I’m not a java programmer, but I think the equivalent to str would be char[]. However the ergonomics of rust for str isn’t there for char[], so java devs probably use String everywhere.

Python is the slowest (widely used) language there is. It’s not hard to be faster.

There are many git hooks. One of them checks each commit, but there’s another that triggers on merges.

This is a huge idea. I’m stealing it.

Not just for credentials, there are many times where I change a setting or whatever and just put “//TODO: remember to set it back to ‘…’ before commiting”. I forget to change it back 99% of the time.

I don’t see why nanny-state can’t be nanny about cops. You can both apply speed limiters and hold cops accountable for their actions.

Oh, that makes sense.

Aren’t classes in CSS supposed to represent visual styles? What else could they be for?

I didn’t say that “poverty makes them criminals” was wrong. I know it is true. Was trying to think what it would get to take an alt right’s vote.

There are many ways to address immigration. And not all of them consist on not letting people in.

You can take in consideration what the average person thinks about immigrants and fix that:

• Immigrants are stealing our jobs.
• Immigrants are criminals.

I’m gonna try and think outside the box instead of the normal “it’s poverty that makes them criminals! They need better social support” which is probably true, but won’t convince the far right voters to vote for you.

The first one is the easiest to solve of the two. Since in most western countries, immigrants coming to work is actually good for the economy, since the native population has a declining birth rate and is aging, so they need working people that don’t come from births (immigrants). But you can still:

• Enforce that employers pay the minimum wage
• Have a higher minimum wage for immigrants, so employers only hire them if they’re actually better than the natives (or there are no natives applying for the job). And while we’re at it, raise the minimum wage for everyone.
• Only allow immigrants without a special visa to work in certain sectors (for example those that native people don’t want to do).

I know 2/3 of those treat immigrants as “lower” people, but it’s still better than illegal immigration or don’t letting them in.

For the second one, the main problem is that 1st generation immigrants are not the issue, but their children are. Because their children were born in that country so most of the time they’re citizens and you can’t just deport them like 1st generation. The only way I can think of to fix this is don’t give them citizenship until they’ve passed an actually hard exam that shows they’ve integrated into the culture, and have a clean record. They would be “2nd class citizens” at that point. 2nd class and normal citizens are legally the exact same, with only one difference. If a 2nd class has children after having committed a crime, their children are also 2nd class. If they have a clean record, it is assumed that they have integrated in the local culture and their children are born as normal citizens.

These ideas probably have a thousand things i didn’t consider, but I believe they’re better than not letting immigrants in.

So we’d only fix 70% of vulnerabilities by switching to rust? Not enough! Better keep writing C/C++!

Just bundle a JavaScript interpreter with the JavaScript code. No need to compile JavaScript.

Inline comments yes.

Function/Class/Module doc comments should absolutely explain “what”.

Plenty of countries with monarchies have constitutions.

Make it strongly statically typed. Dictionaries and lists must have all their items of the same type. For extra confusion.

Java I don’t know enough of to say. I never use dependencies in java because I can’t be bothered to learn Gradle/maven/eclipse/whatever.

Python I completely disagree. First, I believe all (non-python) libraries are distributed as binaries, no local compilation at all. Which makes the issue of the content not matching GitHub even worse.

Secondly, python is used as a glue language. Most of the time, it’s just a way to interact with bindings to a C library. There’s no big project that uses only the standard library.

Lastly, in python, whatever you want to import doesn’t always match the pip install command. In your code you might say “import MyAwesome69”, but the command to install it is “pip install awesome lib”. Any malicious actor would just need to publish a python library called “myawesome69” and it would get many people trying to install “awesomelib”. You have to know the magic words to install each library. And projects rarely tell you how to install dependencies. Requirements.txt is a joke (if you want to automatically create it, it puts every single installed library on your machine/venv, not just the ones used in your project), but you’ll be grateful if the project you want to run provides one. Also, nobody distributes python programs as executables, which means everyone who wants to run it must know the magic words, not just the developers. Moreover, not all dependencies are available through pip. The install instructions might say “install awesomelib”, but when you “pip install awesomelib” you pull a malicious library instead of installing the actual awesomelib available via “sudo apt install awesomelib”

I don’t usually use libraries in my python scripts, but that’s because I use it as a scripting language, they rarely reach 300 loc. If you want to use tl make an actual program. You’re gonna pull a lot of dependencies.

C++, like java, I can’t speak of, because installing a library was such a pain in windows without Visual Studio that I was never able to. Might explain why they don’t use many libraries.

Oh no guys! An F-bomb is about to explode! Better take cover!

It is true that having many dependencies is supply chain attack. However, this is the result of combining the following:

• The UNIX mantra of “do one thing, and do it well”
• The more things a program does, the more intuitive and useful it is.

If you want to keep the 2, you’re gonna need a lot of dependencies. To significantly decrease the amount of dependencies you’re gonna need to drop one of those, there’s no other way around it.

If you wanna know what happens when you drop the UNIX mantra look at any discussion about systemd.

If you drop the second one, everybody would have to bring their own glue. Making computers only accessible to Linux gurus that master the “|” operator and study CLI program arguments in their spare time.

I don’t know why this article focuses on rust specifically. Every language has this problem. And cargo itself has many ways to mitigate this.

• Lockfiles & caches: prevents unwanted version updates.
• Custom registries: You don’t have to use crates.io, that’s just the default. Set up your own registry with only whitelisted crates.
• Use GitHub instead of a registry: cargo has great support for this. If you want your dependencies to always match their GitHub repos, just download from GitHub and compile your own.

How is it better than rust-analyzer?

Good old Russian propaganda.

Can the average north Korean read though?