no way? excel? and corporate programmers are not the majority of programmers? -- i mean im a non-corp programmer but i thought i was a special snowflake

tcl/tk in python is boring but gets the job done, and its not that hard to customise buttons with a canvas if you really want. i think its underrated.

Dont need to break encryption if you read data from the source -- O/S vendors will do it for you.

This argument also seems to apply to every other form of data about yourself. Once someone has access to your computer, I think the battle of preventing them from finding out about you is kinda over?

It is local, the program use a sqlite db locally and does not talk to internet whatsoever.

In that it's not necessarily different than writing your todolist on a notebook - someone other than you could have got hold of that and read it - say if it's on a shared shelve.

I think GP isn’t complaining specifically about this program, but about others which may hang around and access this data. Notice that recall is specifically mentioned. I think the issue is more with the general lack of separation between applications’ data.

if you're ultra paranoid and want a private OS to read / write - tails and set up a home directory on a thumbdrive

Thats pretty much the only option. Doesnt need to be tails either, just a simple linux with no networking.

i remember playing with mode 13h, writing little graphics programs with my turboc compiler. computers were so magical back then.

yes sure you can come into america, straight into a holding cell until you hand over your pins/passwords or go back home.

Unlikely, but if that did happen an army of lawyers would be willing to help pro bono for such a constitutionally critical case.

Never comply with such nonsense.

An army of lawyers will not make the jail cell more comfortable when ICE has decided to make you suffer. The Supreme Court has seen to that.

so does the rust compiler check for race conditions between threads at compile time? if so then i can see the allure of rust over c, some of those sync issues are devilish. and what about situations where you might have two variables closely related that need to be locked as a pair whenever accessed.

> so does the rust compiler check for race conditions between threads at compile time?

My understanding is that Rust prevents data races, but not all race conditions. You can still get a logical race where operations interleave in unexpected ways. Rust can’t detect that, because it’s not a memory-safety issue.

So you can still get deadlocks, starvation, lost wakeups, ordering bugs, etc., but Rust gives you:

- No data races

- No unsynchronized aliasing of mutable data

- Thread safety enforced through type system (Send/Sync)

and you can have good races too (where the order doesnt matter)

Yeah it's worth emphasizing, if I spawn two threads, and both of them print a message when they finish (and don't interact with each other in any other way), that's technically a race condition. The output of my program depends on the order on which these threads complete. The question is whether it's a race that I care about.

> what about situations where you might have two variables closely related that need to be locked as a pair whenever accessed.

This fits quite naturally in Rust. You can let your mutex own the pair: locking a `Mutex<(u32, u32)>` gives you a guard that lets you access both elements of the pair. Very often this will be a named `Mutex<MyStruct>` instead, but a tuple works just as well.

In rust, there are two kinds of references, exclusive (&mut) and shared(&). Rustc guarantees you that if you provide an exclusive reference, no other thread will have that. If your thread has an exclusive reference, then it can mutate the contents of the memory. Rustc also guarantees that you won't end up with a dropped reference inside of your threads, so you will always have allocated memory.

Because rust guarantees you won't have multiple exclusive (and thus mutable refs), you won't have a specific class of race conditions.

Sometimes however, these programs are very strict, and you need to relax these guarantees. To handle those cases, there are structures that can give you the same shared/exclusive references and borrowing rules (ie single exclusive, many shared refs) but at runtime. Meaning that you have an object, which you can reference (borrow) in multiple locations, however, if you have an active shared reference, you can't get an exclusive reference as the program will (by design) panic, and if you have an active exclusive reference, you can't get any more references.

This however isn't sufficient for multithreaded applications. That is sufficient when you have lots of pieces of memory referencing the same object in a single thread. For multi-threaded programs, we have RwLocks.

https://doc.rust-lang.org/std/cell/index.html

This was a primary design goal for Rust! To prevent data races (and UAF and other types of memory unsafety) by construction through the type system.

No, it does not.

Rust approach to shared memory is in-place mutation guarded by locks. This approach is old and well-know, and has known problems: deadlocks, lock contention, etc. Rust specifically encourages coarse-granular locks by design, so lock contention problem is very pressing.

There are other approaches to shared memory, like ML-style mutable pointers to immutable data (perfected in Clojure) and actors. Rust has nothing to do with them, and as far as I understand the core choices made by the language make implementing them very problematic.

> There are other approaches to shared memory, like ML-style mutable pointers to immutable data (perfected in Clojure) and actors. Rust has nothing to do with them, and as far as I understand the core choices made by the language make implementing them very problematic.

Would you mind elaborating on this? At least off the top of my head a mut Arc<T> seems like it should suffice for a mutable pointer to immutable data, and it's not obvious to me what about actors makes implementing them in Rust very problematic.

mutable pointers to immutable data is the ticket.

It entirely prevents race conditions due to the borrow checker and safe constructs like Mutexes.

Logical race conditions and deadlocks can still happen.

Rust's specific claims are that safe Rust is free from data races, but not free from general race conditions, including deadlocks.

ah i see, thanks. i have no idea what rust code looks like but from the article it sounds like a language where you have a lot of metadata about the intended usage of a variable so the compiler can safety check. thats its trick.

That's a fairly accurate idea of it. Some folks complain about Rust's syntax looking too complex, but I've found that the most significant differences between Rust and C/C++ syntax are all related to that metadata (variable types, return types, lifetimes) and that it's not only useful for the compiler, but helps me to understand what sort of data libraries and functions expect and return without having to read through the entire library or function to figure that out myself. Which obviously makes code reuse easier and faster. And similarly allows me to reason much more easily about my own code.

The only thing I really found weird syntactically when learning it was the single quote for lifetimes because it looks like it’s an unmatched character literal. Other than that it’s a pretty normal curly-braces language, & comes from C++, generic constraints look like plenty of other languages.

Of course the borrow checker and when you use lifetimes can be complex to learn, especially if you’re coming from GC-land, just the language syntax isn’t really that weird.

Agreed. In practice Rust feels very much like a rationalized C++ in which 30 years of cruft have been shrugged off. The core concepts have been reduced to a minimum and reinforced. The compiler error messages are wildly better. And the tooling is helpful and starts with opinionated defaults. Which all leads to the knock-on effect of the library ecosystem feeling much more modular, interoperable, and useful.

It's really an ML with type classes and a better syntax (and a non-stupid module sublanguage) that also just happens to be more C-like.

I think you’re misconstruing the argument. Those of us that dislike the rust syntax feel at least that strongly about c++. They’re both disasters.

Thread safety metadata in Rust is surprisingly condensed! POSIX has more fine-grained MT-unsafe concepts than Rust.

Rust data types can be "Send" (can be moved to another thread) and "Sync" (multiple threads can access them at the same time). Everything else is derived from these properties (structs are Send if their fields are Send. Wrapping non-Sync data in a Mutex makes it Sync, thread::spawn() requires Send args, etc.)

Rust doesn't even reason about thread-safety of functions themselves, only the data they access, and that is sufficient if globals are required to be "Sync".

valve is just as ambitious as microsoft or google, they just appear to be the good guy for now because theyre trying to gain some ground on evil corp, and linux is one of the only openings they (or anyone) has got.

The only proprietary, steam client itself, you can fork their stack build your own store if you like.

That made me smile, well done and thanks Lennard! (do recommend setting colors = False though)

> My goal now is to use less words to convey an idea. Everyone's interpretation of words is different, so using more precise language will just muddle your ideas.

What?

It's easy to lose yourself in a sentence if it's not clearly thought out. Something about talking more to mask ones ignorance, or something like that. Forcing yourself to use short sentences a la simple English snaps you out of that.