Hacker News new | past | comments | ask | show | jobs | submit | smolder's comments login

> FFI is inherently memory-unsafe

Maybe this specific problem needs attention. I wonder, is there a way we can make FFI safer while minimizing overhead? It'd be nice if an OS or userspace program could somehow verify or guarantee the soundness of function calls without doing it every time.

If we moved to a model where everything was compiled AOT or JIT locally, couldn't that local system determine soundness from the code, provided we use things like Rust or languages with automatic memory management?

This is a really hard problem because you have to discard the magic wand of a compiler and look at what is really happening under the hood.

At its most rudimentary level, a "memory safe" program is one that does not access memory that is forbidden to it at any point during execution. Memory safety can be achieved using managed languages or subsets[1] of languages like Rust - but that only works if the language implementations have total knowledge of memory accesses that the program may perform.

The trouble with FFIs is that by definition, the language implementations cannot know anything about memory accesses on the other side of the interface - it is foreign, a black box. The interface/ABI does not provide details about who is responsible for managing this memory, whether it is mutable or not, if it is safe to be reused in different threads, indeed even what the memory "points to."

On top of that, most of the time it's on the programmer to express to the implementation what the FFI even is. It's possible to get it wrong without actually breaking the program. You can do things like ignore signedness and discard mutability restrictions on pointers with ease in an FFI binding. There's nothing a language can do to prevent that, since the foreign code is a black box.

Now there are some exceptions to this, the most common probably being COM interfaces defined by IDL files, which are language agnostic and slightly safer than raw FFI over C functions. In this model, languages can provide some guarantees over what is happening across FFI and which operations are allowed (namely, reference counting semantics).

The way around all of this is simple : don't share memory between programs in different languages. Serialize to a data structure, call the foreign code in an isolated process, and only allow primitive data (like file descriptors) across FFI bounds.

This places enormous burden on language implementers, fwiw, which is probably why no one does it. FFI is too useful, and it's simple to tell a programmer not to screw up than reimplement POSIX in your language's core subroutines.

[1] "safe" rust, vs "unsafe" where memory unsafety is a promise upheld by the programmer, and violations may occur

Is there a way to do FFI without having languages directly mutate each other's memory, but still within the same process. So all 'communication' between the languages happens by serializing data, no shared memory being used for FFI. But you don't get the massive overhead of having to launch a second process.

You are still depending on the called function not clobbering over random memory. But if the called function is well-behaved you would have a clean FFI.

In practice you run all your process-isolated code in one process as a daemon instead of spawning it per call.

I think you're on the right track in boiling down the problem to "minimize the memory shared between languages and restrict the interface to well defined semantics around serialized data" - which in modern parlance is called a "remote procedure call" protocol (examples are gRPC and JSON RPC).

It's interesting to think about how one could do an RPC call without the "remote" part - keep it all in the same process. What you could do is have a program with an API like this :

    int rpc_call (int fd); 
where `fd` is the file descriptor (could even be an anonymous mmap) containing the serialized function call, and the caller gets the return value by reading the result back.

One tricky bit is thread safety, so you'd need a thread local file for the RPC i/o.

Presumably as long as FFIs are based on C calling conventions and running native instructions it would be unsafe. You could imagine cleaner FFIs that have significant restrictions placed on them (I'd imagine sandboxing would be required) but if the goal is to have it operate with as little overhead as possible, then the current regime is basically what you end up with and it would be decidedly unsafe.

How exactly is DoH a protection? Wouldn't they just see that as a red flag? Then, get the data from cloudflare or whomever.

Most of the time they log your plain DNS queries. But DoH is encrypted, thus they won't be able to log your DNS queries. Cloudflare is not the only DoH provider. There are many. If you want you can grab a several lines of PHP code and create your own DoH link in another country. Becouse DoH is https they cannot distinguish it from normal https. Of course if the use deep packet analyses tool they will know what website you are visiting but they are not being used widely but are used to target specific people. To sum up; DoH is better than plain text DNS queris.

Thanks for clarifying, had a Poe's law moment there.

I've got one, but it's not very good build or panel quality, just a random Chinese brand. It was in the first batch of 4k models, before all the bonus money from spyware pushed dumb displays out of the consumer tv segment.

Your best bet now is to get an industrial display or find a generic driver board that is compatible with the panel from a smart TV and then DIY a smart TV into a dumb one.

On the DIY perks youtube channel, the host builds a water cooled backlight for a 4k panel in order to make an outdoor-capable TV, and he uses one of those generic driver boards for it.

All of those do count, but many people have a narrower definition because of how the term "social media" is often shorthand for Twitter, FB, IG, and similar when used in the traditional media.

My point is that if you want to ban something then you need a specific dividing line other than "like Twitter." Otherwise either everything is banned or nothing is banned since everyone just uses loopholes. And if everything is banned you better be sure you actually want everything banned.

I could get behind some more restrictions on websites of a certain size, but putting any burden on brand-new web site owners beyond urgently dealing with problematic content is too much of a burden. It just acts as a moat for powerful incumbents, and they have far too deep moats as it is.

HN is not what I'd call cancer. Social media doesn't need to be an engagement-obsessed, emotionally charged misinformation hose. Social media is broader than the category that twitter and FB live in. It can be less toxic, but less toxic platforms are less exciting and don't get the same kind of attention, which is what all the toxic stuff optimizes for.

HN is heavily moderated, which is interesting given how often it is used as a platform to decry censorship.

I don't think that's a contradiction personally. Most reasonable people accept that some level of censorship is necessary for a good discussion, especially when hundreds or thousands of people are involved. HN style moderation doesn't exactly scale to twitter size easily though.

I think OP is pointing out the irony that HN is popular among people who claim to not accept that.

People try to make the argument that Twitter and (maybe to a lesser extent) Facebook are akin to a "town square", whereas I don't think people consider the HN comments section a "town square".

HN as a platform is effectively dedicated to a narrow set of topics, with a largely homogeneous user base (compared to any mainstream social media at least). I don’t think the consensus here is particularly favourable towards free speech, and it certainly has a very narrow Overton Window of acceptable ideas. The user moderation features also heavily reinforce whatever groupthink is popular, you have to “accepted” by accumulating a large amount of karma to influence voting, and 4 in-group users disagreeing with a comment is enough to remove it from the discussion.

I think Dang’s moderation is usually pretty decent, but I really don’t think this is a place where free speech is championed. In any thread on the topic, calls for increased speech regulation seem to be very popular.

I've been lurking on HN for about the last 8 years or so but only a few years ago made an account and I sparsely comment. Only a couple of weeks ago was my account considered worthy of being able to vote down. Meanwhile I've seen users essentially "game" their comment karma to high amounts within a few weeks.

I don't really agree with the idea that this place is an echo chamber, but I do sort of see it as similar to an IT meetup. You generally don't go to an IT focused meetup and start talking about abortion, religion, etc. and nobody would be surprised if you were kindly asked to leave the venue if you insisted on soap-boxing. If someone came and carted you off in a black van for speaking in a public place about your feelings on abortion I'd expect there to be a lot of push back from the public.

Politics is discussed all the time in HN. It’s not a generally taboo topic at all.

I don’t think I’d go as far as saying it’s a full blown echo chamber either. But theres a pretty clear orthodoxy on certain topics here.

I think it's discussed only where it's considered "on-topic". In my experience, many politcal articles are quickly removed as off-topic unless there's some technological bend to it. For example, politics in a thread about Julia 1.7 release would be "off-topic", politics in a thread about net neutrality might be on-topic but only up to a certain degree.

Can you provide specific examples please? It would seem that it moderates trolling content, self promotional or bot level garbage.


You can also try searching for "please by:dang"

Great examples - social media platforms could do well and follow dang's example.

That in itself makes it more heavily moderated than Facebook or Twitter, though of course that’s also attributable to manageable scale.

Not the OP, but your examples of bot level garbage and trolling content are perfect for Twitter. I would include self promotion, but that is such a core part of social media.

As a long time /lit/-izen I wanted bring up 4chan as an counter-example of a toxic platform that hasn't been optimized for attention. But the longer I thought about it, the more I grew sure that it isn't as toxic as it seems to be. Sure people will respond to your post calling you a bundle of sticks or the n-word. But in the end I had more heart-to-hearts with people that have widly different opinions than on any other platform. Some anon on /wg/ even convinced me to see a therapist about my suicidal-ideation. Hearing that from a voice in the void where there was no karma/likes/hearts/reblogs/etc. attached seemed more genuine, honest and caring than any other "help" I experienced online.

Sure, if you ignore the toxicity then it isn't as toxic as it "seems" to be.

4chan's /pol is probably the largest neo-Nazi discussion forum on the Internet. I'm actually unsure as to what could even be more toxic than that.

HN it's both highly regulated, and focuses on a few niche topics. I can tell you how to create a mobile app using flutter and firebase. I can't tell you how to handle a relationship.

I can argue flutter is easier than react native without getting personal. I don't argue about my relationships, or anyone else's relationships. I have extremely strict criteria for anyone I let into my life, whether that be a friend or a partner. This has worked very well for me.

You're not going to find what you want in every single city, life can become drastically better just by moving.

But that's it. I don't need to argue about why I live where I do.

I don't need the validation of random people when it comes to my life decisions. However if you want to argue with me that I can get better server-side performance via a Rust backend rather than firebase, I might listen.

HN is not for profit. In fact, it's purposely a loss leader. They can afford to be heavily moderated because they aren't trying to appease anyone but their specific small, targeted audience.

It's a marketing and awareness channel for YCombinator, not directly for profit.

It's toxic if you're actually an expert in the subject at hand. People here would rather feel smart than wrong. Lots of armchair experts here touting misinformation but you don't notice it unless there's a topic you know well.

A whole new world,

a new fantastic paradigm!

No more structs,

Or bad raw pointer luck,

I will use the whole damn STL.

A whooole neeeeww woooooorld!

A whole operator new world?


> you're going to have to differentiate yourself from the folks who are also putting out winamp-alikes.

No one giving away software has to do anything. Maybe they'd get more donations as OSS or something, but it's no guarantee.

Yes, but nobody has to use their work.

I'd assume that people who make general-purpose open-source software with the intent of it being used by someone other than themselves.

So read the "have to" as "if you want to have people use and appreciate your work, this is a necessary step".

Which is definitely just that, an assumption. Some people write things just because they want to or can, and don't care whether anyone else finds it useful for their own purposes. It might just be something for a portfolio, to inspire others, etc, or again, just because. Lots of things are created "just because".

The decision is left to the end user, use it, or don't.

Same with "you have to" advice. The decision is left to the developer: use it, or don't.

Really don't see a problem here :)

At what point does firefox silently upload history?

They did so in secret for their German users until they were caught red handed and had to stop doing so due to the public backlash. They lost millions of users in Germany due to that.

That said Google and Microft both keep collecting your data despite backlash while Mozilla stopped once caught.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact