EgorBo

@EnZistenZ 1) HPC doesn't have to be unsafe in C# - example github.com/dotnet/runtime… (and a hundred of similar changes under reduce-unsafe label) 2) the reason is very clear - know all the places where you intentionally do things that can easily break/introduce CVEs.

@EgorBo coming from a unity/burst background this is concerning to say the least. it destroys the readability of any HPC code and basically adds another indent for no real reason. putting rust constraints and logic into c# makes little sense with how different they are

TL;DR on the upcoming changes in C# vNext for 'unsafe' (blog post devblogs.microsoft.com/dotnet/improvi…)

@EnZistenZ we debated a lot on this and decided to follow Rust (aka the most memory safe language) and learn from their experience. See rust-lang.github.io/rfcs/2585-unsa…

@EgorBo an unsafe method should not need another unsafe block. that looks terrible in so many ways, especially because Unsafe.As very clearly indicates it's unsafe. the more i look at it the less sense it makes. why are there 2 declarations of x?

@hexawyz @KooKiz I am not sure I understand what exactly you were expecting from this feature

@EgorBo @KooKiz That’s not really the point though. The point is that this feature brings me literally nothing as a developer. No help, no support, just more work.

.NET is going to drastically redefine the meaning of unsafe

@hexawyz @KooKiz There should be no reason to use unsafe (except for a tiny layer around pinvokes). We've made a lot of efforts over the last few years improving perf of 100% safe code to be on par with unsafe. 1 unsafe usage is enough to introduce a terrible CVE (most CVEs are memory-safety rel.

@EgorBo @KooKiz I still don’t see how it benefits developers. You use the code that you need to use. It just makes it harder but does not improve the code or allows to find any bug directly. (If you find a bug when rewriting it is not something that the tooling would detect itself)

@hexawyz @KooKiz forcing developers to audit & refactor all unsafe code is a huge benefit. In modern C# there are way too many unsafe things that most people don't even realize how dangerous they're

@KooKiz For literally zero developer benefits 😢

@KooKiz My fav. part is this (and it makes sense if you think about it from the new design's perspective) 🙃

@EgorBo mfw when they made stackalloc safe then unsafe again

@torn_hoof @nietras1 We're working on the migration story, but it will still require some manual audit of all unsafe code and this is by definition an inconvinience for those who write a lot of unsafe code (we want to minimize that in the .NET ecosystem).

@nietras1 @EgorBo Yeah I have kinda the same opinion, unless there happens to be some roslyn fixer which automatically applies the lowest valid combination of unsafe, I kinda doubt I will use that much.

@nietras1 We want to make sure developers (and AI) are aware when they deal with unsafe and mark those places, the UX can probably be improved with unsafe-as-expression, but that's not the goal. We also improved a lot of things in the JIT for safe code along the way.

@EgorBo To me this seems way to verbose for existing unsafe code and have a hard time seeing me adopting this in any existing code. Aka I don't want to litter code with unsafe blocks and yet another indent level... I'm guessing this is not seen as a concern?

@TeksEdge All these "create a game from scratch" benchmarks never correlate with what I see when I ask an LLM to fix a bug in a real world app 🙂 E.g. GPT is so clever for everyone here on X but for me in 9 out 10 attempts Opus just a mile better.

Gemini 3.5 Flash just released and its benchmarks show it is very close to GPT-5.5s performance. To settle the debate (🙄) I asked both to create a Galaxy shooter. What do you think? I like Gemini 3.5 Flash's levels and fast play but GPT-5.5 still has better aesthetics and life meters for enemies.

@xoofx I usually just vibe-code my own API clients in such cases. E.g. google forces everyone to use their new Interactions API but there is no C# support in their SDK ai.google.dev/gemini-api/doc…

The .NET Google.GenAI library has been broken for 2+ weeks now: github.com/googleapis/dot… I wanted to try their models in CodeAlta but hit the same issue, and the PR still hasn't been merged. I had a similar issue with Anthropic: made 2 PRs, waited ~2 weeks to get them merged. Starting to wonder if CodeAlta should avoid depending on any of these SDKs long term 🤔

@oldmanuk @tomwarren Copilot CLI has the same models. Harness is +/- the same

@tomwarren I guess that’s a clever way of reducing employee headcount without actually having to fire anyone. They’ll volunteer to leave willingly

scoop: Microsoft is starting to cancel Claude Code licenses. Engineers in Microsoft's Experiences + Devices team will have to transition to GitHub Copilot CLI by the end of June. Details in my Notepad 📒 issue, live now for subscribers 👇 theverge.com/tech/930447/mi…

@damageboy @ptr_to_joel nothing is more permanent than a temporary fix :-)

@EgorBo @ptr_to_joel Nope, but now put a bookmark and check this every month

holy wow they merged it

@kskrygan I'm very skeptical about the "1 month" part. Today, the only way to get something remotely as smart as Opus is to get 20x H200 GPUs (say, for 16-bit Kimi K2.6 with a usable context length). I predict the gap will always be too big to prefer local, unfortunately.

Would you be interested if JetBrains releases a totally local AI agent, working 100% on your laptop, using our code insight engine and deeply integrated into the IDE? Yes, it will be probably 1 month behind the very recent frontier models, but no token blood bath anymore WDYT?

@_jakubchmura @igorimx @kskrygan Benchmarks are uselss, though. None of those are even close to opus 4.5 in real world tasks

@igorimx @kskrygan a month is probably too optimistic, but if you look at those benchmarks its pretty close, and you can run quantized versions of this model on a mac

@shipilev Well, we actively use it ourselves. But I'm personally not too excited when first-time contributors send an obviously AI-generated PR to vm/jit/etc the domain is too complex to send changes you have no idea about

@EgorBo I have not seen many myself in my areas, so not overwhelmed, at least yet. But people do wonder if they can use GenAI for their work, hence the policy decision, AFAIU. How are your repos doing?

OpenJDK Interim Policy on Generative AI: openjdk.org/legal/ai. This aligns with my experience using GenAI tools: they are good at grasping some dusty context corners, but for surgical OpenJDK work you need to absolutely own every single line you push into the project.

@jugibuilds @fynnso $50B valuation 🤪

@fynnso If Composer is just Kimi And Cursor is just VS Code Where’s the moat bro

was messing with the OpenAI base URL in Cursor and caught this accounts/anysphere/models/kimi-k2p5-rl-0317-s515-fast so composer 2 is just Kimi K2.5 with RL at least rename the model ID

@nietras1 That account has spammed over 400 PRs across multiple repositories with an extremely low acceptance rate except for one repo, which is likely owned by a friend or the author. I’m not sure this adds any value to the OSS. if anything, it’s the opposite

@EgorBo what's bad about actual changes? (ignoring comment hell)