Hacker News new | past | comments | ask | show | jobs | submit | ports543u's comments login

Many require new projects to be written in memory safe languages. But what constitutes a memory safe language is blurry. For example, this is what the NSA says: https://readwrite.com/the-nsa-list-of-memory-safe-programmin...

Note the "suggests".


> Note the "suggests".

That’s what readwrite.com says. I think what the NSA says (or said; that is dated April 2023) is here: https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI...

I couldn’t find the word “suggest” or anything similar to it in that paper. They describe what they mean by “memory safety” and give examples of memoryxsafe languages (twice, both times the same list)


> AI Supported Test Automation?

God, no. AI represents the antithesis of quality.


While I agree the enhancement is significant, the title of this post makes it seem more like an advertisement for Rust than an optimization article. If you rewrite js code into a native language, be it Rust or C, of course it's gonna be faster and use less resources.


Is there an equivalently easy way to expose a native interface from C to JS as the example in the post? Relatedly, is it as easy to generate a QR code in C as it is in Rust (11 LoC)?


> Is there an equivalently easy way to expose a native interface from C to JS as the example in the post?

Yes, for most languages. For example, in Zig (https://ziglang.org/documentation/master/#WebAssembly) or in C (https://developer.mozilla.org/en-US/docs/WebAssembly/C_to_Wa...)

> Relatedly, is it as easy to generate a QR code in C as it is in Rust (11 LoC)?

Yes, there are plenty of easy to use QR-code libraries available, for pretty much every relevant language. Buffer in, buffer out.


It's that simple in Rust because it's using a library. C also has libraries for generating QR codes: https://github.com/ricmoo/QRCode

(Obviously there are other advantages to Rust)


nice, thanks for the link!


'of course' is not really that obvious except for microbenchmarks like this one.


I think it is pretty obvious. Native languages are expected to be faster than interpreted or jitted, or automatic-memory-management languages in 99.9% of cases, where the programmer has far less control over the operations the processor is doing or the memory it is copying or using.


It isn't obvious at all. A jit compiler has access to information that an aot compiler can only dream of. There aren't many languages which have both jit and aot compilers, though.


> A jit compiler has access to information that an aot compiler can only dream of

If you know the machine and platform ahead of time, not really. For frontend JS this isn't the case. But for backend code it absolutely is the case.

Sure, theoretically the JIT can sit in the background, see which functions are called the most and how they're call and then re-JIT pieces of code. In practice, I'm not sure how often this is done and if you even gain much performance. You MIGHT in a dynamically typed lang like JS because you can find out a bunch of info at runtime. In something like C# though? You already know a bunch at compile-time.



Java, C#?


yeah, that isn't 'many' and e.g. in java's case hotspot is a rather nice piece of engineering


The resistance to switch to ipv6, or the comfort with the ipv4-born address exhaustion remedies, only helps an internet of consumers, not an internet of peers that create and share. If you are behind NAT or CG-NAT, you can only consume, not create. You can't host a server, expose a port. You are at the mercy of the big fish.


It is the ISPs, that pretty much killed the IPv6 with their mishandled transition.

Where I'm, I can choose 1 out of 1 broadband provider available in the area. With this provider, I can either have a public IPv4 address (or several) with their CPE in bridge mode, or DS-Lite, with IPv4 CGNAT without PCP and /64 for the IPv6 addresses (i.e. no address space for subnets, no prefix distribution) AND having to use their router with the limited settings they allow.

With offers like these, is it any wonder that I stick with IPv4?


Are you sure about this? It’s in the rfc from like 1998 that ISPs should allow customers to sla for larger prefixes. I don’t know a single US isp that doesn’t allow at least a 56.

IPv6 is pointless and still a security risk but I’m guessing you’re misconfiguring something.


Yup, Liberty Global (also known as UPC) in Europe.

Assigning only /64 & no DHCP-PD. There's not much to misconfigure, since in IPv6 you have to use their router and they are pushing the config.

And since you have only /64, you cannot put another router behind theirs.


Which of course goes against what RIPE is saying:

> The following sections explain why /48 and /56 are the recommended prefix assignment sizes for end customers.

* https://www.ripe.net/publications/docs/ripe-690/#4-2--prefix...

And it's not like it's a new policy:

> RIPE-690 outlines best current operational practices for the assignment of IPv6 prefixes (i.e. a block of IPv6 addresses) for end-users, as making wrong choices when designing an IPv6 network will eventually have negative implications for deployment and require further effort such as renumbering when the network is already in operation. In particular, assigning IPv6 prefixes longer than /56 to residential customers is strongly discouraged, with /48 recommended for business customers. This will allow plenty of space for future expansion and sub-netting without the need for renumbering, whilst persistent prefixes (i.e. static) should be highly preferred for simplicity, stability and cost reasons.

* https://www.internetsociety.org/blog/2017/10/ipv6-prefix-ass...


Yes, a lot of ISPs do this even after I try to write to them explaining why it doesn't make sense. My ISP is Airtel in India, they very recently started assigning IPv6 at all but it's a single /64 only.

The other big one I know, Jio (from Reliance) also offers just a single /64.


99.99% of people who create and share things via the internet do so via centralized social media providers, and that would continue to be true if the whole world were magically IPv6-only.

I think it’d be nice to self-host things to, but it’s inaccurate and even a bit insulting to claim that the millions of people creating content on the internet today don’t exist.


> I think it’d be nice to self-host things to, but it’s inaccurate and even a bit insulting to claim that the millions of people creating content on the internet today don’t exist.

It's not just about self-hosting, but peer-to-peer clients as well.

When Skype originally came out it was P2P, but because of NAT they created (ran?) "super-nodes" that could do things like STUN/TURN/ICE. Wouldn't it be nice to be able to (e.g.) communicate with folks without a central authoritative server that could be warranted by various regimes?


I agree! I was just taking issue with the overly broad claim that being behind NAT only lets you consume, not create.


And then there are people like myself who host publicly-available internet services from my home internet service that's absolutely behind CGNAT. That makes things a bit more hassle to get working, but it's certainly possible.


And there are different kinds of big fish. You may be in a bad neighborhood, sharing IP with misbehaved actors on the digital or real world. You may get blocked, banned or snooped because there is or was a target, an attacker or someone with bad digital hygiene.


My ISP is IPv4 only and I host plenty of shit and punch plenty of holes. That’s a function of my firewall not how many bits are in my IP address.


> My ISP is IPv4 only and I host plenty of shit and punch plenty of holes. That’s a function of my firewall not how many bits are in my IP address.

Not wrong, but if you want multiple servers of the same service, you're now doing custom ports (myhost:port1, myhost:port2, etc) which isn't the end of the world, but is kind of sucky.

And if we're not talking just about servers running services, but clients that want to do peer-to-peer stuff, you also have to use things like STUN/TURN/ICE which is more infrastructure that is needed (as opposed to 'just' hole punching since your system already knows its IP(v6) address).

Given the prevalence of these technologies (kludges?) they've kind of been normalized so we think they're "fine".


That's only true if you aren't behind CG-NAT. If you are, your firewall can port forward all it wants but it won't matter, the ISP would have to also port forward to you.


Even in this situation, your ISP can port forward to you.

While not universal, some ISPs support PCP, where you can ask for a port mapping to your CGNAT-ed IP and port. They might or might not honor the external port (if it is taken, they obviously cannot), but you will get some hole punched.


> your ISP can port forward to you

But will they? Domestic ISPs are pretty hesitant to offer such, or anything at that manner.


Some do. But when they don't, it is not a fault of CGNAT - which does provide the capability -- but a fault of specific ISP, that's not willing to use it.


You can’t punch any holes through carrier-grade NAT (CGNAT).


You can, if your ISP cooperates, using PCP.


Frankly, you lost me at "if your ISP cooperates".


It is a function of the CGNAT at the ISP side. They need to have that enabled. Some do.


Did you miss the part about CG-NAT? Once your ISP runs out of their IP4 addresses and puts you behind a CG-NAT, you can punch all the holes you like; nothing is going to get to you.

At least not without doing fancy stuff like using an externally-hosted VPN to shuttle connections to you.


The GP has both versions, not just CGNAT (which would have made their comment less nonsensical):

> If you are behind NAT or CG-NAT


People seem to have misconceptions about CGNAT.

Of course you can punch holes there. CGNATs can be asked for port forwarding using PCP, unless your ISP disabled that.


I've yet to see a single ISP (I live in the US) that even allows customers to host services. If you look in the TOS for services like Comcast, AT&T, T-Mobile, etc, you'll see a part about hosting services being forbidden. And that's even for normal IP4 addresses that aren't behind CG-NAT. Now, they probably don't look too hard unless you give them reason (I hosted various things over a Comcast connection for a decade) but the rule is in there.

Perhaps it's different for a mom & pop ISP, but I don't see the big ones configuring anything that makes it easier to do what they already don't want you doing anyway. They see the inability to forward ports as a feature, not a bug.


I'm not in US, but in EU. Here, T-Mobile or Orange do not have a problem with incoming traffic, and they know that people have security cameras, doorbells, or NAS devices in their homes that they want access from outside.

So even if you expose your Home Assistant web to the wide web, no ISP is going to have a problem with that and won't interpret it as hosting services. What they really want is that you don't run a bandwidth intensive services on a consumer connection, which is going to be overbooked somewhere in their infra, causing service degradation to other users.

And for example Orange does provide PCP for their CGNAT.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: