17 hari yang lalu·discuss
How to tank morale even harder
dralley
·25 hari yang lalu·discuss
But how often do people just copy and paste code in the C/C++ ecosystem? Or reimplement things badly? Last I checked VLC had a homegrown XML parser.
dralley
·26 hari yang lalu·discuss
>Otherwise, it does not bode well for Rust code because any type safety glitch will be considered a vulnerability.

I mean, this is basically true. And it goes beyond type safety - there have been CVEs filed against the Rust stdlib for TOCTOU problems of a kind that the C++ stdlib is absolutely replete with (often the exact same ones in the exact same places, to the extent that comparable APIs exist) which ended up being fixed quickly in Rust and largely ignored in C++, if anyone bothered to file in the first place.

For sure does create headaches for those who need to categorize CVEs by impact, but on balance I don't think it's a bad thing for the ecosystem. Creating a culture that wants to fix soundness issues rather than mark them as WONTFIX with a line of documentation is a core principle and value proposition of Rust in the first place.

Quoting https://cor3ntin.github.io/posts/safety/

> But the borrow checker is not what makes Rust safe. Rust is safe because it decides to put correctness first by default.

> Rust is safe by culture.

Better to pay a penny to fix it today than a pound to deal with the fallout down the line.
dralley
·bulan lalu·discuss
The thing is that if step 2 isn't proprietary, but rather more open source code, then it's not "extinguish" it's just garden variety open source competition.
dralley
·bulan lalu·discuss
Considering a substantial fraction of the commit history since then has been removing those instances of "unsafe" not all of are actually usages of "unsafe" (seems like there are a fair number of functions / types with unsafe in the name but not the signature), is that actually still true?

And if nothing else Rust forces you to document where they are, which isn't nothing.
dralley
·bulan lalu·discuss
How would that help? These are not general purpose, base system libraries, these are libraries specific to a product that uses them. Either you're not using them and hence they would not be installed in the first place, or you're using them because you have the product installed.

Though I would expect that Insights uses RPM packages to ship components and not the public NPM packages.
dralley
·2 bulan yang lalu·discuss
Typically BLEVE is used in a petrochemical context, where the hot "boiling liquid, expanding vapor" ignites on contact with oxygen.
dralley
·2 bulan yang lalu·discuss
There are a number of compiler performance enhancements (and correctness improvements) that are being worked on that are kind of at a chokepoint behind some other piece of work. Unfortunately it's not that easy to discern what state they're in or how quickly they're making progress.

At some point though a lot of work will be able to start advancing at once, so long as people exist to do the work.

e.g. https://rust-lang.github.io/rust-project-goals/2026/parallel...
dralley
·2 bulan yang lalu·discuss
And yet, that hasn't translatd into additional support for Ukraine. In fact, Russian oil sanctions are lifted for the second month in a row, and Congress Republicans haven't put a Russian sanctions bill on the table because Trump doesn't want one.
dralley
·2 bulan yang lalu·discuss
The existence of other influences does not diminish the fact that Trump is enamored with Putin (and most "strong man" dictators generally, but Putin in particular) and it does impact his foreign policy decisions and those of his administration (Hegseth straight up canceled weapons shipments to Ukraine for 2 weeks in the aftermath of the Oval Office meeting thinking it would please the boss).
dralley
·2 bulan yang lalu·discuss
Because that's exactly what it was. I agree with you, the puritanism around special effects doesn't make sense when there's plenty of high quality archival footage out there, and instead of using that or CGI to look similar, you do something that looks completely wrong.
dralley
·2 bulan yang lalu·discuss
If you use unsafe improperly, it is possible to encounter UB in "safe" code which relies on the unsafe code being correct.
dralley
·2 bulan yang lalu·discuss
>There are well-known tools in the Rust ecosystem that detect this kind of error

Yes, tools like Miri, which this very post is about.
dralley
·2 bulan yang lalu·discuss
There is a significant difference between being able to see one flaw and being able to chain together multiple disparate flaws, to be fair.
dralley
·2 bulan yang lalu·discuss
As a matter of fact he has mentioned that one of the Jacob's Ladder videos was the only time he messed up and came close to actually electrocuting himself (by reflexively trying to grab the leads as they fell off a table). Otherwise all of the shocks are "calculated" to be nonharmful.
dralley
·2 bulan yang lalu·discuss
Not really though. That's like saying that no language is "safe" because the compiler could have a bug.

It's true that safe wrappers around unsafe code sometimes have bugs in them, but it's orders of magnitude easier to get the abstraction right once than to use unsafe correctly in many places sprawled across a large codebase.
dralley
·2 bulan yang lalu·discuss
A tiny fraction of programs need to use win32 or Mac OS functions beyond the standard library or other safe wrappers for said functions.