Skip Navigation
Thames Water makes bid to lift bills by up to 44% - BBC News
  • Once the water companies were privatised, they took out massive loans and performed no maintenance. The loans were purely to pay shareholder dividends. Now they're loaded down with debt.

    Atop this, that crumbling infrastructure can't handle the increased water flow that's due to rainfall increases. So there's been a general trend of dumping raw sewage into rivers (the fines are cheaper op ex than the capex needed to fix the situation).

    It's parasitic capitalism at its finest.

  • Pretty critical PR for rust-msi is getting held up because the maintainer understands the intent but not why this works
  • Incidentally, this kind of passive-aggressive pressure is the kind of thing that might be considered a legitimate security threat, post xz. If you need to vent, vent in private. If "it works for you" but the maintainer is asking legitimate questions about the implementation, consider engaging with that in good faith and evaluating their questions with an open mind.

  • "Clean" Code, Horrible Performance in Rust
  • Casey's video is interesting, but his example is framed as moving from 35 cycles/object to 24 cycles/object being a 1.5x speedup.

    Another way to look at this is, it's a 12-cycle speedup per object.

    If you're writing a shader or a physics sim this is a massive difference.

    If you're building typical business software, it isn't; that 10,000-line monster method does crop up, and it's a maintenance disaster.

    I think extracting "clean code principles lead to a 50% cost increase" is a message that needs taking with a degree of context.

  • The Xz Backdoor Highlights the Vulnerability of Open Source Software—and Its Strengths
  • The test case purported to be bad data, which you presumably want to test the correct behaviour of your dearchiver against.

    Nothing this did looks to involve memory safety. It uses features like ifunc to hook behaviour.

    The notion of reproducible CI is interesting, but there's nothing preventing this setup from repeatedly producing the same output in (say) a debian package build environment.

    There are many signatures here that look "obvious" with hindsight, but ultimately this comes down to establishing trust. Technical sophistication aside, this was a very successful attack against that teust foundation.

    It's definitely the case that the stack of C tooling for builds (CMakeLists.txt, autotools) makes obfuscating content easier. You might point at modern build tooling like cargo as an alternative - however, build.rs and proc macros are not typically sandboxed at present. I think it'd be possible to replicate the effects of this attack using that tooling.

  • Why Git is hard
  • It's all the files. Content-addreasable storage means that they might not take up any more space. Smart checkout means they might not require disk operations. But it's the whole tree.

  • Why Git is hard
  • Came here to say the same thing. The git book is an afternoon's reading. It's well worth the time - even if you think you know git.

    People complain about the UX of the cli tool (perhaps rightly) but it's honestly little different from the rest of the unix cli experience: ad hoc, arbitrary, inconsistent.

    What's important is a solid mental model and the vocabulary of primitive and compound operations built with it. How you spell it in the cli is just a thing you learn as you go.

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)GE
    gedhrel @lemmy.world
    Posts 0
    Comments 15