Unix is completely inapplicable to this environment which is inherently managed and intraprocess. Why not send an object saying what you want instead of a plain C struct, or worse a bunch of ints? How do we handle ownership across these boundaries? Why should two high level components be forced to squeeze into a primitive bottleneck between them?
Don't get me wrong: I think C is cute and fills a niche decently well. But that niche is not the one we have here.
The reasons why Unix displaced a bunch of more elegant systems were downward scalability, free distribution, and positioning to take advantage of network effects. Quality was secondary, especially with multiprocessing and networking where a lot had to change, and the designs were not always good.
Even if something lasts due to pure inertia it lasts. And something that lasts is pretty nice if you want a standard to last, or be implemented. The standard usually isn't the thing that you use to proof you can do something better, by being different. Because then everyone will have a harder time adapting it. People implement interfaces they dislike.
Since this is related to Webassembly, Browsers, the Web. The web has a lot of historically baggage, that one might have to work around at times, sometimes more sometimes less. There are good bits and not so good bits and in the end a lot of the time more modern web applications (whether you think they are good or bad) as well as web browsers jump through hoops to do things. For many applications there would be better protocols. But it became the dominant standard, a standard that is actually being used a lot and that is why it has become a success story. It wasn't a hundred times better than everything else. It simply was something that people managed to implement successfully and something where they were willing to deal with shortcomings, because there are great benefits in implementing the same standard as everyone else.
Don't know much about the US constitution, but it seems that it was largely good enough to make people work together that otherwise might have ended up fighting each other. That's what you'd get if everyone had a different idea about what a good constitution is. Maybe things are unclear, and maybe there are uproars because of things, but it doesn't even get to that if people don't agree on a standard or a constitution in first place.
And while over the years I often imagined how great it would be if everyone just used that better standard that has been there for a long time and nobody uses and is completely forgotten, if it ever had any popularity, then everything would be so much better and greater and I wouldn't have to do that senseless thing I am doing now. But if that standard doesn't allow for people to agree with it by implementing it it's essentially worthless (outside of maybe "prior art" consideration).
And like it or not we currently live in a world where designs persist due to pure inertia. But we know that obviously people are willing to implement these which means when a standard comes along that is similar to what already is there then having many people adapting it is realistic. Otherwise it's that super interesting university project that never makes it into anything in the real world.
It clearly hasn't, if you've been paying any attention to security. The Unix security model is that all code that a user runs is 100% trusted. That's absurd in today's world.
This article is purely subjective. I'm sure there are some academics that could explain ways to objectively score usability but this article is purely subjective.
The whole "AI slop" noise is, at its core, human slop. It is people applying a hopefully pejorative label, trying to appeal to other slop aficionados that like whatever the current trendy slur is, in an objectively undefinable way.
In this case this guy likes the way Qt apps, they think it looks better, but it isn't a big trick they are revealing: They made it conform to the style they like, but this doesn't translate to anyone else in any measurable way. I think web apps looking like Qt apps feel like the late 90s and it's just weird, but my taste also is entirely subjective and mine alone.
i wonder if it's partially because it's not a unique business model and subject to yet another VC-subsidized race to the bottom on things like token prices
agreed, unless you need to use all models i'm sitting here wondering why orgs would want to introduce third party risk into their pipelines for marginal cost and time savings
While maybe true, it is better to back that up with data and the data I know of and read yearly is mostly not great. Between Splunk and SANS surveys of 2025 maybe ~2000 companies have a SOC. [1] [2]
Then you have the many companies in the UK, US, Canada, EU that have compliance and regulatory laws that require them to exist in some capacity in house. Though that is changing with MDR services, but someone still has to interface with the MDR.
That is actually unfair. Most companys spend enormous amounts on security with vast armys of security employees. Not that it is effective, but it is not for lack of resources or trying.
I mean we are literally in a thread about how the 4 trillion dollar company, literally the 3rd most valuable company in the world, with a core competency in software has, yet again, released a core product riddled with security defects for the 50th year in a row.
Commercial IT security is a industry that is incapable to a fault and has, so far, faced basically zero consequences for it.
For every Apple, there are 100 mom-and-pop companies who have nothing.
Even more so in the future when a software company can be launched by a farm of AI Agents with a founder at helm with no clue about computing or security.
What's debateable is how many of those companies actually need irontight security, because they are never realistically going to be targets of criminals and/or they have nothing valuable to steal/corrupt in the first place (other than the owner's pride).
I was pointing out how even Apple, a entity who by all rights should have top-notch security, is still absolutely hopeless in the face of commonplace commercial, profit-motivated attackers.
Massive, extremely well-resourced divisions supported by management in a technically competent organization that is actually trying to solve the problem struggle to produce at best middling security that is inadequate against commonplace threats. This is not a prioritization problem; even if you do “everything right” you are still vulnerable to run-of-the-mill commercial attackers. This is a fundamental capability problem, like how we can not make a net positive fusion reactor right now.
It is actually unfair to blame these companies for not having a fusion reactor because they “were not trying hard enough”. Actual security is not a easy problem, and it is a great disservice to portray it as one that is only unsolved due to dunderheads being in charge since it leads to underestimating what actually needs to be done.
That is not to say that you can not do dramatically worse than the “gold standard” and also that most organizations are actually incompetent; but the “gold standard” is still objectively grossly inadequate. You need to be dramatically better than the 4 trillion dollar software company to reach adequate against prevailing threats.
They have a website that can be used to host malware and/or seo link farms.
I still have nightmares about the contact form on my low-stakes personal website getting hijacked to use as a spam sender (because I used unsanitized input in mail headers).
Hey now, when Apple products get a serious Kernel level vulnerability that is able to be executed just by browsing a website. It's a "jailbreak" not an "exploit".
Not at all. I’m considering that the amount of vulnerable software in the wild is very, very large, with most organizations not managing their systems properly. Imagine all the small to medium size companies that do not have budgets for a dedicated, talented security team. And all the software that will never be patched. We are at the beginning of the exponential
> I’m considering that the amount of vulnerable software in the wild is very, very large
I'd imagine this set is very similar to just "the set of software on the world". Even before the AI stuff, it was a pretty good bet at any given software had some vulnerability; it was just a question of how easy to was to find it.
Yes, that’s my point. Look at how fast the Calif team tackled that macOS issue. Against the top company in the world. One week from bug to exploit. In 2-5 years things will be really wild for everybody out there. We released a technology that make it possible to design extremely complex exploits at a scale we never had to face before. What does that mean if you’re not the top company? Things will be really bad
It makes you think will everything need to be rewritten from the ground up - potentially by AI itself, or AI having a very heavy hand in validating all of it.
There's so much much lower hanging fruit. Every job I've had has had basically everything massively out of date. Just keeping packages and framework versions up to date is a full time job and none of these companies have someone assigned to doing it.
So much out of date software with known exploits left running for years. The only reason there hasn't been total disaster is no one has tried to hack it yet.
Yes, exactly, that’s the main change. And not just in a script kiddy way. What we see now is LLM + experts can develop extremely complex exploit chains in no time. It’s one thing to exploit a known vulnerability that you can patch by upgrading your Wordpress, it’s something else when the attacker is able to completely take over your systems in ways you didn’t even consider was possible and adapt in 1 day to your attempts at patching
The parent company should face severe penalties for allowing this kind of breach to happen and also for terrorist financing. We are really living in the Stone Age of information security.
I don't know, can see this either way. Iran's leadership has been stating for decades that they want to destroy Israel. They've been funding militias who launch rockets at Israel, during times when Israel wasn't threatening Iran's existence in any way. They were launching rockets just before this war started. But US pulled out of nuclear deal and killed Iranian leaders during first Trump administration, and has been meddling with Iran for decades.
All I'll say for sure is the US shouldn't be involved, and shouldn't have taken such a one-sided approach during Israel's founding. None of this benefits us, we simply have traitors in our government.
Isn’t it more dependent on how Trump is feeling? That makes it much more depressing for the leader of the country to be messing with our largest economy like this.
When someone is known for spouting rubbish and constantly lying, then it doesn't make sense to be surprised when they don't adhere to their "promises".
Yes it is a net exporter of oil, but not oil for gasoline. The use is a net importer of oil used for gasoline. That's because oil companies have chosen to not make the investments needed to refine domestic oil. We have to import for that.
Possibly, or more infrastructure is needed to support the growing demand for renewables, and the equipment is often trucked around using standard freight (large trucks or airplanes), concrete trucks to pour slabs, etc.
Electric trucks are rapidly becoming a thing. And even if not, more trucks delivering equipment for renewables get balanced out by more EVs.
Not to mention natural gas and oil will always need to be shipped around. Whereas when you have enough renewables and a grid that can supply enough electricity, shipping panels and batteries drops by a lot.
Yes, and I look forward to when electric freight is a thing, but I do think it's an overstatement to say they are "rapidly becoming a thing". Articles about electric trucks among the HN crowd make it feel that way, but those are tests that don't really reflect what's happening in the market. (Most of the available data puts the overall percentage of freight moved by renewables at less than 0.1%). I suspect we're 10-20 years away from a time when a majority of DC chargers, solar panels, or wind turbines are transported using something other than gasoline or diesel.
Don't get me wrong, I'm quite dogmatic about renewables (we have 2 EVs, pay more for various renewable options, aggressively recycle, avoid single-use plastics, etc). I'm just pragmatic in my outlook.
reply