Russ Cox

2024 resolution is to stop posting here. Now at @rsc" target="_blank" rel="nofollow noopener">hachyderm.io/@rsc. Perhaps also bsky.app/profile/russco….

"Fifty Years of Open Source Software Supply-Chain Security," by @_rsc (@Google), says industry's longtime goal of #software #reuse is now very real. bit.ly/46gAf72

Breaking my Twitter silence because @junyer has passed away, and this is the site where he was most active. I know we had at least a few followers in common. There is a public memorial page of sorts at github.com/google/re2/iss….

My GopherCon 2023 talk (re-recorded): “Go Changes” #golang youtube.com/watch?v=BNmxtp…

My (re-recorded) GopherCon Australia 2023 talk: “Go Testing By Example” #golang youtube.com/watch?v=X4rxi9…

@ZacharyEndrulat @goinggodotnet It's hard to tell exactly what happened from the description, but stealing cookies should not be enough by itself. It sounds like maybe his 2FA was TOTP (6-digit codes) and was also phished. Security keys are not phishable and are strongly preferred. static.googleusercontent.com/media/research…

My ACM SCORED 2023 talk: “Open Source Supply Chain Security at Google” #scored23 research.swtch.com/acmscored

Video for my talk: youtube.com/watch?v=6H-V-0…

@MakisMaropoulos @golang @Dr2chase #will-the-change-make-programs-slower-by-causing-more-allocations" target="_blank" rel="nofollow noopener">github.com/golang/go/wiki…

@golang @_rsc @Dr2chase I am wondering if this new feature sacrifices the performance of the program...

🧐 “Fixing For Loops in Go 1.22” by @_rsc and @dr2chase #golang go.dev/blog/loopvar-p…

In replies, @DougMerritt pointed out that a better link is to people.inf.ethz.ch/wirth/ProjectO……, which has all 3 PDFs and apparently running code.

Wirth and Gutknecht did this–documented code for a full system–with Project Oberon, published as a hardcover book in 1992 and recently updated as a free PDF: people.inf.ethz.ch/wirth/ProjectO… Like Knuth’s books, it’s fascinating to flip through and (for me) hard to read cover-to-cover.

@dbentley Glad to know I've been using his books right all along! Bill Gates has that quote on the back of TAOCP about send me a resume if you can read the whole thing, but if someone sent me that resume, I'd assume they were lying. :-)

@_rsc Knuth's 3:16 (and his discussion of it in "Things a Computer Scientist Rarely Talks About") make the argument that code shouldn't be read flat out, but explored and traversed stochastically to maximize understanding. Strong recommend for each of those books.

What TikTok-to-Twitter bot has been posting tweets with Go package fmt errors in them for the past year+ without any of its users caring? twitter.com/search?q=%22EX…

@BRIAN_____ People who want reproducibility independent of C toolchain can disable cgo and use pure Go net. But if a system has custom .so files listed in /etc/nsswitch.conf, net must use cgo to run them. In general we can't predict that, so using cgo is conservative but correct.

Surprised this amazing security accomplishment by the Golang team isn’t getting more attention: go.dev/blog/rebuild. It does seem like the way the CGO-based net package is built now is a regression of reproducibility. End-users’ C toolchain is the least reliable tool. @_rsc

@evmar Independent reasonable actions may combine to an unreasonable action. It is completely rational to say the outcome is unacceptable and then decide not to do both. (Drinking and driving is the obvious example.)

@evmar C compilers do what the authors of those compilers have written them to do. Those authors absolutely have considered these cases and wilfully decided that the compiler behavior is acceptable.

@jhietaniemi Fixed thanks. Looks like ``` was turning into “` before Markdown. (May take a few minutes for caches to clear.)

@_rsc Some ldquo relics remain, failed conversion? But on the article I so fully agree. The UB is full-on insanity. There is a quote to the effect "apparently it is important to you to get the wrong answer as fast as possible".