Hacker News new | past | comments | ask | show | jobs | submit | conroy's comments login

Did a crazy thing and adopted Bazel for our two person company. Took a while to get everything working, but the average build takes about 30 seconds to run, across Go / Rust / TypeScript.

wasmtime works as long as you make sure to include the lib directory

    % wasmtime run --dir .::/ python.wasm -c 'print("hello world")'
    hello world 
disclaimer: I run a code execution API service (https://riza.io/playground) that does this and more (HTTP, packages, etc.)


Wow that's almost what I want.

    wget https://github.com/brettcannon/cpython-wasi-build/releases/download/v3.13.0/python-3.13.0-wasi_sdk-24.zip
    unzip python-3.13.0-wasi_sdk-24.zip
    wasmtime run --dir .::/ python.wasm -c 'print("hello world")'
So far so good! But... it looks like that --dir option mounts the current directory as both readable and writable:

    wasmtime run --dir .::/ python.wasm -c 'print(len(open("python.wasm", "rb").read()))'
    # Outputs 28775526
But malicious code can break the system like this:

    wasmtime run --dir .::/ python.wasm -c 'open("python.wasm", "wb").write(b"blah")'
And now it fails with an error if you try to run it because we over-wrote python.wasm. Even if I move python.wasm out of the current directory I'd still be able to break things by breaking those other lib files.

Although... I guess I could use unix filesystem permissions to make those read-only? That could work.


This is just a limitation of the wasmtime CLI. The full Rust API let's you mount filesystems as read-only. Not sure why it's not exposed as an argument.


Thanks - I just found an open issue for exposing that in the Python API: https://github.com/bytecodealliance/wasmtime-py/issues/251


You might need to wrap the wasmtime command in firejail or bubblewrap with appropriate arguments to get the operation restrictions you want.


While that might be a workable stop gap, there is zero reason why this couldn’t be handle in the wasi shim layer. This is exactly what wasi was designed for.


s/disclaimer/shameless plug/ :P Nothing wrong with it, but not really a disclaimer.


> .::/

whats this magic


Wild speculation based on very little understanding of WASI/WASM:

Perhaps "--dir .::/" means treat the host directory "." as the guest directory "/"?


Make sure you're looking at the new schedules (https://www.caltrain.com/media/33909) which go into effect on September 21 of this year. The slowest trips between SF and Sunnyvale are ~65 minutes and the fastest is ~50 minutes.


Thanks, missed that in my efforts.


I'm curious how this performs compared to River https://riverqueue.com/ https://news.ycombinator.com/item?id=38349716


I think it would be tough to compare. There are client libraries for several languages, but the project is mostly a SQL API to the queue operations like send, read, archive, delete using the same semantics as SQS/RSMQ.

Any language that can connect to Postgres can use PGMQ, whereas it seems River is Go only?


You can see the latest stats here: https://bsky.jazco.dev/stats

Around 200,000 folks liked a post today.


amazing interactivity on those charts. anyone know what is the framework/toolkit for them? i'm not seeing any clues jump out at me in the DOM.


found it. apache echarts via echarts-for-react


> I would think a much less explodey way of shimming out untrusted code would be an in-memory filesystem so things blow up less

Filesystem access is the first item on our roadmap (https://docs.riza.io/reference/roadmap). If you want to see it in action, try opening /src/code.py. While adding an in-memory filesystem would be easy, we want to make it usable for reading and writing potentially large files.

> I guess put another way: who is the target audience for this?

Our customers are using our API to run LLM-generated code, build plugin systems, and power customer-defined data transformations.


In this case, a HTTP API is the abstraction. Integrating with ACH and other payment rails requires a lengthy integration process. Sometime you have to send binary files using FTP!


The article says “no abstractions”, but HTTP is often exactly that: an abstraction over lower-level protocols.


I guess the phrase "no abstractions" is specifically valuable to us when designing our REST API resources - our whole stack is certainly an abstraction of sorts, but we don't want to add yet another abstraction in that specific layer.


Just wanted to say that I appreciated the article :) Using well-designed APIs is great, and seeing people putting a lot of thought on it, with the intent of improving dev experience, is very refreshing. I've dealt a lot of technically impressive Free Software projects that didn't focus on this as much, and as a result, using their libraries was harder.


Thank you!


My interpretation is that they meant domain-level abstractions. So, their API endpoints won't try to hide details about the underlying payment methods through abstractions, because that works best for those users.

The API being implemented with JSON over HTTP isn't related to the domain of processing payments, so I don't see it as a contradiction to the article's title.


perhaps what you're thinking of is "equal entropy abstractions" - HTTP is just a way of standardizing logic, but the complexity of the shape and behavior of the API remains.


I understand that California High Speed Rail isn't a popular project on HN, but to claim that it hasn't broken ground is just wrong. There are numerous completed structures and a clear plan to get high-speed trains running from Merced to Bakersfield by 2030.


I will admit to never visiting either city, but my impression is that they are car dependent without major subway service? Probably some bus line with very local service?

It’s like 2-3 hr drive between the two cities, and at both end you have to navigate auto transport, most likely a rental though maybe Uber would work out but at greater cost for anything beyond a single destination. I would imagine most people would just opt to drive, since they need a car at either end of that line?


Don’t 2 million people fly between Los Angeles and San Francisco every year?


I think they're referring to Bakersfield and Merced


Yes I thought I was replying to a thread about Bakersfield and Merced.

LA to SFO would be worthwhile but probably much harder.


The ultimate plan is LA->SJ, which is a reasonable compromise and avoids a lot of the reasons why connecting to SF directly via HSR is impractical (it would essentially require a complete reworking of Caltrain to accommodate HSR trains, because there's no alternative anyone would accept to build another parallel rail line up the peninsula).


Not sure what you mean - California HSR trains will go into San Francisco as part of Phase 1 (which is really the second phase, the Initial Operating Segment (IOS) I guess is like Phase 0). They're doing electrification and upgrades of Caltrain there to accommodate it.


There used to be a rail line up the coast.


According to: https://hsr.ca.gov/wp-content/uploads/2023/07/Merced-to-Bake...

Between Sacramento and Merced, and LA and Bakersfield, there will be a "high speed rail bus service". For other parts there will be regional commuter train and bus services.

Then, eventually, it'll become: https://hsr.ca.gov/wp-content/uploads/2021/03/Business_Plan_...


Yup. And the station in Los Angeles will be far east of downtown. So if you take Amtrak into LA you'll have to take a taxi or a bus to further transfer to Los Vegas.


They’re referring to a different California HSR.

Also, for the Las Vegas link, the terminus is on the Metrolink line so you can take a commuter train from Union Station. People taking Amtrak from points east could get off at the Ontario station and it’s a relatively short taxi/bus ride to the RC terminal (Amtrak uses a different set of tracks coming into L.A. from the east than the Metrolink station serving RC). I suppose it would be feasible to extend the line a little further south to connect with Amtrak should there be demand (if they went to the Ontario station, then the Ontario airport could also be integrated into the service).


Strange because the San Francisco terminus is downtown


the CAHSR station is at LA's Union station, which I think is the context of this set of comments. The line to Vegas (brightline west) does indeed end (for now) in Rancho Cucamonga with plans to continue on to LA's Union Station


That Merced to Bakersfield line is characterizes as from nowhere to nowhere in How Big Projects Get Done. It’s one of the few negative examples in the book that stuck with me. It’s embarrassing.


Merced to Bakersfield is exactly right. Build it there first, figure out how to build it, fuckup where it's cheaper and gain the experience so when you have to tear up downtown LA and SF you know what the fuck you're doing and can get in, get it done right the first time, and then get out. No one wants to live in a construction zone, but it's worse when something goes wrong and the construction zone lasts 3x longer than it has to.


On the other hand, how many additional people would be served by the infrastructure if they would just be brave and take a risk on an imperfect solution rather than bickering about it for X years or decades?


the bickering is why it's so expensive, but unless you have a way to get other people not to file lawsuits, that's the system we have.


This, exactly. We Americans have very little knowledge base on how to build HSR, so it's as much a workforce training and proving ground as it is a functional line.


You would think we would just hire the dutch/swiss/italians (take your pick out of europe) to come build our HSR, similar but opposite of how we destroyed their cities when they brought in our 'traffic engineers' in the 60s and 70s.


I wouldn't say there's a technical knowledge gap insomuch as there are regulatory and political issues in the cities that need more time to resolve than building a line through farm country & desert do.


I know next to nothing about this project but isn’t this a way to build a train line somewhat cost effective? Once it exists, the land around both stations will increase in utility until it’s no longer a “nowhere”. If you build downtown to downtown you have to either dig a massive, expensive tunnel or buy up a lot of high value land or both. Perhaps it’s won’t break even for half a century but if it eventually does, it will be a success.


It's my theory partly why China has smashed out so many thousands of km of HSR and what appear to be excessively wide highways (other than prestige and a general vibe of governance=more, bigger infrastructure). In 100 years when the ossification and NIMBYism is the norm, the rail corridor land is already there. Renovating a line that already exists may not be easy, but it's easier than prizing land out plot by plot, and even in China that's a huge hassle. Plus the hard physical bits like blasting tunnels and digging cuttings is already done before labour costs succumb to spiraling cost disease.

Then again, at about $45 million per mile, it's actually not even that much more expensive that Chinese HSR: to build the current 45000km of rail at the LV-LA price would be $1.25 trillion, which isn't vastly more than the Chinese system has cost so far. In fact it's very roughly about as much as the US spends, per year, on healthcare on top of what European countries pay for the same outcomes (total annual spending: 4.2 trillion and a bit, or 12.5k per person, vs global number two, Switzerland, at 8k: about 1/3, not far from 1.25/4.2!)


Build it and they'll come? At least one end has to be somewhere people want to be, right? A line from London into the countryside makes sense. You can live in the countryside and work in London. A line from nowhere to nowhere is a chicken/egg problem. Now if one end is an Airport and another is a new community who will have jobs at the airport, that might work.


I don't know whether people want to be in Merced or Bakersfield, but de facto, plenty of them are there.


They both are university towns (UC Merced and Cal State Bakersfield); given that academics are generally positively inclined towards public transit a line could encourage collaborations, I suppose.


I agree. I can imagine tourists traveling to Merced to see the high speed rail in all its glory. Bakersfield is already a hot tourist destination because of Buck Owens and The Hag, but adding high speed rail will make it even more attractive as a “must see” attraction when visiting the golden state.


There's also a plan to connect to SF and LA eventually.

Those will be built as (if) they are funded. The only funding currently secured is the bakersfield to merced leg.

The problem is, that leg is nowhere to nowhere and is going to cost over 100B dollars. Most people take that to mean that it's incredibly unlikely that the more costly portions of the route (the ones that make it useful) will ever get built as they will be absurdly expensive.


Yes. Thats what they’re doing. The bright line company are mostly real Estate investors.


I was just looking up the LA to SF high speed rail project because the headline sounded so wrong. It's so sad that the official website has a giant photo of their progress: a short section of clean, straight overpass over a country road, with nothing connected to either end, an island of rail infrastructure plonked down in the middle of California. Sigh.

https://hsr.ca.gov/

I know that there are many factors affecting progress, but it's depressing that we can't get to consensus on building infrastructure.


That's the first stage of any rail project - in California they have literally build hundreds of these unconnected bridges, viaducts and embankments. Same thing with HS2 in the UK.

Connecting them all up with rails and catenary is the (relatively) cheap, quick and easy bit, and it's done at the end - it's exactly all these structures (and the stations, which will likely be the next phase) that take all the time and money.


_Presuming_ that the rest of it gets done, it likely makes a lot of sense; you get the difficult bit (starting up high speed rail construction and operation in a country, and indeed a continent, which has never done it before) out of the way in a presumably _relatively_ low-stakes section; if you're going to have teething problems, and you will, better to have them there than when you're trying to go through a mountain range.


Funny how in the US places with 500k people are 'nowhere'.


When it was supposed to go from LA TO SF for less money than they’re going to spend on this route? Yes.


> from Merced to Bakersfield

“and, by gum, it put them on the map!”


Bakersfield was already on the map. Not any sort of map you’d want to be on, but still…


It's ironic that Merced and Bakersfield get shit on when it's the coastal Bay Area and LA people that are the actual problems standing in the way of making the rail...


I don't know much about Merced, but the reasons that Bakersfield gets shit on have nothing to do with high speed rail and more to do with its reputation for meth, crime, and generally being a shithole to live in or even pass through. I suppose one might find this “ironic”, for very interesting definitions of “ironic”.


I'm well aware of Bakersfield's problems. And yet, the area was able to handle implementing the initial steps of high speed rail, and the Bay and LA weren't (for whatever eminent domain / NIMBY reasons). So it's funny to me to see LA/Bay people give Bakersfield crap: "ugh why is the rail over there". Well, because you LA/Bay people couldn't.


Way back in the day, it was notable for the Bakersfield sound.[0]

[0]https://en.wikipedia.org/wiki/Bakersfield_sound


Merced has two state universities, though. Bakersfield has … Devin Nunez


Bakersfield has a Cal State.


I got that reference.


Will that segment of CAHSR be able to run at full speed? The plans have changed so much that it's hard to find a good and up to date source, but my understanding was that to save money a good chunk of phase 1 isn't going to be running at "HSR" speeds. e.g. it'll be sharing track with freight trains, and some routes were made windy-er to save money (with the side effect of limiting speeds)


It's supposed to run at 220mph, which is significantly faster than the project described here.


What parts are supposed to run at 220mph? I know for a fact that the Bay area segment won't[1], same for other areas like the LA metro

[1]: https://hsr.ca.gov/high-speed-rail-in-california/project-sec...


From Gilroy to Burbank, it will run at top speed to make up some lost time from the Bay area segment. FWIW the BA segment will run at 110mph.


I'm in the bay area and literally nothing they've designed around here is going 220mph unless they a going to be banking the tracks 40 degrees and doing a TON of ground breaking engineering around safety to run at 220 mph safely while sharing with Caltrain and other users.


> be sharing track with freight trains

That's a lie.

> windy-er to save money

The opposite: some segments are longer, more complex, and more expensive to gratify some NIMBYs and influential congressmen.


> to get high-speed trains running from Merced to Bakersfield by 2030

Isn't that going to be the world's slowest "hi-speed" train ?


220 miles per hour is nothing to sneeze at.


That’s 50% faster than Acela (150mph) which isn’t nothing, but doesn’t make much of a difference on its own. What’s actually important is maintaining high speed for most of the trip which is where Acela fails (~70.3 mph).

https://en.wikipedia.org/wiki/Acela


> What’s actually important is maintaining high speed for most of the trip which is where Acela fails (~70.3 mph).

Reminds me of high-speed rail in France vs high-speed rail in Germany. To the point that newer Siemens trains will have a lower top-speed, because "there is no demand for it".


In France, it depends a lot on the lines : Paris-Lyon has average of 270 km/h (167 mph); Paris-Bordeaux clock at around 300 km/h (186 mph) while Paris-Brest is more at 200 (124 mph). It is interesting to note that it often seems ti correlate to the age of the line, with Paris-Bordeaux being the most recent.


Yes, but they are limited by the technology used to build the line, and by how the lines were traced, but not because their high-speed trains need to stop at every city center or run on "winding" tracks, as is the case in Germany.

The Paris-Lyon line is by far the oldest, and is top-speed limited because of how it was traced. (And also because of its out-dated security system that is in the process of being changed)

The Paris-Brest line stops being a high-speed track in Rennes, so even if the first part is fast, it's still a long way to Brest on conventional tracks.

The newer lines are faster, as they are designed for theoretical operational speeds of 350 km/h, with a current operational top speed of 320. (LGV Sud Europe Atlantique, LGV Rhin-Rhone, LGV Est, and even the LGV Bretagne Pays-de-Loire going to Brest)


If I understand it correctly the definition of high speed rail in the UK is above 125mph. Apparently that's the fastest you can safely use conventional line side signalling (traffic lights).


Yes, that annoyed me. What they really mean is that they claim this rail line will be in operation before CA High-Speed Rail. I find that hard to believe, but I would be happy to be surprised.


While construction only just now broke ground formally, this project has been around (under different companies) since before Prop 1A for CA HSR was passed, and has already done all route planning, environmental clearance, and right-of-way acquisition, on a simpler route with fewer stations (even compared to the CA HSR Early Operating Segment, though Brightline West is longer.)


> There are numerous completed structures and a clear plan to get high-speed trains running from Merced to Bakersfield by 2030.

It would be more embarrassing if that gets built than if it doesn’t. Echos of Ted Stevens’ bridge to nowhere.


> high-speed trains running from Merced to Bakersfield

I lived in CA for 15 years. I've been all over it (incl central ca). This would be such a pyrrhic victory, that I lack words! Who the hell needs to commute enough between those two god-forsaken places to justify the billions spent on this?


What's the justification for the far more expensive SR-99 that serves the same route?


Trucking - lots of agriculture and other transport shipped through 99


So it's an important commercial route but with no passenger demand? What a geographic oddity! I bet you'd be hard-pressed to find any other examples of that, anywhere.


Not really. Cargo uses very different routes than people commonly. How many people travel from Shenzhen to the port of Oakland? Now how many cargo containers?


Wow you got me there. I'm cancelling my Oakland-Shenzen train project right now.


Nobody will use it. A majority of the demographic see it as a Washington disaster Trump stopped but Biden turned the construction back on.

Everyone owns a car and carpooling is trivial. Most homes have one car per adult.

There’s nothing of interest between Merced and Bakersfield. These were towns that grew from the old 99 freeway from Sacramento to Bakersfield and then on to LA.


Except that it was a state-driven project, initiated and given state funding by proposition 1A.


Operative phrase: "see it as". I can anecdotally confirm that central-valley relatives of mine bring up HSR as a reason not to vote for Biden. The Democrat = Democrat logic is strong, I suppose, even if the ignorance about federal structure is profound.


The article does actually mention that, towards the end.


NOBODY CARES ABOUT MERCED TO BAKERSFIELD. that's 100k people connected to 400k people. who cares. and it will not be ready by 2030, it'll be 2033. and that means SF to LA will be at least 2040. its absolutely insane and everyone managing that project should be fired and sentenced to 10 years of hard labor.


GearLab uses the same model as Consumer Reports. No sponsored content, they buy all the products themselves, etc.

https://www.outdoorgearlab.com/about


Looks like they do use affiliate links though, which means they have an incentive to recommend items sold on sites that will give them higher affiliate commissions.


FYI Consumer Reports also uses affiliate links now. I'm of two minds about it. OTOH it creates an incentive to recommend more items and more expensive items. OTOH I like that they capture some revenue that can go to furthering their mission.


Guess Wirecutter is in the same boat, then.


> Tesla FSD navigating the complex city streets of LA for 60 minutes with zero human intervention.

17 fatalities, 736 crashes: The shocking toll of Tesla’s Autopilot

https://www.washingtonpost.com/technology/2023/06/10/tesla-a...


Without any comparison to humans those numbers are completely meaningless


> Without any comparison to humans those numbers are completely meaningless

I disagree.

What I want to know, is is it safe? Not is it safer than the average human driver, but is it safe in an absolute sense.

When a human driver crashes we can almost always pin the cause down to human error. Errors caused by some human failing, being less than they could be. The promise of machines is that they are consistent. They are never "less than they could be", but are consistently at their best.

Comparing humans and machines is comparing dogs and roses - it is interesting a rose smells better, interesting a dog is more loving (or fierce), but not a valid comparison

Self driving cars stand or fall on their own capabilities.


1. It's the adaptive cruise control, not the FSD.

2. What would a good absolute number for that period be? Our threshold can't be zero or we'd have to give up every technology from showers/baths (~60x more deadly) to fresh produce (E. coli, salmonella, listeria).


> 2. What would a good absolute number for that period be? Our threshold can't be zero or we'd have to give up every technology from showers/baths (~60x more deadly) to fresh produce (E. coli, salmonella, listeria).

Zero accidents caused by the failure of the software. (Clearly a good system may have some obscure bug that makes it fail - but failure of a self driving system should cause uproar and consternation - unlike the reaction of Tesla to the deaths caused by their systems, it seems)

If I slip over in the shower it is not because the shower head went rouge and strangled me. If a shower was designed that in the period of one year strangled eleven people (a fair comparison to Tesla's record) imagine that?

Point being your comparisons (food poisoning or household mishaps) are not relevant


- It's not clear why you no longer care that a technology is killing a lot of people if there's a human in the loop that you can blame. If a driver runs over your sister/son/friend, does it matter if you can blame someone?

- About 43,000 American motorists died in 2021. If we have a way to prevent many of their deaths with software, would you not want to unless you could prevent every death?

- Why is a software tool failure different from any other tool failure? Brakes can fail, wheels can fall off) (happened to me once), etc. Listeria in produce is a failure in the production chain. Showers can be made safer. You use your car/shower/spinach and some day, for reasons entirely beyond your control, it might kill you.

- Why isn't the driver to blame in a Tesla? They're supposed to be watching and responsible.

- There's no clear distinction between what's a software failure and what isn't. Collisions have multiple contributing factors. Perfect software will still have collisions. The numbers reported aren't just collisions where the Tesla was at fault. One person was killed by a self-driving vehicle when a person jumped a concrete barrier and ran across the highway at night. The human driver couldn't react in time, and the software didn't see them. Is that a software failure? At what point do we accept that a collision is no longer the car's fault?


Sure it's different whether you were hit by a malfunctioning machine that was confused by sunlight or whether you were hit by a driver who wasn't paying attention because they texted. In one instance you have the person genuinely apologize to you while in the autonomous car case, maybe there wasn't a passenger at all.

But on the other hand, if you can identify the most accident prone group of humans, and require them to use AI cars, and with this you could significantly reduce the number of road kills/accidents, wouldn't that be an improvement?


That's the number of crashes where Autopilot was enabled, not the number where it was at fault. So its a meaningless number.


He means under their supervisor control. There are "normal" people who do their best to cause a crash.


Autopilot is just fancy cruise control. How many crashes have there been with cruise control turned on? It's just a completely meaningless thing to even look at. How many crashes would there have been during those miles without autopilot?


Tesla doesn’t sell Autopilot as cruise control though.


Because even if they did, would still be worst than many others.

"Ford’s BlueCruise Ousts GM’s Super Cruise as CR’s Top-Rated Active Driving Assistance System - Tesla Autopilot falls to midpack as other high-tech systems improve" (Jan 2023) - https://www.consumerreports.org/cars/car-safety/active-drivi...

"...Of the 12 ADA systems we just finished testing, Ford BlueCruise came out on top, followed by Cadillac Super Cruise and Mercedes-Benz Driver Assistance. Tesla, once an innovator in ADA with its Autopilot system, fell from its second-place showing in 2020 to seventh this time around—about the middle of the pack. That’s because Tesla hasn’t changed Autopilot’s basic functionality much since it first came out, instead just adding more features to it, says Fisher...

...“After all this time, Autopilot still doesn’t allow collaborative steering and doesn’t have an effective driver monitoring system. While other automakers have evolved their ACC and LCA systems, Tesla has simply fallen behind.”..."


Yes they do? Autopilot is standard in all Teslas, which is different from the Tesla FSD (Beta) that Mercedes is being compared to here.


Just because you crash that doesn't mean you aren't able to navigate without human intervention. Humans are also capable of crashing their car.


You're right, that is shockingly low! 43,000 people die in car crashes in the US every year, and only 17 in Teslas since 2019. That's only 1 in 7500.


These statistics are meaningless.

How many Tesla cars with full self driving are there compared to regular cars?

A Tesla with FSD will only be using FSD a small fraction of the time.

If we had statistics on the number of hours FSD was active compared to the number of hours all other car driving of all cars we might be able to compared these numbers.

Hour wise, I think normal driving is way above 7500:1.


Why are people willing to excuse things because they happen in a car? If an AI power tool were going haywire once in a while and chopping the arms off of bystanders near by, would we find that acceptable because people using non-AI powered tools also chop off their body parts sometimes? 'We can't know if it would have happened if a person were in control' is not an argument that would fly for anything else just as dangerous.


> would we find that acceptable because people using non-AI powered tools also chop off their body parts sometimes?

Yes, if the AI power tools chop off less limbs than the human controlled power tools, I would find that acceptable.


For that to be meaningful, one would have to consider what proportion of miles driven are in teslas, and where.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: