This is the common arguement used by people defending languages with tons of footguns.
If this is true, why not write everything in C++?
Javscript includes so many footguns that people know are bad (see the billion of examples of different types being added and getting random answers). Every langauge has some difficult parts, pretending that means any amount is fine is crazy. Javascript has earned its reputation.
>(see the billion of examples of different types being added and getting random answers)
Almost every "footgun" people cite about Javascript is something that would never be written as working code, by any competent programmer - they are "WTF" in that the person writing the "gotcha" has to go way outside of normal programming behavior to get the "WTF" result. Most of these "WTF" examples should be taken with a grain of salt.
If you're expecting to "WTF" about Javascript's type inference/coercion, that works according to some logical rules.
This matrix should be pretty easy to understand. Yes some things might seem weird like [[]] == false, and [1] == true, but nobody should be writing code like that, it's just illogical to do anything this way and I don't consider it to be a "gotcha". "Just because you can, doesn't mean you should" can be said about footguns in every language.
Yes, there are "WTF"s, but just like if I were to write a C++ "WTF", it wouldn't be something that most people would be tripped up by unless they were specifically looking for a way to say "WTF" about the language.
These "javascript sucks" internet arguments have persisted for decades, and it's always complaints about the language that are citing unreasonable examples to prove a point that a programming language has some rough edges. Every programming language has some rough edges.
Javascript maybe has more footguns than some other languages because it is so dynamic, and the dynamism has its benefits too that other languages don't have. I do like it and I use it effectively, YMMV. People just seem to be specifically mad at Javascript because it's so popular and was made so by being the defacto standard for web browsers. It's part jealousy and part frustration that their favorite programming language isn't the one that web browsers include by default.
This sounds like you haven't dealt with much moderately complex code in JavaScript. It sounds like you've never run into a situation where innocuous-looking code like
if (isAuthenticated)
{
...
}
behaves strangely and it takes you hours to track down in debugging, only to find that somewhere else in the code, isAuthenticated was assigned an array and it was assumed it could be treated as a Boolean that would be false if and only if the array was empty. Turns out sometimes the value is [[]] and it gets treated as false unexpectedly.
In any reasonable language, even a dynamically typed one, this should just be a type error because it's not a Boolean, but JavaScript decides to do something almost certainly unwanted. This is the real source of the complaints, not the fact that you can write “[[]]==false” on the console and laugh at the results.
>only to find that somewhere else in the code, isAuthenticated was assigned an array
That isn't "moderately complex code", that's completely stupid code and you deserve the grief if you are willy-nilly setting a boolean as an array. Maybe learning the difference between a bool and an array is something you should have done earlier in your programming journey.
Also love how you assume I've never worked on "moderately complex code" as a slight on me, when I've been writing software for over 40 years - just because I don't do stupid shit like assigning an array to a boolean variable does not i dicate I've "never worked on moderately complex code". That's some kind of gatekeeping troll.
>any reasonable language
I'm really not sure how stupid you have to be to assign an array to isAuthenticated. No, it is not something I have ever done in any language, because I'm not an idiot. YMMV.
> This is the real source of the complaints,
The complaints come from people doing stupid shit to themselves. It was easily avoidable and they got mad at the language?? Should we blame the language for every stupid thing people do with it? Will you also blame English for letting you write an obviously stupid comment?
Agreed. I think a lot of the "classic" footguns are picked up by current-day linters/AI/code-assists anyway, so even if you do somehow end up writing [[]]==false legitimately (explicitly or implicitly), you'll probably get a squiggly warning about it on your IDE immediately warning you.
For better or worse, JavaScript is the Lingua Franca of modern programming - you have a high-performance runtime environment pre-installed on basically anything, and readily installed on greybeard boxen if you are that way inclined . It is my "go to" for all hobby projects, frontend and backend. So versatile and a genuine joy to code in.
I will admit, there were a lot of people saying ridiculous things about crypto in 2021. Many of those people were very wrong, but still rewarded with bitcoin hitting 100k.
Those same people say it will hit 200k inevitably. I think all their reasoning is wrong, but yet they have been right. Curious what HN's opinons are.
> I think all their reasoning is wrong, but yet they have been right. Curious what HN's opinons are.
There's no way to predict the price. Everyone who's claiming to make a prediction is just guessing.
There are a number of influential people who are heavily invested in crypto, and so long as they have the ability to keep money funneling other people's money into it, prices will continue to increase. So I think the safest guess to make is that it prices will continue to rise for a least the next few years.
I remember a post on Blind where someone was passionately arguing that if we put house ownership on the blockchain, 2008 wouldn't have happened because a big part of it was not knowing who owned what homes.
Cynically, this sounds to me like something that people typically suggest we leave up to markets. Is that insane? Yes, but it's already a business model, and health insurance basically does that.
These people make vast sums of money every year by asking the American people what it's worth to them to not be ruined by a chance illness or injury, then finding ways to make sure they don't have to save people from financial ruin or death. I don't see how that's really so different from a protection racket, except for the fact that most protection rackets were operated with more good faith effort towards the extorted.
>These people make vast sums of money every year by asking the American people what it's worth to them to not be ruined by a chance illness or injury, then finding ways to make sure they don't have to save people from financial ruin or death. I don't see how that's really so different from a protection racket, except for the fact that most protection rackets were operated with more good faith effort towards the extorted.
This definition of a "protection racket" is a bit loose. By similar logic landlords are also a "protection racket" for having a place to hive.
> This definition of a "protection racket" is a bit loose. By similar logic landlords are also a "protection racket" for having a place to hive.
“As soon as the land of any country has all become private property, the landlords, like all other men, love to reap where they never sowed and demand a rent even for its natural produce.” - known Marxist-Leninist Adam Smith
I was thinking the same thing. Oh and why stay in the healthcare vertical? Surely the CEO and employees of Raytheon deserve to be shot in the back leaving a hotel. What a ridiculous set of conversations…
Most of those people are making several multiples the average Indian's lifetime earnings. Should those call center folks pay for the Indians' healthcare?
That's a cop-out. Just as the CEOs could transfer their higher wealth to average Americans, average Americans could transfer their higher wealth to Indians without changing or giving input on their healthcare system.
(which is absolutely not universal in any OECD-country sense)
I didn't say the consequences should be proportional, I said the responsibility (or blame); and profits derived should just be one part of the equation.
Criminal consequences of a company collectively being responsible for the deaths of individual(s) shouldn't just disappear because no one individual ostensibly caused it. A company is a system of incentives and processes, and if those incentives and processes are leading to preventable deaths and suffering, those who benefit most from and are most responsible for perpetuating those incentives and processes should be held liable.
While I have trouble wrestling with the assertion as well, it does hold pretty true to the way the US justice system works. Sentencing is generally far harsher for financial crimes as $ goes up.
In stuff like drug crimes, US even has the death penalty as sanctioned remedy for quantities and enterprises of sufficient organization for mega profits. The thought process seems to be if you provide bad health care in the form of selling illegal drugs, at some level the death penalty is on the table.
>While I have trouble wrestling with the assertion as well, it does hold pretty true to the way the US justice system works. Sentencing is generally far harsher for financial crimes as $ goes up.
Right, but only for financial crimes. You're not going to get off murder by saying you only got $100 for the hit.
If you sell a few hits of fentanyl you aren't going to meet the statutory definition of a criminal enterprise and therefore will not be eligible for federal death penalty even though fentanyl induces death.
If you sell $100M of fentanyl you can get the death sentence, since fentanyl is an element in inducing death at basically any sufficiently large quantity of a criminal enterprise.
It is not exactly the same, but it has a lot of parallels to the argument I see here. If you are an insurance salesman selling contracts you know will not be honored and such denied claims will be an element of death, many will not see it as serious as being the criminal enterprise leader who orchestrated it. Even in such case that the policy can be attributed to a single salesman, the executive is likely to be held more culpable just as the US code holds the criminal enterprise executive to the death penalty whereas it may not hold the low level guy who sold the fentanyl.
The government has had a very hard time classifying what type of crime drug dealing is. First they said it was a tax crime (well before that, an import or tariff crime). Then the 10th amendment was basically gutted, and it became a crime where all the facts could be identical to a pharmacy dispensing a script, but sans paying for a DEA license.
It is definitely a very strange one. The classical liberalism argument is that the most prominent aspect remains essentially a financial crime of failure to pay the licensing tax.
>and it became a crime where all the facts could be identical to a pharmacy dispensing a script, but sans paying for a DEA license.
That describes a bunch of crimes? If you raid a drug dealer's house and kill a bunch of people in the process, you'll go to jail. If it's the police doing it with a "license" (ie. a warrant), it's suddenly fine. More banal is you driving along, following all applicable laws and causing no issues, but if you're doing it without a license or insurance, it's suddenly illegal.
Yes of course. All of this seems to me totally psychotic and not at all a dystopia I want to live in. Which is why I lived in an area with almost no government, very weak police services, little to no code/zone enforcement, weak environmental controls, etc etc.
I pointed it out largely because I find the drug laws to be particularly strange.
Financial crimes are literally crimes that deprive people of their financial property. They are crimes because property is understood to have utility. This isnt rocket science.
Under me is 1000 salesman. Every salesman knows and understands I am selling a plan that will deny or delay for some covered minor ailments that once in a million set off a chain inducing death.
As CEO of ICI I collect $300M in premiums and from that take $3M.
After selling a million policies, a patient dies as a side effect of intentional strategy of denying authorization to pay for care. That plan is traced to going through a single salesman, who collected $5 from that sale and $50k in all his sales. From that same sales, I, the CEO only collected $1. That is, the dollar profit for the death is greater for the salesman than the CEO.
The salesman and I are both direct paths in the death, in fact the salesman more than me, hell the salesman even made more of a commission than I did. The public will likely hold me more in contempt.
My point is he (CEO) is viewed by many as most culpable for fraudulently denied claims at UHC -- and there are crimes, even non-financial ones like drug dealing, that tightly couple level of organization and sales of a product to differences in penalty for even a singe death. That is, this line of thinking is embedded in the USC.
The contrarian view is that drug dealing is a financial crime of not paying for the credentials of a DEA license, or that fraudulently denying medical claims is a crime of criminal negligence resulting in bodily harm.
As for where I started, my initial comments involved both financial crimes and drug dealing. Most but not all probably consider insurance fraud as a financial crime but one that some can only atone through vigilantism. The line to me on all accounts looks blurry.
I would seriously wonder how much you understand about proportions given the average nurse makes about 00.000002% of the $4.5 trillion in annual health care spending in the USA.
I also didn't say that should be the only factor. Clearly proximate responsibility for the relevant decisions should be (and already is) part of the equation.
That's the scary part. It's very tempting to just sentence someone like this. But more you dwell on it, the worst it gets. There is a reason why death penalty is considered an extreme.
The entire argument for high CEO renumeration is that they take on total responsibility for all actions of the company. The buck stops with them. So, why do we think it's acceptable for that not to be the case when the company does something bad?
Thats a good argument in a vacuum. But the world has determined "I was just following orders" is not a good defense.
We know the crimes against humanity are bad and subordinates are guilty if they do them. We don;t just let everyone off free except the head of state.
Not to see that united healtcare (as bad as they are) are anywhere near that, but I am saying that its clear that we, as a society, already hold all people complicit in evil as guilty. Not just the person at the top.
Might I suggest a purple logo, since its half Go (blue) and half rust (reddish). Lol
This fills a pretty good niche. There are several backend APIs that I want to use rust for, but ends up adding so much upkeep and complexity to deal with, but Go leaves errors uncaught.
The key (and way easier said then done) is to take a small amount of money out, accept that its likely all going to be gone, and try to milk it slowly so all the free drinks you get are worth the money.
I like in NYC, so achieving the typical cost of drinks is not hard.
> I'm pretty sure no company in their right mind today start a new product in C++
I say this as someone who loves rust and zig, but these types of statements make me feel like HN is way out of touch with the industry. New products are constantly made in C++. That doesn't make it good (and i don't think companies building in C++ are making the best choices), but to say that no big tech company is writing any new code in C++ is just not correct. I see this happen every day at my job.
I also would definitely say more C++ code is written every day over C, although I'll say, I am not as familiar with the embedded world, but I know one HFT/Gaming/Robotics firm will have millions of new C++ lines every day.
I assume the more unsafe rust used, the more the CVE numbers will appear like C and C++. People like to say unsafe means "I checked this and this is fine, compiler" and isn't a bad thing but I feel that's inaccurate since the whole point of rust is that people struggle to write safe code even when they are really checking. I feel unsafe rust is way more "I really hope this is right, but I have minimized it to just this area out of necessity, since it likely isn't."
I would like to see how much CVEs go down over time. The fact sudo is being rewritten suggests that even after long periods of use, security issues popping up is still a common-ish problem?
> security issues popping up is still a common-ish problem?
It seems to average out at a bit over 1 per year over the last 20 years, based on [1]; is that "a lot"? I guess?
It's worth pointing out that while there certainly are memory-related C-style issues, quite a few are logic errors because all of this is rather subtle once you start adding features beyond what e.g. "doas" does. For example the recent "Sudoedit can edit arbitrary files"[2] is a somewhat subtle interaction between sudoedit, environment variables, and flag parsing. Previously there was [3] and [4] from 2004 and 2010.
Will memory safety be a benefit? Of course it will. But I think these kind of issues are the real challenge here. A drop-in replacement for "sudo" is useful, but I have to wonder if it wouldn't be better to rethink the approach from first principles, taking 40 years of sudo lessons in to account. It's also surprisingly easy to shoot yourself in the foot with a wrong sudoers file, which is not strictly a security issue in sudo as such but also something that can probably be improved on?
That 2023 sudoedit bug has been in sudo since 1.8, released in 2011, and Todd has been maintaining sudo since 1994, and he's actually pretty good as well as experienced with this kind of stuff. Yet he still missed it, as did everyone else, for well over ten years. It seems there are far more structural problems in the entire approach that go well beyond "C is not memory safe". That's certainly an issue, but in a way seems almost banal compared to the deeper issues.
That's a really good point that I feel like isn't talked about enough. Unsafe rust is a lot harder to write correctly than bog standard C, because you have to uphold the invariants to avoid undefined behavior (1). It's why there's a whole ebook about it (2).
That doesn't mean it's impossible to write correct unsafe code, it's just not as obvious as "trust me bro I know better than borrowck." You can't actually elide the invariants Rust upholds, you just have to take over from the compiler when it can't prove them.
Another critical consideration of this is that if you make a mistake in unsafe rust code it could manifest itself as a 'bug' in the 'safe' rust code due to invariants that the safe code depends on not being upheld. It is literally undefined behaviour, in the "rm -rf / and insult your mother" sense.
Using grep, it looks like they mostly use unsafe code to interface with existing C libraries. In those cases it's roughly as tricky as writing C in the first place IMO, so still probably a net win.
I agree with this, but I also think this is such a “peace time” opinion.
If, for example, the nazis were at risk of invading the American homeland, would you want to wait until they are here and volunteers start coming in?
Again, I agree the draft is immoral, but so is war.
EDIT: for an even better example you should look up what the Japanese did to most civilians in WWII and really ask yourself if a draft to avoid that at home is bad.
I heard Iran is bad. You need to go die right now. No questions, no opinion, they MIGHT BE BAD SO YOU MUST DIE.
But seriously - you don't get to tell me to die because you are afraid. If you want someone to be sacrificed to your fears, start with yourself - you want someone to die, it better be you.
Now, get out there and suffer. I wish all the "glory"[1] of war to you - go die because (and i can't stress this enough) Iran MIGHT BE BAD.
[1] glories like: having your limbs torn off, permanent disfigurement, intense pain for the rest of your life, TBI and all of the difficulties they cause, PTSD, and mystery diseases! These glories assume you survive of course... but listen if you do good they will give you a shiny bauble to pin on your uniform.
> I agree with this, but I also think this is such a “peace time” opinion.
So, if the government decides to go to war, this opinion becomes irrelevant then?
And if the US can't convince people to enlist when they're under threat of invasion, I guess people just don't support the regime as much. I'm sure North Koreans are telling people "But what if the Americans invade? We must have the draft".
I think the point of that argument is that citizens generally can't predict what will happen well enough. Before the US entered WWII, I expect most Americans thought of it as "that far away European war that won't hurt us". Leaders in the US may have understood that the stakes were much higher, and allowing Nazism to take over Europe would be devastating for the US, but I figure regular Americans may not have gotten that, at least not in large enough numbers.
But I think it's fair to say that the US really did need to enter WWII. What if the US military needed more recruits, but no one wanted to enlist?
At least, I think that's what the argument is. I'm still not sure I buy it though, because, still, it's up to government leaders to convince people that there's actually a huge threat to the country, that war is necessary, and that people should put their lives on the line. If they can't do that, then maybe they don't deserve to be able to go to war. And if that does end up being disastrous for the country (or even the world) and its people, maybe that's just how things have to go down.
> But I think it's fair to say that the US really did need to enter WWII.
Sure it needed to enter the war - it wanted to put down Japan and take control of the pacific. Plus, the war allowed it to gain massive influence over Europe and better containment of the USSR.
But that doesn't mean the people of the world needed the US to enter the war. Just like they didn't need the other imperial states to engage in their world wars.
> Leaders in the US may have understood that the stakes were much higher, and allowing Nazism to take over Europe would be devastating for the US, but I figure regular Americans may not have gotten that, at least not in large enough numbers.
So they may have claimed. In reality it would have been pretty fine for the USA, Nazi Germany was fundamentally unstable and would be struggling with suppressing dissent in its conquered population for at least a century if it didn't collapse outright.
> If, for example, the nazis were at risk of invading the American homeland, would you want to wait until they are here and volunteers start coming in?
Yes, yes, a thousand times yes!
If you cannot get enough volunteers to fight in your war then tour population early doesn't care that much about winning it.
Even if there might be some hypothetical war where for some aliens-with-mind-control type reason the populace doesn't want to fight but losing the war would be even worse, having a draft as an allowed policy is still net bad because of all the times it will be used when there isnt some existential threat!
In almost every case the draft has been used, losing the war would be far better for the people than being drafted into the war.
The relevant population for “was the draft better?” seems to be the people eligible to be drafted not those actually drafted (and, depending on the question, might be everyone who has been or could be eligible)
>would you want to wait until they are here and volunteers start coming in?
I think the response to the 9/11 attacks shows that when something major happens, lots of people feel motivated to get up and do something. Volunteers flooded the different branches and even gov't services. My point being that I'm not sure a draft would be needed in your proposed situation.
I mostly agree with the broader point here, but 9/11 is IMHO a bad example. People were signing up for essentially a war of adventure against adversaries that were really no match. It’s a very different situation that the people of the Philippines up against the imperial Japanese army in WWII.
WWII saw similar response, so precedent is there when Americans see a direct threat. Some political action that nobody agrees with like Vietnam/Korean conflicts is where you see the lower interest. That's more in line with your example.
> I agree with this, but I also think this is such a “peace time” opinion.
It is, and the two examples below aren't comparable, you want a real-life recent example?
Look at Hong Kong and Taiwan: since at least the early 2000s after the hand over to the CCP in 97 many in HK knew the writing was on the wall of what Life would be like (look at films like 10 years for the most stark and sobering use of foreshadowing I have ever seen since maybe the works about East Germany). In the case of HK you have an affluent, highly educated population focused on what you think most modern developed nations seek: careers, status, salary, etc...
Their fight was a valiant one, starting in earnest in 2014 with the Umbrella Revolution, but the sad truth is HK was never in a capacity to thwart a real attack from the CCP in any real capacity since it's population didn't have any combat training or knowledge beyond the ad-hoc problems solving they were left with, coupled that with being unarmed and then seeing how Russia has invaded Ukraine and you can see why a similarly affluent and well educated country like Taiwan has had a massive up-tick in civilian combat and weapons training.
I'd hate to even contemplate what it would take to require the civilian mobilization in the US as even a thought exercise because f the obvious realities, but at that level I think we saw enough evidence from COVID how polarized people are in Society that I doubt how effective that even would be, and that is not even mentioning how unfit people are to be of any use in such situations given how prevalent obesity is in the Country.
> Again, I agree the draft is immoral, but so is war.
This is the conclusion any sane person comes to, and you'd think during/after COVID we would have come out with a better understanding of just fragile our World really is and how quickly it can turn to utter chaos because of unnecessary fragmentation that you'd think we would collectively regard War as the scourge of Mankind and yet some how it persists. It wasn't long into 2021 that Israel and Palestine were starting to kill each other again.
The REAL question is how to render War moot in modern Society, and my only conclusion is to elevate all of Humanity's standard of living such that they have a greater vested interest in stability and diplomacy as the sole form of conflict resolution rather than default to our basic instincts of tribalism that always leads to the perpetual senseless destruction of people and property at the behest of a political class and a few multi-national weapons dealers who profit from it.
If War is indeed immoral, than one has to also realize that War is the health of the State [0].
If this is true, why not write everything in C++?
Javscript includes so many footguns that people know are bad (see the billion of examples of different types being added and getting random answers). Every langauge has some difficult parts, pretending that means any amount is fine is crazy. Javascript has earned its reputation.