I feel like I’m missing something. How do people justify the security implications of manual memory management when building a publicly accessible web service with Zig?
More seriously, a reasonably sane way to create a lot of web-heavy services (writing out something simple for brevity, not anything perfect) is with large regions partitioned into ropes (for use with, e.g., iovecs kernel APIs). You have a tiny bit of potentially memory-unsafe stuff in a simple backing data structure (or not -- at $WORK we're moving more things to static allocation models for a host of other benefits), and then everything else you do web-wise is with views into those ropes (enabling incremental processing and whatnot if you care). The rest is memory-safe by definition (only using slices and other such safe techniques), so if you have any memory bugs from there then they're the same logic bugs you can write in any language (a fairly classic example in a web context is serving another user's data, especially by not resetting view states, but that's also not what happens in a "normal" Zig program because the compiler will yell at you when you miss some fields).
You might notice that my answer seemingly wasn't Zig-specific. You can use that same architecture in C. Why is Zig safe? It's a lot of little things -- first-class errors, defer and errdefer statements, first-class tests and fuzzing, the existence of a built-in fat pointer type, etc. If you propose the same idea in C you'll likely screw up a detail somewhere (not checking an error, not using yet another fat pointer implementation for ergonomic reasons, whatever). In Zig you'll write safe code by default.
There are other architectures, other ways to ensure safety, and other things the compiler does to keep you on the straight and narrow. You could go fairly deep into the "why" and "how" of Zig being safe enough. I'll leave that chore for somebody else. The other half of your question though is "what do you gain?"
You gain lots of things, and they might not matter to you, but they probably exist.
One thing I encountered was needing a faster language and not being able to justify the huge ramp-up time to teach Rust to a bunch of Pythonistas (nor the ramp-up time on the company if we tried to hire explicitly for that work, even if we could have gotten the additional budget).
You also gain access to really world-class programmers. There are great programmers in every language, but in established languages they're a lot harder to find in any given job search (Not talking about any of you here on HN of course :) The point is that resumés have a sampling bias from the perspective of the receiving company favoring people who struggle to get jobs, and for a variety of reasons that gives you a much higher signal-to-noise ratio when hiring for less popular languages). This was true of Rust at one point too, but IMO it's a little harder to hire for now (yet still better than even more popular languages).
As a broader point, for somewhat nebulous reasons I don't fully understand yet, it's by far the easiest language I've personally found for writing high-performance software correctly. C/C++/Rust/etc were fine enough I guess (all of them more than fine in other problem domains -- I've used them professionally and don't have too many complaints that other practitioners would disagree with), but they were comparatively hard to use to write code that was anywhere near optimal for complicated problems.
I downvoted because I'm interested in charitable, non-disparaging conversation. I post this so the above commenter doesn't confuse a downvote (1 bit of information) as validation of their claim. I'm personally uninterested in spending much time looking at Zig right now, but I'm keeping an eye on it and generally interested in the progression of languages over time.
In practice aren't such services behind a reverse proxy/WAF? The other day I found an endpoint in the wild outputting a DB table. I tried fuzzing it to gather more evidence of a SQL injection vuln but my attempts were flagged by AWS WAF.
Once I create a presentation, can I hot-link to a png of it as a cover image? I don't know if I need the full richness of a ppt/pdf off the gate but image gen with solid text layout would be huge.
Someone should write a blog post about the prestige/effectiveness negative feedback loop. This is also the Achilles heel of top tier SV VCs including YC.
The problem isn’t the prestige it’s that prestigious institutions in America don’t produce high-quality talent. They’re instead mostly corrupt credentialing mills for the rich and well-connected. From what I understand, DeepSeek also only hires from the best universities in China, but “best” actually means something relative to how difficult entrance to those organizations is to achieve and their coursework.
I read this too but there was no source on this. The founder Liang Wenfeng himself comes from Zhejiang university. Its admissions rate is 20%, which is much higher than traditional US "elite" schools. Wenfeng has said this about hiring though:
"If you are pursuing short-term goals, it is right to find people with ready experience. But if you look at the long-term, experience is not that important. Basic skills, creativity, and passion are much more important.”
The Chinese college application works way differently from American ones. The admission rate is meaningless. Zhejinag University is state assigned 985 university (there are in total 9 of them). Believe me any students in elite high schools in China will be very happy if they can be accepted into Zhejiang University. Most of them unforunately don't have the score to even think of applying. It technically is not applying. Students take the once a year exam, if they don't score higher than top 500 in their province, don't even think about trying to apply Zhejing Univ.
It’s always a good sign when an architecture diagram has Nginx + Lua in it. The Lua memory leak bug is a good example of why it saves SO MUCH time to use managed services like Browserless to do things at scale. When you DIY, you end up debugging a ton of these little things when there is much higher ROI code you could be writing.
Horizons School of Technology | Architect in Residence | San Francisco, CA | Onsite Full-time or Contract | $120k-180k http://www.joinhorizons.com/
We are looking for a Architect in Residence who is a seasoned software engineer with 5+ years of experience and deep technical and professional insights.
As an Architect in Residence you will spend 3-9 months at Horizons. During this time you will mentor students one-on-one, teach advanced subjects in a classroom and oversee ambitious student projects.
We are a group of entrepreneurs and former engineers in technology who are passionate about bridging the gap between traditional education and the tech world.
Our students have gone on to win national hackathons, land jobs at tech giants, and raise money for their startups. We find high-potential, ambitious undergraduates from (many from top schools) and we fast-track their careers by empowering them with technical skills and a professional network. Our 12-16 week immersive program teaches full-stack web application development, entrepreneurship and software engineering.
To apply email your resume to mustafa@joinhorizons.com
However it still isn't exactly that new or revolutionary... CentralDS has been doing this with Canon cameras for a while now and it looks like P.L.L. has just taken the cooler and retrofitted it to a Nikon this time. Still went with the ASI 1600MM-Cool and MC-Cool based on their prices still being lower together than what they're charging.
I know little to nothing of astrophotography, so this article comes as news to me. (I like the article, FWIW.) I wasn't even aware cooling could be used to account for sensor noise. Now my mind is actively aware of the problem and is trying to enumerate other possible means of correction in this, and other, imaging fields.
The article is mildly interesting, but this is not state of the art by any means.
It's a little bit like an article saying "computer engineers use special software that could take human readable source code and convert it into executable binaries for faster execution". A layperson would have their minds blown, but it's a super-yawner for those in the industry.
You hit the nail in the head. Intel has built up amazing margins on the x86 business over the years by beating out competitors. ARM margins are razor thin by comparison and Intel can't bring themselves to cannibalize their cash cow by becoming another ARM manufacturer.
