@mvsamuel.bsky.social
Programming languages person focused on software systems problems. Previously, first frontend engineer on Google Calendar, and was a security engineer who worked on the industrial-strength Mad Libs undergirding Gmail. Pro-trans-rights is pro-family.
Latest "cool you like AI, but you still can't steal" news:
Outputs from models that Grammarly runs are Grammarly's opinions.
They oughtn't misappropriate writers' good names to lend credence to those opinions.
It's ok to ask/pay writers to endorse a product, but Grammarly didn't ask.
I thunk that but I didn't say it.
My kids' school has some ADL signage, "No place for hate," which are not bad per se.
But they reinforce the idea that the ADL, post Greenblatt's hard turn away from civil rights, is still widely aligned with American Jewry on inclusivity.
www.adl.org/initiatives/...
I've said that security engineers need to set aside personal preferences because end users are not served by opting out.
But the adversarial approach has also been done for every other tech. Attacking bad systems architectures, infrastructure, tooling. It goes hand-in-glove with mitigations work.
As someone who used to write detailed software specifications for a living, I can see why AI is seductive: the idea that someone, or something, might take my work and continue reading past the abstract.
Look upon my works, ye Competent, and despair!
Who's got two thumbs and is failing Upwards?
What stands out to me is the cast to (char*) so that it can get byte indexing in the arithmetic part.
Idk if you're always allowed to cast to (char*) the way you can for (void*).
The LLVM opaque pointer stuff is trying to avoid confusion from these kinds of casts, but iiuc that's a pragmatic move.
And that all translates to Java like the below.
Oh, I should mention that the subtlety in the HTML generation above is that untrusted `javascript:` URLs need to be kept away from attributes like href; simple HTML auto-escaping isn't sufficient.
To tease some work on letting security engineers specify how untrusted and trusted values combine, I hacked in some meta-programming.
The goal is to allow enough MP so that repetitive runtime analysis can be erased and you're just appending strings.
I think meta-programming is super important for cross-translating languages.
RTTI and reflection are used at program boundaries, e.g. converting values into JSON so they can pass by copy to other programs written in other languages.
But they're also semantic tarpits, so some MP simplifies interop.
blog.computationalcomplexity.org/2026/03/tony...
it was going to happen, death comes for us all. but man. what a legend
Co-expressions are kind of wild if you're not familiar with them.
www.cs.tufts.edu/~nr/cs257/ar...
I guess the reason it seems similar to me is scheduling.
unquote-* allow evaluation of sub-expressions in a context where evaluation is typically delayed
And yield* here is explicitly scheduling the coro to actually produce the subtrees it emplaces iiuc.
Very cool that the types are lining up.
Or just unquote
Is yield* used here as unquote-splicing?
Veni, vidi, vibi
US poster-children for hopium react as if incorrigible know-nothing liar is trustworthy.
People post commits that net remove code and that's great, but I wish there were a convention that allowed separately counting test and prod LoC.
A PR that removes some unnecessary prod code but adds a lot of tests (improving coverage), to my mind is worth celebrating on two counts.
I want everyone involved to lose their shirts.
But this seems like people trading on contracts/derivatives assuming they can value those without understanding, in detail, the contract/derivation.
The print, fine or not, is the valuation basis.
On multiple levels, you're just doing it wrong.
Actually, I guess he's probably imagining a gaggle of agents each with their own agendae (metaphorically) and so they can both be conspiring and confusable.
Which is probably fair.
When Mark talks like that he's usually leading into some fine-grained distinction: side- vs covert- channels, etc.
Is that distinction important in the context of agentic security?
If confused deputy problems are the major problems, distinctions relevant to conspiring sub-processes seem OoB.
I've heard that but don't understand how, for textual content, leaving a gap in column zero helps.
Yeah. I think the neighbour part of those stories rests heavily on social norms. Neighbours are confusable deputies but confusable within the bounds of social norms.
Relevant to agentic access control.
I was reminded of Alan Karp's & Marc Stiegler's litmus test for usable access control, and Marc's six aspects of sharing.
alanhkarp.com/publications...
ASCII designers: Every letter has a numeric value one greater than any letter before it.
EBCDIC designers: Rectangles are neat.
Even if you don't find the Totenkopf tattoo disqualifying, Platner's campaign team abandoned him.
This doesn't happen to a lot of pols.
The people closest to him and most aware of his politics do not believe he is as he presented himself.
Periodic reminder: Meta's engineering culture 11 years ago.
The company was founded in 2004, so about midway between its founding and now.
www.bitdefender.com/en-us/blog/h...
The thing that maxed my eyebrow raisage is section 17's list of topics that a conformance test suite should cover, but without any specification of desired system behaviour.
This is spec jargon word salad.
