Notices by Howard Chu @ Symas (hyc@mastodon.social)

@mirabilos @dalias @nxadm tbf, I sympathize. After all, naming is one of the two hardest problems in computer science (along with cache invalidation, and off-by-one errors). And I had to rename LMDB shortly after its release, to avoid confusion with other projects... it's tough to come up with good names.

@mirabilos @dalias @nxadm wow, "status changed to Unfortunate" https://github.com/golang/go/issues/9#issuecomment-66047478

@nxadm @dalias also, it's intentionally limiting in its expressiveness. Which makes sense as one of its design goals - it was designed to make projects and programmers at Google interchangeable. There's only one way to do things, so there can only be one "style". In short, it's designed for mediocrity. https://channel9.msdn.com/Events/Lang-NEXT/Lang-NEXT-2014/From-Parallel-to-Concurrent

@nxadm @dalias if you look at it as an attempt to make human programmers into interchangeable code spewing machines, then Google's new emphasis on AI code spewing machines probably means golang was a failure.

@nxadm @dalias yes, but still that's an open door for malware, wherever you point it. https://mastodon.social/@hyc/113999242008616734

@nxadm @dalias Go has this weird design mentality of fetching every dependency you're using, straight from github. And no dynamic linking. It's too opinionated, IMO.

Not to mention it was intentionally designed to be less flexible than C.

@dalias yep, same. https://mastodon.social/@hyc/114841502231953489

Frankly the interminably slow compile times were the first red flag for me. But resorting to AI just yells out "we don't know what we're doing".

Hudson has relocated from the couch to the bed for phase 2 of today's napping. #caturday

@cmconseils the Victorian era really killed men's fashion huh.

Heathrow airport dim sum is actually edible

@dalias if you're really self-hosting your email you should have an actual domain name of your own though, and it should resolve both forward and backward.

@dalias my favorite was always hosts whose IP address is encoded in their DNS name. I used to just flat reject them but now I only greylist them because more subscription mailers are using dynamic hosts for sending.

@thomasfuchs @zrail Fortran. I was a maverick and used C, and eventually helped write JPL's C Coding Standard.

@zrail @thomasfuchs definitely. But most people in computing have almost zero exposure to actual computer science.

Meanwhile, yes, my degree was in Computer Engineering, in the Electrical Engineering and Computer Science department at UMich's College of Engineering. I practiced real software engineering, at UMich, at JPL writing software for the Space Shuttle, and elsewhere. But I'm also just a hacker at heart.

@dalias it's a DoS but not the same as an actual crash, which is unanticipated. There is zero security exposure from an assert failure: no data leak, no unauthorized access, no possibility of code injection. The trigger conditions are clearly spelled out in the assert itself, so it's trivially remedied. Calling it a security issue dilutes the word "security" to meaninglessness.

@bagder OpenLDAP is seeing more AI-assisted bug reports that claim to be security issues, but aren't.

E.g., calling a crash in a commandline tool a DoS (no, it's not a service).

@bagder the other one we see is calling assert failures crashes. It's not a SEGV, there's no possibility of data exfiltration or RCE. There's no security exposure, it's just a bug. One that was anticipated hypothetically by the original developer, but whose final disposition wasn't decided upon way back when.

E.g. /* can this even happen? */

They toss in an assert, and it lives quietly in the code for decades before someone definitively shows yes, it can happen...

Destruction of knowledge - this was always the inevitable end of the AI road https://scholar.social/@Iris/115020211902735145

@skinnylatte jealous... just had dim sum in Dublin last week. Such limited selection, no sesame rice balls. Sad.

Reminder: AI "generated" code is 100% plagiarized. You must not accept code of unknown provenance into your code base. Doing so opens you up to potential copyright infringement lawsuits. Nobody needs a repeat of the SCO vs IBM lawsuit over ownership of Unix.

Accepting AI-assisted code is just legally untenable. That's black and white, there's nothing to debate. Projects that accept it are idiots and should be shunned.

https://mastodon.social/@hyc/114777864519941643