Hacker Newsnew | past | comments | ask | show | jobs | submit | esprehn's commentslogin

In something like a database zeroing or poisoning on free is probably a good idea. (These days probably all allocators should do it by default.)

Allocators are an interesting place to focus on for security. Chris did amazing work there for Blink that eventually rolled out to all of Chromium. The docs are a fun read.

https://blog.chromium.org/2021/04/efficient-and-safe-allocat...

https://chromium.googlesource.com/chromium/src/+/master/base...

reply


I didn't know either, Google of just "EDC" figured it out though:

https://en.wikipedia.org/wiki/Everyday_carry


It's from 2014, over a decade old.

Relevant to that comic specifically: https://www.reddit.com/r/xkcd/comments/mi725t/yeardate_a_com...


This project is pretty cool, but reading through the pages my biggest takeaway was how fast libjs is. Amazing work over on Ladybird.

I wonder what they're doing that's so different than Boa.


People file incorrect tax amounts all the time. It's the government's job to verify the return and either refund you or request more money. There's a decent margin for error, and not all returns are audited so the IRS must also have a margin for error they're building policy and budgets around.


That can be an automated CI check that runs the new tests with the non-test files reverted though.


It can be! And maybe even should be. But I've never seen it.

A great idea, though; when we finally get automated testing in CI, I'll certainly suggest it :)


That wouldn't necessarily compile though, eg if the fix involved changing a function signature or adding new functions.


Atlas was built by folks that came from The Browser Company (and Chrome).


In my experience orgs need a mix of both rule followers and rule breakers to function.

I really like Dimitri Glazkov's "Sailors and Pirates" framing of this:

https://glazkov.com/2023/04/02/sailors-and-pirates/


It's a fanciful idea, but just like the real life analogue it models, it completely turns a blind eye to the fact that, ultimately, the pirates are looters and pillagers and will burn the shop down, both yours and possibly theirs.

And no I don't agree a pirate captain is needed; the notion of a "static" equilibrium is contrived and a non-sequitur in the analogy. The ship could simply sail smoothly instead (still an equilibrium) without arbitrary changes in speed or going too close to the reefs for no bloody reason.

And if the "chaos" is "strategic", then it's not bloody chaos to begin with, is it?


Fwiw the XSLT implementation in Blink and WebKit is extremely inefficient. For example converting the entire document into a string, to parse it to a format that's compatible with libxslt, to then produce a string and parse it back into a node structure again. I suspect a user space library could be similarly as effective.

Ex. https://source.chromium.org/chromium/chromium/src/+/main:thi...

https://source.chromium.org/chromium/chromium/src/+/main:thi...

https://github.com/WebKit/WebKit/blob/65b2fb1c3c4d0e85ca3902...

Mozilla has an in-house implementation at least:

https://github.com/mozilla-firefox/firefox/tree/5f99d536df02...

It seems like the answer to the compat issue might be the MathML approach. An outside vendor would need to contribute an implementation to every browser. Possibly taking the very inefficient route since that's easy to port.


That is an interesting approach, you could suggest it? In general using JS to implement web APIs is very difficult, but using WASM might work especially for the way XSLTProcessor works today.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: