Also, perhaps the CDN script snippets in the getting started page should include the integrity attribute.

On relative paths: the current behavior is intentional for simplicity. µJS checks whether the URL starts with a slash (but not a double slash) to identify internal links. No one has reported this as an issue so far, but it's a valid feature request and I'll keep it in mind for a future version.

On the integrity attribute: the reason it was missing is that the library was evolving quickly and the hash would have changed with every release. Now that it's stable, I'll add it.

If I were to adopt µJS, though, I would probably want to opt in on a per-link basis.

That said, proper support for relative paths is on the roadmap.

Do we know that what the chemical mechanism for damage from charged particle beams is? Is it similar enough to compare directly like this? Are the timescales short enough that charge deposition might matter?

So it's clear there is a temporal FLASH effect, which is not purely a question of radiation type.

That's not to say it's necessarily exactly the same effect - we still don't have a perfect quantitative understanding of the effects of different radiation types even at normal dose rates, let alone when FLASH differences are added into the mix.

However, this tax exemption is usually priced in: muni bond funds, and MMFs that hold lots of tax-exempt assets, tend to return less than funds which are not tax exempt. For the majority of startups that operate at a net loss, tax-exempt funds are probably a bad choice, since you're earning less yield and the tax exemption likely doesn't affect you.

[1] The rules around this also varies from state to state; for instance, in CA, CT, and NY, you can only get any tax exemption if a fund is at least 50% tax-exempt in each quarter of a given year.

I am quite strongly of the opinion that one should essentially never use these for anything that needs to work well at any scale. If you need an industrial strength on-disk format, start with a tool for defining on-disk formats, and map back to your language. This gives you far better safety, portability across languages, and often performance as well.

Depending on your needs, the right tool might be Parquet or Arrow or protobuf or Cap’n Proto or even JSON or XML or ASN.1. Note that there are zero programming languages in that list. The right choice is probably not C structs or pickles or some other language’s idea of pickles or even a really cool library that makes Rust do this.

(OMG I just discovered rkyv_dyn. boggle. Did someone really attempt to reproduce the security catastrophe that is Java deserialization in Rust? Hint: Java is also memory-safe, and that has not saved users of Java deserialization from all the extremely high severity security holes that have shown up over the years. You can shoot yourself in the foot just fine when you point a cannon at your foot, even if the cannon has no undefined behavior.)

Not hating on PHP, to be clear. It has its warts, but it has served me well.

"However, while the former have external schemas and heavily restricted data types, rkyv allows all serialized types to be defined in code and can serialize a wide variety of types that the others cannot."

At a first glance, it might sound like rkyv is better, after all, it has less restrictions and external schemas are annoying, but it doesn't actually solve the schema issue by having a self describing format like JSON or CBOR. You won't be able to use the data outside of Rust and you're probably tied to a specific Rust version.

This seems false after reading the book, the doc, and a cursory reading of the source code.

It is definitely independent of rust version. The code make use of repr(C) on struct (field order follows the source code) and every field gets its own alignment (making it independent from the C ABI alignment). The format is indeed portable. It is also versioned.

The schema of the user structs is in Rust code. You can make this work across languages, but that's a lot of work and code to support. And this project appears to be in Rust for Rust.

On a side note, I find the code really easy to understand and follow. In my not so humble opinion, it is carefully crafted for performance while being elegant.

I think parquet and arrow are great formats, but ultimately they have to solve a similar problem that rkyv solves: for any given type that they support, what does the bit pattern look like in serialized form and in deserialized form (and how do I convert between the two).

However, it is useful to point out that parquet/arrow on top of that solve many more problems needed to store data 'at scale' than rkyv (which is just a serialization framework after all): well defined data and file format, backward compatibility, bloom filters, run length encoding, compression, indexes, interoperability between languages, etc. etc.

Trusting possibly malicious inputs is an universal problem.

Here is a simple example:

    echo "rm -rf /" > cmd
    sh cmd

The solution is to add a cryptographic signature to detect tempering.

But tools like Pickle or Java deserialization or, most likely, rkyv_dyn will happily give you outputs that contain callables and that contain behavior, and the result is not safe to access. (In Python, it’s wildly unsafe to access, as merely reading a field of a Python object calls functions encoded by the class, and the class may be quite dynamic.)

[0] The world is full of infamously dangerous XML parsers. Don’t use them, especially if they’re written in C or C++ or they don’t promise that they will not access the network.

> The solution is to add a cryptographic signature to detect tempering.

If you don’t have a deserializer that works on untrusted input, how do you verify signatures. Also, do you really thing it’s okay to do “sh $cmd” just because you happen to have verified a signature.

> This is also called a man in the middle attack.

I suggest looking up what a man in the middle attack is.

I was a bit confused when you compared it to Python pickle and assumed you were talking about general input validation somehow.

I agree that pickle and similar are profoundly surprising and error prone. I struggle to find any reasonable reason one would want that.

As for the man in middle attack, I meant that if somebody intercepts the serialized form, they can mutate it. And without a cryptographic signature, you wouldn't know.

Java is compiled to bytecode, and Obj-C is compiled to machine code. Yet both Android and iOS have had repeated severe vulnerabilities related to deserializing an object that contains a subobject of an unexpected type that pulls code along with it. It seems to be that rkyv_dyn has exactly the same underlying issue.

Sure, Rust is “safe”, and if all the unsafe code is sufficiently careful, it ought to be impossible to get the type of corruption that results in direct code execution, memory writes, etc. But systems can be fully compromised by semantic errors, too.

If I’m designing a system that takes untrusted input and produces an object of type Thing, I want Thing to be pure data. Once you start allowing an open set of methods on Thing or its subobjects, you have lost control of your own control flow. So doing:

    thing.a.func()

Exploiting this is considerably harder than exploiting pickle, but considerably harder is not the same as impossible.

Ultimately you should read the code of rkyv_dyn to understand what it does instead of making random claims.

It will be faster for you to read the code than for me to attempt explaining how it works. Especially since you will most likely choose the least charitable interpretation of everything I say. There is very little code, it won't take long.

I really don't. I think you mean that Rust compiles to machine code and neither loads executable code at runtime nor contains a JIT, so you can't possibly open a file and deserialize it and end up with code or particularly code-like things from that file being executed in your process.

My point is that there's an open-ended global registry of objects that implement a given trait, and it's possible (I think) to deserialize and get an unexpected type out, and calling its methods may run code that was not expected by whoever wrote the calling code. And the set of impls and thus the set of actual methods may expand by the mere fact of linking something else into the project.

This probably won't blow up quite as badly as NSCoding does in ObjC because Rust is (except when unsafe is used) memory-safe, so use-after-free just from deserializing is pretty unlikely. But I would still never use a mechanism like this if there was any chance of it consuming potentially malicious input.

The first library that comes to mind when I think of this is `serde` with `#[derive(Serialize, Deserialize)]`, but that gives persistence-format output as you describe is preferable to the former case. I usually use it with JSON.

So, this seems like it may be a false dichotomy.

rkyv is not like this.

It’s like you listed a bunch of serialization technologies without grokking the problem outlined in the post doesn’t have much to do with rkyv itself.

The only problem in the blog post is efficient coding of optional fields and all they was introduce a bitmap. From that perspective, JSON and XML solve the optional fields problem to perfection, since an absent field costs exactly nothing.

Capnproto doesn’t support transform on serialize - the optional fields still take up disk space unless you use the packed representation which has some performance drawbacks. Also the generated capnproto rust code is quite heavy on compile times which is probably some consideration that’s important for compiling queries.

I'm not sure you are serious. What open problem do you have in mind? Support for persisting and deserializing optional fields? Mapping across data types? I mean, some JSON deserializers support deserializing sparse objects even to dictionaries. In .NET you can even deserialize random JSON objects to a dynamic type.

Can you be a little more specific about your assertion?

Your deserializer is probably running on a CPU, and that CPU probably has a very fast L1 cache and might be targeted by a compiler that can do scalar replacement of aggregates and such. A non-zero-overhead deserializer can run very quickly and result in the output being streamed efficiently from its source and ending up hot in L1 in a useful format. A zero-overhead deserializer might do messy reads in a bad order without streaming hints and run much slower.

And then to get very very large records, as in the OP, where getting a good on-disk layout may require thought. And, frequently, the right layout isn’t even array-of-structs, which is why there are so many tools designed to query column stores like Parquet efficiently.

Unless the reason you care about space is because it's some sort of wire protocol for a slow network (like LoRaWAN or Iridium packets or a binary UART protocol), where compression probably doesn't make sense because the compression overhead is too large. But even here, just defining the data layout makes sense, I think.

Tihs could take the form of a C struct with __attribute__((packed)) but that is fragile if you care about more platforms than one. (I generally don't, so that works for me!).

BS. Nothing can be faster than a read()/write() (or even mmap()) into a struct, because everything else would need to do more work.

(I have a MacBook Pro that is only around 10% slower at this than an AMD workstation. The workstation has considerably higher TDP. I’m quite impressed.)

The paper doesn't actually give a clear description of its own algorithm, and there are two specific problems that are apparent even without much of a description:

1. It confuses quantum state vectors with classical vectors or vectors of values. Classically, or on a quantum computer, you can have n values stored in registers or in memory or on a piece of paper or whatever and you have an n-element vector. But on a quantum computer, if you have n qubits and write down their state, you have a 2^n-element vector of complex numbers. These are not the same thing.

So you can have the quantum Fourier transform, which Fourier transforms the coefficients in the state vector of n qubits, which is not at all the same thing as taking 2^n logical numbers and Fourier transforming the numbers.

But this paper very glibly discusses how the QNTT (Quantum Number Theoretic Transform) is nicer than the QFT, but as far as I can tell, the "QNTT" is described in one single paper, doesn't really have much to say for itself, and is actually just an algorithm, supposedly optimized to run on current quantum hardware, that transforms n numbers stored in n registers. (And if a paper wants to claim to number-theoretic-transform the coefficients of a quantum state vector, it should start by explaining how the coefficients of said state vector are to be viewed as elements of a finite ring or field, which these papers do not even pretend to do.)

I think they're using the QNTT to optimize modular exponentiation, which is at least vaguely plausible, but that's using the QNTT for a purpose completely unrelated to what Shor's algorithm uses the QFT for.

2. The replacement of quantum modular exponentiation with classical modular exponentiation is just weird and is completely missing an explanation. Modular exponentiation is just a classical function, like f(r) = 2^r mod p. You can make it reversible (where all operation have inverses) by instead doing somthing like (z, r) -> (z + 2^r mod p, r) -- if you start with z = 0, you get the answer, and if you start with z != 0, you get z added to the answer.

Quantum computers can evaluate quantum functions where the input is qubits instead of classical bits, and they do it by running reversible calculations as above, and many algorithms require doing exactly this while carefully avoiding entangling the inputs or outputs with anything else. So if you start with two quantum registers, you can write the state as complex number times each possible input state (all 2^b of them where b is the total number of bits in all the registers) and you get those same complex numbers times the output states. [0]

The paper claims, with no explanation that I can see, that somehow you can instead do the modular exponentiation on a regular computer and encode those exponents into the quantum circuit. If you are willing to do all 2^b of them, then fine [1], but remember, b is larger than 2048, and this isn't going to work. So maybe they're approximating the modular exponentiation by somehow extrapolating it from a very, very spare set of samples? If that works, that would be quite nifty, but again the paper doesn't appear to so much as acknowledge any complication here. On the other hand, I can easily imagine factoring a number like 15 this way, since the number of samples needed to completely capture the function is rather small.

(I hope I did an okay job of making this both correct and somewhat accessible.)

[0] The calculation is reversible, each input state maps to exactly one output state and vice versa, so each coefficient appears in front of a different logical output state, which makes the math work.

[1] Not fine, because the resulting circuit will be so large that you will never finish running it. But mathematically fine in the sense that you'll get the right answer. Also, by the time you have classically sampled the entire search space for a problem like modular exponentiation, you have already brute forced all possibly discrete logs, at which point you don’t need the quantum computer!

I’ve never seen the slightest relationship between the charge to read a paper and the quality of review.

Yelp, TripAdvisor, wire cutter, hell even Google results themselves.

Once you start poisoning that well, it's difficult if not impossible to claw it back.

> Section 1798.500(e)(1) states:

“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

So… DNS servers are “covered application stores”, right? As is PyPI or GitHub or any other such service. S3 and such, too — lots of facilitating going on.

And I’m wondering… lots of things are general purpose computers. Are servers covered? How about embedded systems? Lots of embedded systems are quite general purpose.

edit: Yikes, whoever wrote the text of the law seems to have failed to think at all.

> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

The developer shall request? Not the application? So if I write an application and you download it and run it on an operating system, then I need to personally ask your OS how old you are? This makes no sense.

> (2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

Did they forget to make this conditional on getting g the right answer? If I develop an application used by a 12-year-old and the OS says the user is 18+ (which surely will happen all the time even if no one lies because computers have multiple users), and the OS answers my query, then courts are directed to deem that I have actual knowledge that the user is under 13? Excuse me?

Conversely, if the OS says the user’s 13, then they can’t say they thought the user was actually 18. Guess sucks to suck if you want to buy a movie ticket from your kid’s phone, or if you mistyped your age when you set yours up because you didn’t have your passport nearby.

For incorrect OS answers, keep reading. 3B covers what happens if there's clear and convincing evidence that the age covered in 2A is inaccurate. (Reported profile birthday, for instance) This is "if someone shows a bartender a valid drinking-age ID but says they're celebrating their 17th birthday, this can't be ignored".

Nothing there responds to the question. If my 17 year old answers “I'm 23”, what exactly prevents them from posting to /r/nsfw? What constitutes “clear and convincing evidence”? If there's no answer here, then there appears to be no purpose to this law as this sort of thing is precisely what it's supposed to be preventing.

Grouping braces and capitalization mine. So distributing also required. However it's still overly broad, vague, and ambiguous.

So OpenWRT would be covered since they allow the user to download packages (ie software) via apk/opkg.

Awesome!

If you put it on an x86 box you can attach keyboard and monitor.

This isn't a law. It's a prayer.