The library also has the best chance to fix and prevent security issues systemically. I have played this game for a while now. Library engineers often want to pass the buck onto users of their tools. That is not good developer or user experience. Also crashing is the opposite of robust.
I am probably not part of the "we" you are talking about, but I had no idea "normie" means that, and I couldn't infer it from the comment. In fact I inferred a completely wrong meaning from that comment (something like "unenlightened").
Isn't "normie" a pejorative word (genuine question)?
This was the basis of my response too. It's almost never said by people in contexts where it's not pejorative, to my understanding. It's a staple of incels and the elite Mensa types. It dismisses the average lived experience because iamveryspecial.
It generally refers to a group of “normal” people. E.g in some context they are an “out” group that does not have some specialized knowledge or understanding that the “in” group would have. So it can be negative, but it generally just means someone inexperienced with the given topic area. There is an implication of otherness to using the term “normie” for the group using it but it is generally a pretty common term now. For example, imagine a bunch of policy wonks debating something in highly specific language and then someone asks “how would the normies react?” They mean, “how would people unfamiliar with the inner workings of political policy react?” Stuff like that.
It does have a negative connotation for that group in some contexts, but the usage is pretty common and softened now.
CEL seems very much in line with the Golang ideology. It looks like CEL doesn't really have any upsides at all, except for being non-turing-complete. It looks like it is more of a convenience food, for people, for whom any other syntax than what they know from mainstream programming languages is "too adventurous" or "too foreign". As if they cannot be trusted to be able to cope with another syntax. This might even be true, considering the character of Golang itself, which was created as a dumbed down lowest common denominator of several mainstream languages, so that everyone gets it. It was even missing generics for a long time, deeming them to be too complicated.
As a DSL CEL is kinda pointless, since it does not create any additional convenience beyond the usual mainstream programming language syntax. It therefore leaves potential on the table, and as a tradeoff appeals to familiarity of syntax. As a configuration language it is usable, probably with reduced risk, compared to using Golang itself (no turing-completeness!).
I don't think it actually appeals to anyone, who considers creating a DSL for a good reason.
You're missing the point of DSLs like CEL which is that they can easily be embedded. CEL is quite efficient and supports partial compilation and cost heuristics which makes it very cheap and easy to insert in a hot path that processes arbitrary customer data.
> CEL exists for Go and (safely) solves many of the problems you might also want a DSL for.
Seems like it would be difficult to use for what they are trying to achieve. Lua would be a better fit, however it is noted that they tried it first, but ran into some kind of issue with it. So now Limbo is among the "off the shelf" options.
And a VMM is going to require a lot of unsafe rust code. There are strategies to minimize it to make that surface easier to audit, but it is not a panacea for systems programming gremlins.
Out of 413,842 non-empty lines of rust code in the repository (including comments) there are 2006 instances of "unsafe", 255 of which are of the form "unsafe_" (definitely not unsafe blocks, mostly of the form #![forbid(unsafe_code)] which is an instruction to the linter to forbid unsafe blocks in the module) leaving slightly less than 1751 unsafe blocks. (Still counting comments, and type signature annotations on function pointers, and so on, but most of those 1751 will be actual unsafe blocks. A block can of course be multiple lines of code).
I don't really know what a VMM consists of, so I'm mostly surprised that this project is half a million lines of code.
It's not unsafe that causes unsafety, it's how you wield it.
- Do you know your invariants?
- Have you documented them?
- If using unsafe block, have you asserted them or guaranteed that they hold for any input?
Granted, Rust is kind of mediocre at teaching you this. It raises warning for unsafe fn without safety documentation block, but not when omittin safety comments in unsafe blocks.
No question, just pointing out where the *perceived* trustworthiness comes from. If it helps for something like a VMM it's a whole other story. Marketing gimmick.
Use OIDC. It is based on Oauth. I would fiddle with implementing basic Oauth clients first. Like a Spotify playlist fetcher or something. Just to start getting a feel for the flows and things you would be concerned with.
Built my resume with typst and know of several other folks using it for serious document typesetting. It is a very nice and modern typesetting system and language that just feels easy to make it do what I want.
It incorporates elements like templates and it is very easy to create reusable content “functions”. It is everything I want out of LaTeX while being super fast and easy to use.
Edit: pandoc can generate typst output if you want to explore :)
Wonder if this is like the old school benchmarks people would cheat on. Should not be hard to assemble a series of such puzzles and get a read on overall accuracy :)
