Of course, technically you can compile anything to almost anything. But I don’t think linking to a project that’s unmaintained for 15 years really helps your argument.

This is the actual PR, btw: https://github.com/getgrit/gritql/pull/85

Good question! 😂 maybe I’m overthinking it, but you seem to be making the point that it’s silly for people to like WASM based on the argument the JVM already exists and people are not fond of it/Java. If that’s not the point, why did you make the meme at all?

I totally agree with this comment, and on top of that I would recommend anyone who really cares about the current state of affairs regarding safety in C++ to read this overview: https://accu.org/journals/overload/32/179/teodorescu/

Quote:

Personally, I am not convinced that in the near future, C++ can do something to stop this trend. C++ will leak talent to other languages (currently Rust, but perhaps in the future to Cppfront, Carbon, Hylo or Swift). If the progress towards safety started in 2015 as Bjarne suggested, the last 8 years have seen very little progress in safety improvements. Even with accelerated efforts, the three-year release cycle and slow adoption of new standards will keep C++ a decade away from addressing major safety concerns.

It’s a bit arguing about semantics really. But Rust and Haskell are merely the first ones with patches out. The issue affects other languages as well, including Java, Node.js, Python and seemingly every language with Windows support. I think it’s fair to call it a Windows problem, since it affects everyone there.

But languages like Rust and Haskell are promising their users that they are protected from this kind of behavior, which is why they want to patch it quickly. Some of the others merely updated the documentation, effectively saying yeah it’s a risk. Java went as far as saying they won’t fix the issue.

And conversely, something Go is very bad at. For example, os.Chmod silently not doing anything on Windows.

Smart pointers are really really nice, I do recommend getting used to them (and all other features from c++11 forward).

You’re recommending him to give up his sanity and/or life?

For a little bit I thought this library might be a subtle joke, seeing the #define _SHITPRESS_H at the start. That combined with the compress() and decompress() not taking any arguments and not having a return value, I thought we were being played. Not to mention the library appears to be plain C rather than C++... surely the author should know the difference?

Then I saw how the interface actually works:

// interface for the library user, implement these in your program:
unsigned int SPR_in(); // Return next byte from input or value > 255 on EOF.
void SPR_out(unsigned char); // Output byte.

This seems extremely poorly thought out. Calling into global functions for input and output means that your library will be a pain to use in any program that has to (de)compress anything more than a single input.

Yeah, it has its nice moments, but I also see it make mistakes and a lot of uselessly verbose text. It’s sometimes useful, sometimes funny, but mostly just noisy. Could be genuinely useful if it keeps improving though.

I would still like to take a moment to answer your specific questions more directly:

And what does that exclude that C or C++ has that’s memory unsafe? I suppose use after free?

I think indeed use after free is the main one, although data races are another. Both are prevented in Rust by the borrow checker.

Dereference a pointer without a bounds check is the major problem when we’re talking about memory safety.

I think that's only half of the issue, with the other half indeed being use after free. After all, using a reference isn't much different from dereferencing a pointer. But doing bounds check on all your pointers is relatively easy to do by humans; you see where the pointer is being used and you see if there's a check or not. But proving liveness of your references before you use them is much harder, because it often requires whole-program analysis to understand when the target may be destroyed. And in terms of danger, use after free is just as dangerous as unbound pointer access.

Thread safe code isn’t the issue otherwise Java, Python, etc would all be on the list of languages to run from.

Thread safe code is also the issue. The reason people don't have to run from Java is because data races there don't escalate to memory unsafety; they're just caught as "ordinary" exceptions and thus manifest as ordinary (but still hard-to-debug) bugs. But in C++ those too can create invalid memory accesses, with a possibility for exploitation. In fact, even Go has a memory unsafe data race in its threading model that occurs because of its use of fat pointers that embed both a data type and an address.

Point being, that is still a very dangerous subset. Off-by one errors have done in a lot of C code (and C++ code that isn’t using range-based loops).

It is indeed a dangerous subset, but as I mentioned elsewhere, Rust's borrow-checker, which prevents use after free with references is still active, even in unsafe code. Off-by-one errors are still bound-checked even in unsafe code, unless you explicitly use the non-bound-checked versions. Any Rust code that is valid safe Rust is just as safe when wrapped in an unsafe block. It is only when you explicitly use the unsafe features that you're on your own when it comes to safety.

A lot of these issues can be avoided in C++ by just using existing types like std::variant, std::unique_ptr, std::shared_ptr, std::array, and std::vector (with the at based accessor) instead of lower level constructs.

They indeed avoid some of the issues, but notably don't protect against use after free at all. And take std::vector as an example:

std::vector v;
v[2]; // out-of-bounds access

vs.

unsafe {
    let v = Vec::new();
    v[2]; // panic
}

Even wrapped in unsafe, the Rust equivalents are still safer.

I wouldn’t be so sure myself. Even unsafe Rust still uses the borrow checker, for instance. And you still get stricter checks around overflows and such as well. What unsafe does is that it unlocks the ability to use raw pointers and call other unsafe functions (among a few other things), but importantly it doesn’t disable the safety features that Rust has built-in. While unsafe Rust does indeed have some gotchas on its own, I think in general you’re still better off even with unsafe Rust than with C++.

MSFT is known for changing names a lot, but not for killing technologies.

Silverlight would like a word ;)

Essentially, but it doesn’t roll off the tongue as nicely 😅

That’s certainly not the case, because that’s like saying the issue is with Rust’s string slices. I think you may have missed the part of the issue where batch scripts require additional escaping due to Windows’ command handling. It’s a ridiculous design of the Windows API system, which is also why (almost?) every language they tested was vulnerable, so it would be actually very outstanding if Qt prevented this.

For C++ devs not using Qt it’s just another footgun they’ll likely keep introducing security issues with as well. But if you do use Qt, I think it’s better to double-check since it may also require a patch.

I can’t say for sure we won’t need to revisit this again as we learn more about the nature of what data is missing and whether with more context we can automatically triage and notify the right people, but for now it feels like the cost / benefit ratio of “talking versus doing” is about right.

This was a nice post, and I agree people should think a bit about how to name things, because getting it wrong can lead to others making wrong assumptions, which ends up wasting a lot of time.

That said, I would get pretty annoyed if a PR I’m involved with ended up with this level of bike-shedding over a function name. If the end goal is to avoid wasting people’s time, bringing out the big guns and making three attempts, with three rounds of review, to get the name of such a trivial function right is surely throwing out the cost / benefit ratio right upfront.

I would suggest writing blog posts about topics that you’re familiar with. Make sure you write the posts such that also people not too familiar with the material can follow it. Share your posts, and ask for questions and feedback.

I use Astro, because it allows me to write posts in Markdown and publish as a static website, though there are certainly other solutions that allow you to achieve the same thing. I just bundle it up in an Nginx Docker image and host it on Fly.io. If you want you can look at my setup here, though beware it isn’t documented (even the README is already out of date): https://github.com/arendjr/phebe

let alone if it’s technically “real” (as in physical in any way.)

This right here might already be a flaw in your argument. Something doesn’t need to be physical to be real. In fact, there’s scientific evidence that physical reality itself is an illusion created through observation. That implies (although it cannot prove) that consciousness may be a higher construct that exists outside of physical reality itself.

If you’re interested in the philosophical questions this raises, there’s a great summary article that was published in Nature: https://www.nature.com/articles/436029a

Agreed on all counts, except it being useless to think about :) It’s only useless if you dismiss philosophy as interesting altogether.

But that kinda misses the point, right? Like, all that means is that the observation may have created the particle, not that the observation created reality, because reality is not all particles.

I guess that depends on the point being made. You didn’t raise this argument, but I often see people arguing that the universe is deterministic and therefore we cannot have free will. But the quantum mechanical reality is probabilistic, which does leave room for things such as free will.

I can agree with your view to say observation doesn’t create reality, but then it does still affect it by collapsing the wave function. It’s a meaningful distinction to make in a discussion about consciousness, since it leaves open the possibility that our consciousness is not merely an emergent property of complex interaction that has an illusion of free will, but that it may actually be an agent of free will.

And yes, I fully recognise this enters into the philosophical realm and there is no science to support these claims. I’m merely arguing that science leaves open a path that enters that realm, and from there it is up to us to make sense of it.

There is the philosophical adage “I think therefore I am”, which I do adhere to. I know I am, so I’ll consider as flawed any reasoning that says I’m not. Maybe that just makes me a particularly stubborn scientific curiosity, but I like to think I’m more than that :)

Generally, I don't think it really matters how many people are involved for the conflict resolution how many people are editing. There is one person who will reach the server first, and then the other(s) need to apply transformation(s).

But I think in your example the tricky part is when you say "each want to add their item as 3rd in the list because it is a todo list and its place in the list is important". The algorithm will be able to resolve for each of them that their item will come after the 2nd, and before what was originally the 3rd. But it will not be able to put them all on the 3rd position, of course, so it will sort their items and insert them adjacent to one another. So with 3 people inserting simultaneously into the 3rd position, one will end up in the 4th position and one in the 5th.

Easy: GritQL

But I’m heavily biased, since I’m also the one implementing GritQL support into Biome :)

Second would be Rust macros, but they’re both more difficult to write and language-specific.

What are the chances Qt is affected by this issue too?

I see that’s certainly a different way of looking at it :) Of course I can’t say with any authority that it must be wrong, but I think it’s a flaw because it seems you’re presuming that consciousness arises from physical properties. If the physical act of copying a brain’s data were to give rise to consciousness, that would imply consciousness is a product of physical reality. But my position (and that of the paper I linked) is that physical reality is a product of mental consciousness.

Thanks, that seems a fair approach, although it doesn’t have me entirely convinced yet. Can you explain what the physical form of a wave function is? Because it’s not like a wave, such as waves in the sea. It’s really a wave function, an abstract representation of probabilities which in my understanding does not have any physical representation.

You say the building does not start acting like a wave, and you’re right, that would be silly. But it does enter into a superposition where the building can be either collapsed or not. Like Schreudinger’s cat, which can be dead or alive, and will be in a superposition of both until observation happens again. And yes, the probabilities of this superposition are indeed expressed through the wave function, even though there is no physical wave.

It’s true observation does not require consciousness. But until we know what does constitute observation, I believe consciousness provides a plausible explanation.

In fact, one of the great mysteries of physics right now is why only quantum objects have that property, and in order to figure that out we have to figure out what interaction “observation” actually is.

This does not stroke with my understanding of quantum physics. As far as we know there is no clear distinction between “quantum objects” vs “non-quantum objects”. The double slit experiment has been reproduced with molecules as large as 114 atoms, and there seems no reason to believe that would be the upper limit: https://www.livescience.com/19268-quantum-double-slit-experiment-largest-molecules.html

This proves that the wave is in fact real, because we can see the effects of it.

The only part that’s proven is the interference pattern. So yes, we know it acts like a wave in that particular sense. But that’s not the same thing as saying it is a wave in the physical sense. A wave in the classic physical sense doesn’t collapse upon observation. I know it’s real in an abstract sense. I’m just questioning the physical nature of that reality.

can you define physical for me?

The distinction I tend to make is between physical using the classical definition of physics (where everything is made of particles basically) and the quantum mechanical physics which defies “physical” in the classical sense. So far we’ve only been able to scientifically witness quantum physics in small particles, but as you say, there’s no reason it can’t apply at a macro scale, just… we don’t know how to witness it, if possible.

it doesn’t require an observer to collapse the wave function

Or maybe it does? The explanation I have for us being unable to apply the experiments at a larger scale is that as we scale things up, it becomes harder and harder to avoid accidental observation that would taint the experiment. But that’s really no more than a hunch/gut feeling. I would have no idea how to prove that 😅

Do elaborate on the batshit part :) It’s a scientific fact that physical matter does not exist in its physical form when unobserved. This may not prove the existence of consciousness, but it certainly makes it plausible. It certainly invalidates physical reality as the “source of truth”, so to say. Which makes the explanation that physical reality is a product of consciousness not just plausible, but more likely than the other way around. Again, not a proof, but far from batshit.

Also, writing memory safe code honestly isn’t that hard. It just requires a different approach to problem solving, that just like any other design pattern, once you learn and get used to it, is easy.

This statement is kinda ironic after you just said it’s “easier” to just ban the entire STL and dynamic memory allocation as a whole. You already left the domain of what most consider “easy” quite a while ago.