Hacker News new | past | comments | ask | show | jobs | submit | more the_jesus_villa's comments login

Ha! You've got me, "to the point" is going too far. But I should say that it's a relatively quick, light read. Moments like the octothorpe thing actually make the read easier, because the humanity of it makes my brain wake up a little.


Honestly, knowing C made it much easier to understand why design decisions from Rust matter. I see Rust as kind of a (welcome) reaction to the memory model that C++ inherited from C.


To you and @nine_k:

Yes, I agree with the fact that learning C makes us appreciate Rust (and other safer languages) better. It's just that between C and Rust, I would pick Rust. I'm not a systems programmer, but I have worked with C before and as soon as I saw some of Rust's example codes, I liked how it taught me something and liked the design choices. Rust does seem like a nice language.


The story actually gets way crazier after that!


I am listening...


Sorry, but... you'll just have to wait for the next Substack post! ;)


Just a bibliography of some C books


That's cool, but I am avoiding substack articles because the reading experience is subpar, the registration modal which pops when you are reading and start to scroll down interrupts my concentration and then I bail.

That said, please enjoy the upvotes and I wish you all the best, Jebus.


I appreciate the kind vibes, and I'm sorry Substack isn't an ideal medium (ha) for you. I decided to publish there just because so many writers I admire are there, and I want to write like they do.

If I switch to a static blog I'll let you know!


Have you tried reader view? It's the little button that looks like a document on the right side of the URL bar in Firefox.


I'm on Android..


Which has Firefox and supports reader view.


I don't go out my way to spend time on sites which disrespect the reader.

I do wish I could read this one.


Without any additional context, this probably refers to Tor onion services: https://en.wikipedia.org/wiki/.onion

You can download Tor Browser to access them. You can find legit onion links using sites like dark.fail.


Ah okay, thanks :)


>Traditionally on most linuxes (and bsds) you obtain trusted executables from a known good source (your distribution ) , whilst files from other sources are never run at all.

On the other hand, the vast majority of people installing applications by piping curl output to Bash are also on linuxes and bsds


Is this worst-case scenario for linux users any worse than the average-case of windows users downloading an .exe from a vendor's website and running it?

If you do not already have a pubkey for which the code can be signed, then there is no chain of trust to verify in the first place. What signature would you check the code against in such a scenario? One you download from the vendor's same website?


>Is this worst-case scenario for linux users any worse than the average-case of windows users downloading an .exe from a vendor's website and running it?

Well in my case, I screw around a lot on my computer. So I end up copying and pasting a few lines of bash code that download god-knows-what because I accidentally deleted the entire /etc/ directory and the howto guide that was the 3rd result on Google says "run this it will totally work".

So at least for me, yes, it's often worse than installing an .exe from a vendor's website.

But I didn't mean to say Linux installs don't tend to be safer than Windows, just that it's not as rosy as the original comment made it seem like.


> "Is this worst-case scenario for linux users any worse than the average-case of windows users downloading an .exe from a vendor's website and running it?"

Uh, yes? The naïve Windows user has Windows Defender scanning downloads to offer at least some token protection against known threats.


A tiny bit, maybe. Those commands usually run as root, at least Windows warns you if the installer wants root.

But I think the main point is that this debunks "whilst files from other sources are never run at all".


That's always the problem with using the word "Never". That should have been "Almost Never" or "Rarely" (which is true for me at least) , and I didn't catch it when I proof-read my comment. Sorry about that.

And yes: while traditionally people might install just from their distribution, times have changed a bit and people now do install from pip, cargo, npm, etc; but these are _somewhat_ trusted repositories still (rightly or wrongly).

Some people sometimes use curl as well. Due to the nature and low volume, this still doesn't give literal viruses much leeway. This is because it's not a target-rich environment (only a few executables), it's not guaranteed to happen on many computers, and most importantly, people tend to only curl in one direction. When you curl, you're mostly going to end up downloading executables from some central location. Typically these executables don't subsequently get copied to (m)any other computers or back to the server. So a literal virus doesn't get a lot of traction to replicate the way a virus wants to.

If you do manage to curl some malware, what you'd get is probably going to be something that's properly called a Trojan. Trojans are definitely a thing.

Just because you're on Linux doesn't mean you're magically completely invulnerable to all kinds of malware, you still need to act with care.

On the upside many distributions are more or less designed to keep you safe by default, and won't suddenly do something crazy to get you into trouble. On the downside the human operators are not always similarly inclined. ;-)


Doesn't seem that different from running the application after installing it, to be honest.


What can I say, I enjoy living dangerously.


Maybe this is a feature. When your phone is low on battery, you ask for a charger, and when presented with a normal, plebian charger you get to say "oh, sorry, I need an iphone charger".

If people want to get a practical, compatible phone, they don't get an iphone. iphone only exists as a signal. So while the EU is making a good decision for making iphone's more pratical, they are also misunderstanding what an iphone is imo.


Don't find your talents, cultivate your skills. You likely will never just "find 1 thing you are really good at", but if you find something that's worth getting good at and stick with it even though you suck, eventually you will become good at it.

That's my approach, anyway!


It's important to focus on WHERE you want to cultivate your skills.

You're probably not naturally good at anything in any meaningful sense.

You're going to have to work hard to be good (in a meaningful sense) at anything worth being good at.

So what things do you enjoy cultivating your skills?

If you don't enjoy practicing guitar - you're never going to be a guitar virtuoso - because you're never going to want to pick up your guitar and practice.


Full Point is fun and random: https://fullpoint.substack.com/


It was definitely easy to jump from learning HTML to learning that I can run code on the backend and render the output by just adding a tag like this:

    <?php
      $data_from_backend = [whatever I need to do on backend];
      echo $data_from_backend;
    ?>
Right there inside the same document, rather than learning about Node, APIs, a templating engine, etc. It kind of just worked and was very simple. Of course, for professional apps this caused a ton of problems and now using PHP that way is seen as something from the dark ages.


PHP its seen only as something from the dark ages when u using VC money and the more new tech u mention to them more money u get, not all the web is based on US and able to pay 5k monthly AWS bills just to even set up a silly enviroment to test stuff/learn or start launching a side/new project


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: