Rust is nowhere close to Node in terms of package number bloat. Most Rust libraries are actually useful and nontrivial and the supply chain risk is not necessarily as high for the simple reason that many crates are split up into sub-crates.
For example, instead of having one library like "hashlib" that handles all different kinds of hashing algorithms, the most "official" Rust libraries are broken up into one for sha1, one for sha2, one for sha3, one for md5, one for the generic interfaces shared by all of them, etc... but all maintained by the same organization: https://github.com/rustcrypto/
Most crypto libraries do the same. Ripgrep split off aho-corastick and memchr, the regex crate has a separate pcre library, etc.
Maybe that bumps the numbers up if you need more than one algorithm, but predominantly it is still anti-bloat and has a purpose...
While i agree the exact line “rust libraries are useful and non-trivial” i have heard from all over the place as if the value of a library is how complex it is. The rust community has an elitist bent to it or a minority is very vocal.
Supply chain attacks are real for all package registries. The js ones had more todo with registry accounts getting hacked than the compromised libraries being bad or useless.
Most programs only use one or a few hash functions, so grouping each family into a separate crate reduces compliation time for the majority of users. Could also help when auditing the removal of vulnerable hash functions.
As for ripgrep, the organization is quite sensible:
1. one crate to define an interface for regex matchers
2. one crate to implement the native matcher
3. one crate to implement the PCRE2 matcher
4. one crate to define a safe interface to the underlying PCRE2 library
Depending on the application, any one of 1+2+3+4, 1+2, 1+3+4, or 4 alone could be useful.
>I think that's an unfair framing. No one is paying Waterfox to allow ads
...
>Yes, that's correct. Startpage is the default search partner, and their search ads aren't blocked by default.
The framing seems fair to me. Certainly not more unfair than those who criticize Firefox for having a search deal that defaults to Google while allowing the user to change it (which some people do)
The distinction I'm drawing is between a revenue share from a search partnership and something like an acceptable ads programme where individual advertisers pay to bypass the blocker - those are different things.
"For how it works in practice: by default, text ads will remain visible on our default search partner’s page - currently Startpage. The idea is that this is what will keep the lights on."
Hezbollah has assassinated multiple government leaders and politicians and administrators within Lebanon, including a bombing that killed 23 people including the Prime Minister, and shootings that killed investigators responsible for investigating the Beirut port explosion a few years ago. Suspiciously this was shortly after Hezbollah was found by those investigations to have many links to the circumstances in which so much ammonium nitrate was being stored improperly in the first place.
Hezbollah also assisted the Assad regime in Syria during the Syrian Civil war - participating in laying siege to entire villages for long enough that people starved to death.
You are willfully ignorant. There is tremendous anger at Hezbollah even within Lebanon, especially since they restarted the war on Iran's behalf in recent weeks, giving Israel the causus belli to resume their bombing campaign against them.
People cursed the name for years, because it exposed all of the terrible, glitchy audio hardware drivers and refused on general principle to work around the issues to the degree that previous audio solutions had. And the result was that while the experience was inconsistent and buggy for years, it did eventually drag the Linux audio stack into a better place.
Comparing JACK and PulseAudio is like comparing apples and oranges. And honestly, JACK by itself is unsuitable as an audio server for general desktop usage.
JACK doesn’t support device hotplug (ya know, connecting and disconnecting a headset, something most of us do) and it also doesn’t support multiple applications generating audio without the user having to configure how audio is mixed.
JACK is designed for low latency in environments like Digital Audio Workstations (DAW) where you know 1) what audio hardware is present at all times, and 2) what applications are going to generate audio.
Many people who use/used JACK ran a PulseAudio bridge on top of it for every application that wasn’t the one or two applications that needed ultra low latency audio.
PulseAudio had some major warts, but JACK wasn’t some panacea that did everything better.
It also used a large multiple more memory than Alsa + basically any existing plausible combo of mixer software on top of alsa. While doing nothing. For no clear reason. And chewed processor cycles, while doing nothing. Back when 50MB was a meaningful amount of memory, and most machines were still single-core.
It was plainly really poorly-architected, just looking at its resource use patterns made this obvious in a heartbeat.
It also introduced fun new audio bugs and indeterminate latency. Which still haven't gone away entirely in 2026. To such an extent that any time I have an audio issue, I reflexively `pkill -9 pulseaudio` and about 99% of the time the problem just vanishes.
On the first machine where I had pulseaudio foisted on me - an 800mhz single core Duron - pulseaudio used literally 20% of my CPU time...
...At idle. When no audio was playing...
...To do software audio mixing which my creative labs audio hardware was capable of doing better and for free.
When I filed an issue with the pulseaudio people, saying "hey, you're wasting 20% of my CPU time at idle when no audio is playing because you're ignoring the fact that I have superior hardware that can do audio mixing for free", they closed the issue saying that pulseaudio wasn't meant to be used in situations where you have dedicated hardware for audio mixing.
The ALSA drivers for all the creative labs cards worked perfectly well. I never had any issues at all under ALSA, or under OSS before that.
I've had tons of issues with audio bugs once pulseaudio was introduced. To this day the most common solution to any audio issue I see is `pkill -9 pulseaudio`. And it solves the problem about 99% of the time.
Which is sad because the CEO's job is not to focus on the individual body parts but to make sure that the whole system is strong, beautiful, and healthy.
They can afford people who would do better. Windows 11 is trash. Azure is trash. Onedrive is trash. Outlook is trashier than it has ever been before, but it's not quite trash yet. Word is trash. Excel is rapidly enshittifying. Copilot is hot flaming radioactive tar cancer.
Does microslop even have a single thing left that isn't either completely terrible or worse than it used to be a mere 5 years ago?
Both. "New" outlook doesn't work with all of the add-ons and plug ins that "classic" outlook did. Both new and classic have copilot wedged into them. Classic has unasked for and unwanted Linkedin integrations that have to be turned off on a per-user basis, and it is patently clear that microslop has every intention of abandoning classic outlook the instant they believe that they can do so without severely alienating their userbase.
Well, it sounds like they are effectively slaves to the government, who is raking in their income on their behalf, and would presumably be able to "activate" them as an insider threat at some point.
All of the progressives combined were putting up lower numbers than Biden alone in several states, and Biden and moderates combined in nearly every state. It wasn't "rigged" and progressives convincing themselves that it was is MAGA-style revisionism.
I also have to admire the irony of Bernie supporters acting entitled to a coronation / noncompetitive primary after the kinds of things they said in 2016.
On the other hand, voting needs to mean something. If voting doesn't mean anything, because the whole system is held in a vice grip by a sclerotic institution playing power games with itself, then the broader system eventually collapses.
My personal opinion is that Mitch McConnell's intransigence and unwillingness to do anything lest Obama get credit for it led directly to an increased desire for a "strongman"
Anthropic and the Government both signed a contract. Anthropic is still abiding the terms of that contract. The Government is demanding that they be able to disobey the contract.
Everything is negotiable, and the Negotiator in Chief clearly likes to pull all the levers he can find, legal or not. (Well, the Supreme Court ruled that it's all legal if he does it, right?)
Implementation details TBH. They want “their boys” to do as said. No respect to agreement or legality as we can see in other dealings. They hold all they cards.
It's not an "implementation detail." Either obeying contract law subjects you to being designated a supply-chain risk, or it does not, and that decision has ramifications outside this "implementation."
Irrelevant. The president holds all the cards, he is above the law and you are a supply chain risk if you ask anything else other than “how high” when you are told to jump. Laws or contracts are things in the past. The most a contract can do is define your limits and obligations, not your rights or privileges,
If the president can come to your house and burn it down, do we just throw up our hands and say, well he holds all the cards, oh well. Or do we call that out as being a bad thing?
> The president holds all the cards, he is above the law
Even though it seems that way, he really isn't, even now. Many of his EOs and other actions have been struck down in court, and while compliance with court orders has been far from perfect (another alarming trend), Trump has not actually gotten away with doing everything he wants to do.
I do fear for the future of this country, for rule of law, and the democractic norms that degrade day by day. But Trump is not actually above the law, as much as he wants to be.
You got downvoted a bit but I upvoted. You're clearly being descriptive in your statements, not prescriptive. I tend to agree that this is how things are now.
Our country is not being run by the rule of law right now.
Well, that's not the way context works and it's dishonest BS. You wrote "You got downvoted a bit but I upvoted. You're clearly being descriptive in your statements, not prescriptive." -- no, they were prescriptive from the start, and the prescription and the goalpost moving and wool-over-eyes pulling is why they were downvoted.
For example, instead of having one library like "hashlib" that handles all different kinds of hashing algorithms, the most "official" Rust libraries are broken up into one for sha1, one for sha2, one for sha3, one for md5, one for the generic interfaces shared by all of them, etc... but all maintained by the same organization: https://github.com/rustcrypto/
Most crypto libraries do the same. Ripgrep split off aho-corastick and memchr, the regex crate has a separate pcre library, etc.
Maybe that bumps the numbers up if you need more than one algorithm, but predominantly it is still anti-bloat and has a purpose...
reply