FYI there is an open source reimplementation of Flash from scratch called Ruffle that should solve all the security issues that Flash had. It runs on WASM so it’s compatible with modern browsers. The New York Times is using it to bring back some old interactive/animated pages that relied on Flash.

To be fair trees still use energy for doing this, but that energy is conveniently provided by the sun.

High or low level doesn’t matter. Mathematically it just makes more sense to use 0-based indexing https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html

It’s mentioned in footnote 6:

As an example, to make this work I’m assuming some kind of “true deref” trait that indicates that Deref yields a reference that remains valid even as the value being deref’d moves from place to place. We need a trait much like this for other reasons too.

It would only work for references that are stable after the value they reference is moved. Think for example of a &str you get from a String.

Can’t those be installed in toolbox?

GNOME devs never said that theming is incompatible (just “not supported”), and you’re still not explaining whay you mean with “incompatible” either. Managing window controls also doesn’t seem a requirement to be “compatible”, as the app still runs fine even with client side decorations (again, it just won’t fit visually with the rest of the system).

And by the way, the problem is not theming per-se, but the fact that apps get themed by default, they inevitably break by default, and app developers are left to deal with that. Nobody ever tried to improve the situation so the solution they came up with is to have their apps always look the same.

How about when the theming is baked in and impossible to change?

It can still be changed, it’s just a harder to do so.

It’s about doing things that go against the interests of the user.

This conveniently ignores that app developers are also users of ui frameworks, and they would like a well defined platform to test for, rather than an endless stream of distros each with its own theme that could break their app.

Libadwaita is only compatible with gnome and only works with gnome. Other DE’s can try to make it work in their DE, but the experience for them is hostile.

Not sure what you mean with “compatible”, as libadwaita apps are supposed to work on other DEs as well. It might not fit visually with them, but that’s not being incompatible.

They tested the same strings on that implementation

The code they were looking at was used for writing the table, but they were testing the one that read it (which is instead correct).

though judging by the recent comments someone’s found something.

Yeah that’s me :)The translation using an associated const also works when the const block uses generic parameters. For example:

fn require_zst<T>() {
    const { assert!(std::mem::size_of::<T>() == 0) }
}

This can be written as:

fn require_zst<T>() {
    struct Foo<T>(PhantomData<T>);
    impl<T> Foo<T> {
        const FOO: () = assert!(std::mem::size_of::<T>() == 0);
    }
    Foo::<T>::FOO
}

However it cannot be written as:

fn require_zst<T>() {
    const FOO: () = assert!(std::mem::size_of::<T>() == 0);
    FOO
}

Because const FOO: () is an item, thus it is only lexically scoped (i.e. visible) inside require_zst, but does not inherit its generics (thus it cannot use T).

They tested the same strings on that implementation

The strings were the same, but not the implementation. They were testing the decoding of the strings, but the C function they were looking at was the one for encoding them. The decoding function was correct but what it read didn’t match the encoding one.

though judging by the recent comments someone’s found something.

Yeah, that’s me :)

while a similar C implementation does not need this fix

No, that implementation also needs the fix. It’s just that it was never properly tested, so they thought it was working correctly.

TBF the report says this was done using credential stuffing, so it wasn’t really Roku’s fault.

Because Rust is not the only language that made this faulty assumption. It is an issue that affects Rust’s stdlib, just like it is an issue that affects Python’s stdlib and other libraries. In fact this was first reported as a vulnerability to yt-dlp (where it was actually exploitable) and then discovered it applied to many other libraries (where the exploitability is highly dependent on how the feature is used).

Rust here is only used as clickbait because of its aim to be “safe”, but its position is no different from other languages.

If you read the article from the researcher that discovered the vulnerability you’ll see they never call out Rust in particular, only as part of a list of languages that are affected. https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

It’s also extremely unlikely that you’d be running a bat script with untrusted arguments on Windows.

It happens in yt-dl, which is where this was first reported https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p

Very likely yes

Loop unrolling is not really the speedup, autovectorization is. Loop unrolling does often help with autovectorization, but is not enough, especially with floating point numbers. In fact the accumulation operation you’re doing needs to be associative, and floating point numbers addition is not associative (i.e. (x + y) + z is not always equal to (x + (y + z)). Hence autovectorizing the code would change the semantics and the compiler is not allowed to do that.

If your goal is to just .await some future that require the Tokio runtime you can use the async-compat crate.

More like Windows showing ads even when you boot Linux

Another option is to compile dependencies with LLVM and optimizations, which will likely be done only once in the first clean build, and then compile your main binary with Cranelift, thus getting the juicy fast compile times without having to worry about the slow dependencies.

However, how are they sabotaging it working on Linux.

For example they discontinued support for Rocket League on Linux (and Mac) after buying Psyonix.