I think this is right about Rust and Cargo, but I would say that Rust has a major advantage in that it implements frozen + offline mode really well (which if you use, obviously significantly decreases the risks).
Any time I ever did the equivalent with NPM/node world it was basically unusable or completely impractical
Because it doesn't perform as advertised: wild amounts of inconsistencies in behavior (within and between versions), performance issues (pnpm exec adds 15s to all shebang'd execution time over npm/yarn/bun/etc.), etc. Version-to-version stability has been traditionally bad - it's half-baked software.
Claude doesn't know this, of course, because it can only read superficial summaries posted on the internet and has zero real experience actually using this dumpster fire.
This is what makes the ‘successful’ parts slightly off to me. I get that she is successful, she is well known, presumably made good money etc - but in some sense it’s the machinery behind her that has been successful in using her. Everything she is, is just a brand created and owned by someone else.
Not only can you embed the fonts, but you can make it interactive and output a PDF if you really wanted to. The HTML might grow if you embed enough JS, but on the other hand... some PDFs are insanely large.
I think there’s a jealousy angle to Musk’s need to characterise Hassabis as evil. The guy is actually legitimately smart, and clearly has an endgame (esp medicine and pharmaceuticals) and Musk is just role playing.
I would love to have witnessed them meeting in person, as I assume must have happened at some point when DM was opened to being purchased. I bet Musk made an absolute fool of himself
This is not a ‘stack’ it is a demo app for a bunch of Azure features
> This project is a proof of concept. It is not intended to be used in production. This demonstrates how can be combined Azure Communication Services, Azure Cognitive Services and Azure OpenAI to build an automated call center solution.
Indeed. I’m the project creator. That’s standard legal notice we must add to these kind of “large” repos. If not a dev team should maintain it full time with security incidents response managed within a SLA, which is not the case there. The same project is working in production for a few customers.
In some cases it was possible to crash (overflow) sort.c, not just DoS. I did try to look more info the issue - it was not handled for quite some time however I did not find any real world impact.
Minor correction, but that bug was never in any "official" coreutils release. The bug was in a multi-byte character patch that many distributions use (and still use). There have been other CVEs in that patch [1].
But the worst you can do is crash 'sort' with that. Note that uutils also has crashes. Here is one due to unbounded recursion:
What are you talking about? How is it the right tool? You have a command you can use instead that will give back the exact answer, immediately, with no possibility of mistakes or hallucination
The page is anonymized so the authors are unknown, the repository link is expired, and the drive link that does work only contains MICEMOUSE.zip and another archive with MNIST data.
A pretty good malware distribution method would be having people download a ‘demo’ of this, right?
If you use a tool like Atmos (https://atmos.tools/) you kind of fix this issue already for free - because it takes the place of the root module, it actually manages the state of each sub module separately (they each have their own individual state file rather than being converged into one).
I don't think it fixes it. Atmos makes splitting and managing multiple states easier, but it still splits the graph. It doesn't change the underlying execution model.
Any time I ever did the equivalent with NPM/node world it was basically unusable or completely impractical