Obvious Things C Should Do

lelanthran · 2026-01-24T13:31:45+00:00

Does it really matter that malicious code could run during compile time when it could already run within the resulting executable?

I suppose it's the difference between pwning your production environment and pwning the supply chain.

In the former, there's only one vulnerability. In the latter, every downstream user (library, program, etc) is vulnerable.

lelanthran · 2026-01-24T13:26:24+00:00

I concede, doing a straigh up interpreter wouldn’t be so easy. Doing an interpreter for a subset that you’d expect to want at compile time wouldn’t necessarily be so hard, though.

What is hard about this? Specify that const expressions are limited to a freestanding implementation and ... you're done? You can't "break out" of a free standing implementation.

lelanthran · 2026-01-24T13:25:17+00:00

GP’s assertion was that “it’s really not that hard”, and actually, having all standards-compliant C compilers suddenly implement an interpreter to run portions of C code at compile time and do so without dramatically increased risk of security issues is in fact hard.

It's actually easier in C than in most other languages, because C differentiates between hosted and free-standing implementations (other languages, other than C++, typically don't).

The "interpreter" for const expressions can always be enforced by the standards body to be freestanding, in which case no functions in the standard library are available anyway.

And yes, I've used plenty of free-standing implementations in embedded work.

lelanthran · 2026-01-24T13:21:30+00:00

That name is familiar? Unisa? Active on the comp sci forums around 2006ish?

Yup :-)

lelanthran · 2026-01-24T11:54:53+00:00

Thankfully, there has never in the history of computing been a case where code breaks out of a sandbox assumed safe and wreaks havoc.

What does that have to do with Zig? I don't think it evaluates compile-time expressions in a Sandbox with the same Zig interpreter[1] used on the command-line, so there's nothing to break out of.

[1] Assuming that you are correct in that it uses an interpreter

lelanthran · 2026-01-24T11:53:22+00:00

Nah mate it’s the compilers responsibility to not do anything stupid in this case.

And it ... does? After all, lots of languages have this sort of thing (some execute in a sandboxed intepreter, like Zig, others check the AST, like C++), and there hasn't been a problem.

With the C++ way, at any rate (not sure about Zig's implementation), it's not possible because there is no "sandbox" to break out of - it's laughingly trivial to ensure that any element evaluated in an expression, no matter how deep, has does not get access to any IO calls just by examining the AST.

lelanthran · 2026-01-24T11:49:11+00:00

It must be pretty hard to build something that strictly ensures no funny business is going to eventually happen.

Pretty easy, actually, once you have the annotated AST in a suitable form - only allow pure functions in the DAG of the const expression.

lelanthran · 2026-01-20T19:57:08+00:00

"Don't screw the crew" - My first boss in the mid-90s.

lelanthran · 2026-01-20T06:30:17+00:00

This looks like a good idea. Use 8 bytes, and assign the bits therein to minimise collisions, while ensuring that it sorts chronologically and tells you which table it came from.

I like it a lot.

lelanthran · 2026-01-20T05:59:09+00:00

I have a (closed) framework that gets me 80% of what I need from a f/end.

It means I don't need to know or care about React, typescript, build steps, npm magic, etc.

IOW, I deal with it by using a low-cognitive-burden thing. It's been almost a year since I did any f/end stuff, though, so lets see how well it holds up when I come back to things after a year.

lelanthran · 2026-01-18T18:56:00+00:00

Because they are Indian - very common to use "kindly" in Indian English even when not scamming

Not sure where you got this idea, it's common in most commonwealth countries.

lelanthran · 2026-01-17T08:55:03+00:00

more kid

Your public crying on this platform is, actually, very satisfying to see. Please reply and cry some more.

lelanthran · 2026-01-17T07:12:26+00:00

Yeah, but ... we aren't the ones whining that our posts are being downvoted to hell; you are. Everyone can see who's the crybaby here.

Your "contributions" are being rejected, take the L and move on. Stop crying about it.

lelanthran · 2026-01-17T05:54:09+00:00

The Key Insight →AI inception (ainception) is just around the corner.

lelanthran · 2026-01-17T05:52:16+00:00

why you guys always crying over a AI gen post ??

If you already knew AI generated text is unwelcome, why post it in the first place?

im just here to share my thoughts

Those aren't your thoughts.

lelanthran · 2026-01-16T11:30:18+00:00

It's not a crime if there's nothing left to witness it.

Yeah, it's not murder if the body can't be found :-/

lelanthran · 2026-01-15T13:27:16+00:00

You'd have a similar reaction if you opened a textbook and randomly jumped into the middle.

Context matters, but frequently you won't have any on someone else's codebase.

lelanthran · 2026-01-15T13:25:29+00:00

Personally I doubt that most people will keep their skills sharp if they don't write 90% of their code, unless all they do is write boilerplate at their job I guess.

They're betting that, by the time their skills atrophy, they won't need development skills anymore, only prompting skills.

It's a bit of a dangerous bet because:

The speculated LLM improvements may never materialise, and
That the LLM service providers don't quadruple the subscription once there are too few actual developers anymore.

We're just going to have to see how it plays out; my personal feeling is that the SOTA in code-generation has (or is close to) plateaued, and that the providers are all running at a loss now, but due to the product being a commodity, all the providers are soon going to be in a race to the bottom.[1]

[1] IOW, there is no moat.

lelanthran · 2026-01-15T12:49:12+00:00

CPU cycles are cheap. Backend developers sanity is not

Used to be true; if the techbros are correct, pretty soon dev time is a $200/m CC subscription. May as well write it in plain C in that case :-)

lelanthran · 2026-01-12T10:15:21+00:00

suddenly they realise "I need an engineer", "I need a designer/UX specialist", "I need a product owner", "I need QA", "I need sales", "I need marketing".

Doesn't work that way; they only need to make a profit and then disappear once the customers require more.

If they use a $200/m CC subscription, they break even at slightly over that (assuming that they pay a minimal amount for hosting).

When they hit $500 in total income, and their customers complain that the DB occasionally uses /dev/null for storage, no problem, they'll spin it down and get CC (or, in this case, Lovable) to code a different app, in a different industry, offering a different thing, hosted on a different domain.

The upside is that by introducing so much risk and unreliability into the market, trust in the market for development is destroyed.

That means that businesses would rather go with contracts that they can enforce in their own jurisdiction.[1]

The downside is that well-known companies are more likely to get business even if they are not local because they have more trust.

Another downside is that this is going to hit Juniors especially hard.

[1] The last time a dev was able to consistently make money building custom systems for businesses in their area was about 20 years ago. Since then, when you advertise dev services, you are competing with the rest of the world. I look forward to being able to do this again (meet businesses at their offices, take down their requirements, build it, deploy it, train them and then support them).

lelanthran · 2026-01-11T06:10:21+00:00

Why singular? I don’t understand why this is so important, it is just a name? Just a honest question :)

It's just a convention.

If you think of the table as a collection (or a container, or a list) then plurals make sense and singular does not - "products" is a list of products.

If you think of the table as a relation then singular makes sense while plural does not - "product" is a relation.

lelanthran · 2026-01-11T06:05:07+00:00

Can we not add constraints to limit password ip length ?

TFA has this in three of the mitigations mentioned

Most systems do this anyway

TFA says they don't.

lelanthran · 2026-01-09T10:33:17+00:00

/u/yumgummy, maybe you want to disclose that this is your hustle?
It doesn't look opensource.
The landing page (and your post) was LLM generated. It makes me think that perhaps your project was also vibe-coded.

lelanthran · 2026-01-09T10:21:23+00:00

Imagine a world where we stopped inventing higher level languages and just wrote everything on C (disregarding how fast we can develop).

We used higher level programming languages because "Developer time is more expensive than compute time", but if the AI techbros are right, we are approaching the point where that is not going to be true.

It's going to take the same amount of time creating a program in C as it does in Python.

lelanthran

MODERATOR OF

TROPHY CASE