If the ask is, why was the hardware like that in the first place the answer is because it can’t be fully validated.

But that’s not the question. There are two questions: Who should be responsible for patching hardware vulnerabilities? And if the answer is “the kernel” then should speculative but never demonstrated vulnerabilities be patched? Linus’ answer is the hardware manufacturer, and no.

Is this really the hardware vendor’s problem though? It’s the consumers problem.

Maybe we’re running into the ambiguity of language. If you mean to say, “Who does it cause a problem for? The consumer.” then sure. On the other hand what I mean, and what I think Linus means, is “Who’s responsible for the vulnerability existing? Hardware vendors. Who should fix it? Hardware vendors.”

If the ask is why should a speculative fix go into the Kernel […]

Depends on what you/we/they mean by “speculative”. IMO, we need to do something (microcode, kernel patches, whatever) to patch Spectre and Meltdown. Those have been demonstrated to be real vulnerabilities, even if no one has exploited them yet. But “speculative” can mean something else. I’m not going to read all the LMK emails so maybe they’re talking about something else. But I’ve seen plenty of, “Well if X, Y, and Z happen then that could be a vulnerability.” For that kind of speculative vulnerability, one that has not been demonstrated to be a real vulnerability, I am sympathetic to Linus’ position.

Who said anything about fully validating hardware? “Hardware vendors should solve their own problems” is not the same as “hardware vendors should fully validate their products”.

My comment game has gotten far better since I started doing live code reviews. Essentially I ask myself, “Would I feel the need to explain this to someone during a code review?” and if the answer is yes I add a comment.

That’s a hot take. If you want your code to be maintainable at all, it needs comments. If you’re part of a team, write comments for them. If someone else may take over your project after you move on, leave comments for them. And have you ever tried to read uncommented code you wrote a year ago? Leave comments for yourself.

The key difference is that compilers don’t fuck up, outside of the very rare compiler bug. LLMs do fuck up, quite often.

Copilot frequently produces results that need to be fixed. Compilers don’t do that. Anyone who uses copilot to generate code without understanding how that code works is a shit developer. The same is true of anyone who copies from stack overflow/etc without understanding what they’re copying.

I’d create my own macro or function for that. I have enough ADD that I cannot stand boring shit like that and I will almost immediately write a pile of code to avoid having to do boring crap like that, even with copilot.

I have not and will not ever use AI generated code that I don’t thoroughly understand. If you properly understand the code you’re committing there shouldn’t be any damage. And beyond AI you should never commit code that you don’t properly understand unless it’s a throw away project.

I’ve run into that exact issue with copilot (deleting my tests). It is infuriating.

I don’t think I’d trust it to refactor code for me, not for anything important. I’d need to completely understand both the initial state and the result on a statement-by-statement level to be confident the result wasn’t secretly garbage and at that point I might as well write everything myself.

It’s not clear to me that AMD is in breach of contract, though I admit I haven’t looked into it in detail. But regardless, the contract is irrelevant to the open source thing unless that was in the terms of the contract.

If I steal code and release it with an open source license, that license is not valid. The author released his work open source based on an email from AMD. AMD is now saying that email was not legally binding thus the author did not have the right to release it under and open source license thus that license was not legally valid. If you had forked it and continued to use it, AMD could take you to court and say that the license you are operating under is legally invalid.

AppArmor is part of the kernel. Why does it require patches?

I’m interpreting that as clickbait - just something they added to the title to drive traffic.

It’s not just about learning a language. Given two equivalent languages, writing a project using one or the other is always going to be less work and less of a maintenance burden than writing it using both. A competent manager will take that into account when deciding what tools to use. On top of that, learning a new language has a cost. Of course Rust and JavaScript are not equivalent, but which one is ‘better’ is highly subjective and dependent on how you measure ‘better’. So a manager needs to take that into account. But my fundamental point is that using two languages for a project adds overhead, and learning a language adds overhead, so unless cost (including time) is irrelevant, there must be a compelling reason to choose a dual-language solution* over a single-language solution, and to chose a solution that requires your devs to learn a new language over one that does not. Not to mention switching platforms has a massive cost if your project is already mature. Even if you’re creating a new project, if your team already knows JavaScript and doesn’t have any particular objection to Electron, there’s no compelling reason.

If there is a good reason to learn a language then people will.

Sure. Except in my experience interviewing candidates and from what I’ve seen online, there are a lot of developers out there who aren’t very good. I am not optimistic that the average developer will have an easy time learning a new language. If the “we” in “Is this the electron alternative we’ve been waiting for” is you and I, that’s not a problem. But if OP meant to suggest there will be a large-scale shift away from Electron, then the average developer is quite relevant.

*As someone else pointed out, Dioxus is designed with the intent that you’ll right the frontend in Rust, so it’s not exactly dual-language like I thought.

Ah, well that’s great for folks who already know or want to learn Rust

I seriously doubt that a dual-language platform is ever going to supplant Electron. Electron has the major advantage that the entire app is written in one language. And according to Stack Overflow’s 2023 developer survey, 66% of devs use JavaScript, 45% use Python, 43% use TypeScript, and 12% use Rust. More devs use Java, C#, C++, PHP, and C than Rust. So 2/3 of developers wouldn’t have to learn a new language to use Electron, and only a small fraction of the remainder knows Rust.

If I designed the schema it is most certainly going to be structured. Unstructured databases are awful.

Sure, there are worse languages and environments to get stuck with. But I can avoid those jobs. And if I get hired as a SomeLang developer and they force me to work in Java or whatever, it’s time to dust off the resume.

I am aware of that, but Java is the most popular language that runs on the JVM. I don’t specifically dislike other JVM languages, though one of my issues is type erasure and that’s partially a limitation of the JVM.

Obviously OpenJDK is superior to dealing with Oracle’s bull. But even more superior (IMO) is simply not using Java. My life has been noticeably more pleasant since I started refusing to touch Java.