Formerly /u/neoKushan on reddit

  • 0 Posts
  • 68 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle
  • Am I correct in saying that you’re used to languages that aren’t type safe? Or at least not as strict about it.

    Everything you’re describing sounds more like you’re struggling with type safety in general and I wouldn’t say any of those packages are at fault, in fact I’d even go further and say they’re like that by design.

    The reason you don’t actually want any of those separate packages to be more interoperable out of the box is because that would couple them together. That would mean dependencies on those packages, it would mean if it wanted to use something else then you’d be a bit stuck.

    Like I’d question using a uuid as a salt, like it’s fine and I get why they’re suggesting it, but you can use anything as a salt so why couple yourself to a specific uuid library? Why couple yourself to uuids at all.

    Side note: I’m guessing the reason the crate expects you to supply your own salt is because you need to also store the salt next to the password hash, if it generated the salt for you there’s a chance you might ignore the salt and suddenly not be able to validate passwords.

    Anyway…

    The only way you could make these separate packages work dramatically together and without coupling them would be to use a universal type - probably a byte array - and at that point you lose most of the benefits of a strong type system. What are currently compile errors become runtime errors, which are much worse and harder to diagnose.

    My suggestion to you would be to reframe your thinking a little, think less about how you can make different crates speak to each other and more about how you convert from one type to another - once you crack that, all of these integration problems will go away.




  • That’s not quite accurate.

    The onion’s bid was technically lower overall, but they made an agreement with some of the victims of Jones’ harassment that would make them better off overall.

    Essentially one group is legally owed 97% of the proceeds of the sale while everyone else gets what’s left. The agreement was that instead of a 97:3 split, the smaller group gets a bigger payout and the larger group gets a cut of future ad revenue.

    Everybody wins in this arrangement, except Alex Jones. So everyone wins.







  • People blame Google for the death of jabber because of one blog post from a disgruntled contributor but the truth is jabber was never popular and Google chat died as well.

    Jabber was a mess, most of the clients were barely compatible with Each other and it was a wild west of feature support. Some clients were well featured with the ability to send richer messages, but typically only worked with a specific server and the same clients. Jabber did a crap job at making sure clients and servers interacted properly with each other and didn’t push the standards quickly enough, forcing clients to do their own thing.

    Which is all Google did, they went their own way because nobody used jabber and the interoperability was causing more harm than good. It didn’t work, Google talk died and many years later clients like WhatsApp took over instead.


  • I’m on the side of “automate it all and stop whining”, but I do think it’s important not to so readily dismiss the thoughts and opinions of those this directly affects in favour of the opinions of the security researchers pushing the change.

    There are some legitimate issues with certain systems that aren’t easily automated today. The issue is with those systems needing to be modernised, but there isn’t a big push for that.