I felt the same way when I read the bold part that says "But that C codebase is an issue" so I quickly checked out the public databases and couldn't find a single serious vulnerability in the past 7 years.
Admittedly I stopped after going through a bunch of useless stuff related to CVE-2017-8823 (which was initially reported as remotely exploitable with no proof at all).
I went through the tor repository (not vidalia though) and read a bunch of conversations about some of the memory related bugs but none of those were exploitable either (exploitable as in remote execution, not a DoS) and most of the (not so many) bugs were actually logical bugs.
I really don't care what they decide to do with their project and honestly anything that can potentially improve the security of such a system is fine by me but I really think they're doing themselves and the language a disservice by communicating the way they do.
Also, as a side note, even with a C codebase there is SO MUCH you could (and should) do to minimize the impact of a vulnerability that the fact that some choose to present just rewriting code in a different language is not even funny.
And of course, "impossible to refactor" just is very deep in the bullshit territory. "more fun to write new code" would probably be more honest, and the Rust proponents created a marketing narrative that allows them to do this while pretending (and probably also believing themself) to do a good thing.
Something I hadn't thought about is, could it be that electric cars are not perceived as a threat due to the lack / different of noise, vibration and heat when compared to a combustion car?
I know animals nap under cars all the time but at least with "regular" cars they seemed to be more aware of the danger.
I'm not talking about waymo, self driving, human in the loop or any of that here, I'm just curious because I wonder if the same thing would've happened with a combustion engine and if there are any "easy wins" in terms of deterrence.
Just for fun I reformatted it minimally in the conservative way I write code that is intended to be easy to read and understand to improve the odds of future contributors (or future me) introducing a bug in it due to misunderstanding it.
It's painfully verbose but I think it's worth it considering that we're in 2025 and we're not limited to one character variable names.
Sorry but you didn't just reformatted it, you added new variables and return statements that were not in the original code (and even introduced bugs like row 41).
As of short variable names, I'd argue that they are actually more readable than long ones when they're the iterator of a loop:
while... XNextEvent(... &e)
What else can "e" stand for in the body of this loop?
Longer lifetimes and not-as-obvious scopes do deserve longer names.
Finally, I strongly dislike this kind of reversed conditions:
if (const == var)
To paraphrase your own words, we're in 2025 and we should not be limited by our fear of forgetting one "=".
Oh no, I accidentally duplicated a function call while quickly rewriting the code for fun, what a terrible sin! (as a side note, I didn't even compile the code but I after quick check I don't see any notes on the man page that suggest that the accidental spurious repeated call could cause a problem)
I understand that you might not like that style but I think you're comming a bit too strong on this, especially considering how carefully I worded my message in terms of not hurting any feeling and being clear about this being MY preference.
I guess I shouldn't probably even answer but it saddens me and makes me a bit angry to get a reminder of why I don't usually participate in social media.
It was not my intention to make you sad or angry. I assure you that I have nothing against who uses a different coding style than mine. But consider that, just like you, I too have the right to tell the world what my preference is. Should I have softened my post with more "IMHO", "I feel", "my taste"? Probably, and I apologize.
Please don't stop participating in social media just because a halfwit like me hasn't agree with you once!
You know it's not about the disagreement, it's about that toxic need to be a smart-ass that's so prevalent in social media (including this platform).
I would've loved to engage in a conversation about coding styles such as MISRA, CERTs or even the small tweaks such as the one that offended you so deeply but you wasted the opportunity to engage in a constructive convesartion and instead chose to nitpick the "reformatting" thing (seriously, I just moved things around slightly, it's the same thing) or the nothing-burger "bug"...
I don't know, maybe I misinterpreted you and if that's the case then I apologize but when I saw that code and felt the urge to play/doodle I thought it could be a fun way to connect with someone over something silly and I just got disappointed.
There doesn't have to be anything wrong for people to choose whatever they feel most comfortable with. Back when I used to do a lot of android (and some iOS) based RE I sometimes used gdb on the device itself through ssh because it was the path of least resistance which allowed me to focus on the hard parts of the job.
I've just installed it and tried to have it create a hello world using gemma3:27b-it-qat through ollama but it refused to do it claiming it doesn't have access to my filesystem.
Then I opened an existing file and asked it to modify a function to return a fixed value and it did the same.
I'm an absolute newb in this space so if I'm doing something stupid I'd appreciate it if you helped me correct it because I already had the C/C++ extension complain that it can only be used in "proper vscode" (I imported my settings from vscode using the wizard) and when this didn't work either it didn't spark joy as Marie Kondo would say.
Please don't get me wrong, I gave this a try because I like the idea of having a proper local open source IDE where I can run my own models (even if it's slower) and have control over my data. I'm genuinely interested in making this work.
Thanks for writing! Can you try mentioning the file with "@"? Smaller models sometimes don't realize that they should look for files and folders, but "@" always gives the full context of whatever is in the file/folder directly to them.
Small OSS models are going to get better at this when there's more of a focus on tool-use, which we're expecting in the next iteration of models.
I don't really see myself using this app but I loved textual and even used it for a PoC a while back.
I appreciate the work you are doing by dogfooding textual and how consistent you (or your team, I didn't know there was more than one person behind it) have been.
I'm sure that there's a good reason to do it this way but I was wondering what would the benefits of doing it this way instead of installing openwatcom using whisky.
A few weeks ago I gave it a chance out of curiosity because I wanted to run total comander and was pleasantly surprised of how well it worked which makes me think that it should be able to run openwatcom perfectly.
Side note: in the end, even though TC worked great I just crossed that item from my ToDo and continued using double commander (although the search feature is much better in TC).
It runs natively, not under emulation, and can integrate with any other build system that you have running natively. Granted, if you're building DOS apps, the overhead of running the x64 version of OpenWatcom in emulation probably isn't bad as it's still orders of magnitude faster than it was back in the day.
I also do retro development on an Apple Silicon device, and like the author I built OpenWatcom so I could run it natively. I have it tied into the build system for the rest of my project and it works great.
It's a good point but I'm a perfectionist and can't abide without a web version.
though, now that I write that...
Native: FFI.
Web: Dart calling simple JS function, and the JS handles WASM.
...is an excellent sweet spot. Matches exactly what I do with FONNX. The trouble with WASM is Dart-bounded.
(n.b. re: local cloning for anyone this deep, this would allow local inference of the existing voices in the Raspberry Pi x ONNX voicer project above. It won't _necessarily_ help with doing voice cloning locally, you'll need to prove out that you can get a voice cloning model in ONNX to confirm.)
(n.b. re: translating to Dart, I think the only advantage of a pure Dart port would be memory safety stuff but I also don't think a pure Dart port is feasible without O(months) of time. The C is...very very very 2000s C. globals in one file representing current state that 3 other files need to access. array of structs formed by just reading bytes from a file at runtime that matches the struct layout)
Admittedly I stopped after going through a bunch of useless stuff related to CVE-2017-8823 (which was initially reported as remotely exploitable with no proof at all).
I went through the tor repository (not vidalia though) and read a bunch of conversations about some of the memory related bugs but none of those were exploitable either (exploitable as in remote execution, not a DoS) and most of the (not so many) bugs were actually logical bugs.
I really don't care what they decide to do with their project and honestly anything that can potentially improve the security of such a system is fine by me but I really think they're doing themselves and the language a disservice by communicating the way they do.
Also, as a side note, even with a C codebase there is SO MUCH you could (and should) do to minimize the impact of a vulnerability that the fact that some choose to present just rewriting code in a different language is not even funny.
reply