chrysn

joined 5 years ago
[–] chrysn@chaos.social 4 points 1 year ago

The very same type of mistakes happens in file systems even without URIs being involved. Directory traversal checks look simple but sooner or later need hard-to-understand symlink following rules. Enforcing processor policy has terrible portability there (it even only became practical on Linux with landlock), but nonetheless I think it's preferable.
Not mixing URI parsers is a good advice for when processor policies are unavailable – but let's try to make them available more often.

[–] chrysn@chaos.social 1 points 1 year ago (2 children)

@snaggen I think the better lesson than "don't mix URI parses" here is "don't LBYL, rely on EAFP". Many "Look before you leap" (LBYL) schemes are subject to variations of time-of-check/time-of-use errors. It's preferable to not sanitize input, but tell the processor what the policy on processing is; when it comes to a violation, it's easier to ask forgiving (i.e. report the error) than permission (EAFP).

[–] chrysn@chaos.social 1 points 1 year ago

@0xsaksham @snaggen Last polls I saw, the #RustLang hashtag (it's case sensitive, but capitalization helps for accessibilisy) was a tad more popular than #Rust due to the latter's ambiguities.

[–] chrysn@chaos.social 1 points 1 year ago

@jvisick That process is completely intransparent to anyone approaching this without preexisting knowledge of that Lemmy instance. Do you know who runs that account? They should really make a note in its metadata.

[–] chrysn@chaos.social 1 points 1 year ago

My impression is that they are using WASM primarily from the browser, which really is a no-std shaped environment. Using WASI there would be as much of a band-aid as is emscripten.

[–] chrysn@chaos.social 1 points 1 year ago

@Vorpal Having a free implementation of 802.15.4 is very good news. The initialization blob is still a downside compared to Nordic chips, but it's good progress and shows that they're interested in doing it right. I'm hoping it'll be blob-free eventually for all their radios.

[–] chrysn@chaos.social 1 points 1 year ago (1 children)

I know painfully little of ActivityPub, but from a protocol design PoV, Lemmy altering its behavior when it sees Mastodon doesn't sound desirable. I'd rather put metadata in the toots that allow better decisions, or even have two entities (linked by metadata) for channel-top-posts and channel-everything, if the latter is needed at all.

[–] chrysn@chaos.social 0 points 1 year ago (3 children)

Ah -- things do indeed start popping up once I follow it, and in mastodon terminology, the community is boosting every single comment. I'll try that for some time to see if it's practical, but it's probably overkill.

[–] chrysn@chaos.social 0 points 1 year ago (4 children)

Even subscribing to the communities is a somewhat theoretical thing – I can see https://lemmyrs.org/c/meta as @meta and follow that, but none of its posts are shown. (Or do only new posts show up once someone on my server is following it?)

[–] chrysn@chaos.social 1 points 1 year ago

@Sibbo It's been a wild ride ridden with back-and-forths about where where Self: 'a goes and whether it's needed, but that's largely past (now that it's stable), and my use case (the coap-message crate) works fine with it.