gedhrel

joined 1 year ago
[–] gedhrel@lemmy.ml 6 points 1 year ago (1 children)

I take it you didn't read the article?

It turns out that "the threadiverse" is not "Threads".

[–] gedhrel@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

The alternative is to continue with a process that's been demonstrably successful, despite it offending your sensibilities.

Banks are prepared to pay for it. People are prepared to do it. It meets the business needs. Change is massively high-risk in a hugely conservative industry.

[–] gedhrel@lemmy.ml 3 points 1 year ago (3 children)

I think you vastly overestimate the separability of these systems.

Picture 10,000 lines of code in one method, with a history of multiple decades.

Now picture that that method has buried in it, complex interactions with another method of similar size, which is triggered via an obscure side-effect.

Picture whole teams of developers adding to this on a daily basis in realtime.

There is no "meaningful progress" to be made here. It may offend your aesthetic sense, but it's just the reality of doing business.

[–] gedhrel@lemmy.ml 2 points 1 year ago

rerere is a lifesaver here.

(I'm also a fan of rebasing; but I also like to land commits that perform a logical and separable chunk of work, because I like history to have decent narrative flow.)

[–] gedhrel@lemmy.ml 1 points 1 year ago

Given the widespread existence of wasm sandboxing, rustc itself might want to think about alternative strategies for running compiler plugins. I suspect there'd be a performance hit with such an approach, but wasm tooling is getting really good; perhaps it is minor.

[–] gedhrel@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

Apology appreciated, but unnecessary.

I don't want to derail a useful tool. It's worth going a bit beyond "hope" as a strategy, however, and thinking about if (how) this might be exploited.

I doubt anyone will be mining crypto in your sandbox. But perhaps you should think about detection; might it be possible to mask a malicious crate with a second that attempts to detect sandboxed compilation, for instance?

In any case, I think this still looks exceedingly interesting in the typical case, which is of detecting the impact of bugs from non-malicious actors.

[–] gedhrel@lemmy.ml 1 points 1 year ago (1 children)

I think you're trying to handwave at someone who knows more about the steganographic watermarking approach than you do.

[–] gedhrel@lemmy.ml 1 points 1 year ago (10 children)

Given the existence of macros, doesn't this let package maintainers run arbitrary code in the painter sandbox?

[–] gedhrel@lemmy.ml 3 points 1 year ago (1 children)

The opposite of "goth" is "ostrich"?

Yeah, I can see that.

[–] gedhrel@lemmy.ml 7 points 1 year ago

In the UK, she has some claim to shared equity.

[–] gedhrel@lemmy.ml 1 points 1 year ago

Yes. The sandbox gets whatever capabilities you expose to it.

[–] gedhrel@lemmy.ml 4 points 1 year ago

I had a small X.25 network as combination coffee-table and space-heater at one point; this was before most homes had internet. It almost cost me a divorce.

view more: next ›