I know async-signal-safety is particularly important for, you know, signal handlers. But aside from those, and the multi-threading use case you describe, is there another use case where calling non async-signal-safe code from inside this module would lead to issues (that isn't covered in the new limitations)?
I can add another limitation is issues can transpire if the code you run in `callable()` isn't async-signal-safe, but I'd like to offer a few additional examples of gotchas or surprises to point out there.
At the risk of sounding overly harsh, I just don’t think this crate is a particularly good idea. I really do mean this as constructive criticism, so let me explain my reasoning.
A function being marked unsafe in Rust indicates that there are required preconditions for safely invoking the function that the compiler cannot check. Your “safe” function provided by this crate sadly meets that definition. Unless you take great care to uphold the requirements of async-signal-safety, calling your function can result in some nasty bugs. You haven’t made a “safe” wrapper for unsafe code like the crate claims, so much as you’ve really just traded one form of unsafety for another (and one that’s arguably harder to get right at that).
Port scanning from a web page, combined with DNS rebinding, can present a really nasty attack, and can effect an entire private network, not just localhost.
What a great read! I've never thought about how the way we experience the surface of the earth as 2D manifold of a 3D space, and how up until recently (relatively speaking) this was unknown.
It's interesting to expand on this idea and realize that maybe we are making the same mistake again, and that from our local perspective the universe is 3D, when in reality, it's a 3D manifold of a higher dimensional space.
One thing I am still unclear of though, is that isn't this proven to be the case? Is it not true that we are provably living in at least a 4D space, where time is the fourth dimension? We can observe its existence but cannot move freely through it and are confined to free transformations only in 3D space? In this way, aren't we living in a 3D manifold in a 4D space? So maybe then the question is are we living in a 3D manifold of a +4D space?
The basic background is that Einstein wrote a paper taking Lorentz more seriously than Lorentz took his own work: and that paper suggested that just maybe, when you accelerate in any given direction by an acceleration A, you see all of the clocks ahead of you some distance z tick faster by a factor Az / c², where c is the speed of light in vacuum, and behind you they tick slower with the corresponding negative z until a wall of death at z = -c² / A where clocks do not tick at all and time appears to stand still. This is in fact the only new fact that special relativity adds. Lots of people got very confused about the philosophical implications, but the mathematical implication is that time and space can be mixed together by these accelerations and must be treated as one unified geometrical entity.
Einstein then went one further on the whole 4D thing, because arguably we are always accelerating in this whole gravitational field of the Earth. You have a lot of options to choose from. So this part took Einstein many many years to work out. Maybe the easiest is to say that we standing on Earth are a non-accelerating reference frame, and then anybody who falls must see a wall of death somewhere out in space. That turns out to be a very boring approach, and also wrong. What Einstein suggested instead was that you are in a non-accelerating reference frame with no wall of death if you are in free-fall, and we standing on the Earth would see a wall of death beneath our feet, except we can't see beneath our feet. But if a body were more massive, maybe we could see the wall of death from orbit. And now we have a photo of a black hole to prove it! But even before that, the essential point is that if I put a clock up somewhere high (on a tower, in a plane, or at the top of a mountain) and I am standing on the ground, then I am accelerating towards that clock relative to free-fall: so that clock must be ticking faster than my clocks are. And we have had direct observation of that “gravitational time dilation” for a long time.
Mathematically, this means that we are in a manifold that looks locally 4 dimensional, in this weird way of coupling the four dimensions that couples accelerations with the ticking of clocks. We say, going back to this guy who worked out all of the mathematics before Einstein, that the manifold is locally Lorentzian, as opposed to Euclidean. But the manifold is four dimensional, not three dimensional. It has to have this coupling between time and space locally. But then globally it can have these interesting features like black holes.
Now, whether we can embed this curvy universe that we inhabit into a larger dimensional flat space, is not necessarily a given. I don't know many physicists who are deeply interested in that sort of question. Certainly to have the structure that we need, it needs to have Lorentzian timelike dimensions in it, one of which we use as our time dimension. Certainly also, the people working on string theory use these extra-dimensional possibilities to solve certain mathematical inadequacies that their string theories otherwise have: but usually those dimensions are locally available, so we would see them; so there is some sort of hand-waving about how they must be curled up into such a small length scale that we cannot actually observe them. But there is certainly a branch of string theory called M-theory that I do not personally know too much about which has something to do with viewing our universe as a geometric entity in a larger space.
Thankfully, the mathematics does not require this. The essential point of a manifold that the article somehow leaves out, is that I am no longer going to rely on global coordinates. I only care about local coordinates. So on the sphere, it is a two dimensional object, even though it lives in a three dimensional space, and that's because depending on where I am, I can uniquely identify points near me on the sphere by either their x & y coordinates, or their y & z coordinates, or their x & z coordinates. This fails for points that are not nearby me, because projecting a globe on to a flat surface this way will project two hemispheres onto the same point. But I can always choose one of those three and find myself in the middle of a hemisphere, and describe everything else on that hemisphere with those coordinates. So the whole point of a manifold is that I don't need global coordinates, and therefore it doesn't matter much whether or not I am embedded in a larger flat space or not.
I've not noticed before that special relativity implies a 'wall of death' as you put it but I see now you can get that from the Lorentz transform t'=(t-vx/c^2)/sqrt(1-v^2/c^2) combined with v=at.
Does the z=-c^2/a relation still hold in general relativity or is it modified by other terms?
Also
> we can't see beneath our feet
I presume you mean that we can, but for the values of A and z we experience here on earth, the radius of the Earth is much smaller than z so a point at a distance z "beneath our feet" doesn't exist as it's up and out the other side of the gravitational well
> And now we have a photo of a black hole to prove it!
I'm guessing you mean the event horizon is exactly such a "wall of death"?
Yes, the event horizon of a black hole is precisely this sort of wall of death. Indeed there is an active debate in the literature about whether outside observers ever see black holes because from the outside perspective infalling mass should become “frozen” on the surface, with Liu and Zhang very recently in 2009 arguing that if you consider a shell of nonzero thickness falling symmetrically into the black hole then as this mass approaches the event horizon the event horizon actually expands to gobble up some of the matter—this paper is then cited and refuted in a 2011 paper in the same journal by Penna, who argues that they got one little detail very wrong and that once you correct for this you do indeed see the matter “frozen” on the wall-of-death; see [1] for a PDF of this paper.
The z = -c² / A relation does hold even when you transfer from the first-order-in-β transform to the full Lorentz transform; for an outworking from the inimitable John Baez, see [2].
I did mean that we can’t see beneath our feet, but I see your point: at g = 10 N/kg this term c² / g is something like 10^16 meters away, way way outside of the Solar System, which is only in the billions of km large. I was purely thinking about our Schwarzschild radius, which is millimeters away from the center of the Earth: therefore we cannot see the Schwarzschild event horizon because it is nonexistent; it is “underground” but so far that then most of the mass is outside of that, so you have to recalculate and get an even smaller amount, but that then needs another recalculation... and so on. It vanishes to zero because the mass is not located in a condensed enough space.
Thanks! Honestly, about the implications in terms of physics I am really unsure. Maybe someone else from HN can chime in?
(also, it appears that in string theory, they are considering even higher-dimensional models for our universe...so it feels that 3/4 is rather a lower estimate)
If memory serves me Firefox cookies are stored unencrypted in an sqlite database with user level permissions. Haven't dug too deep, so I could be missing something, but last time I peaked down the rabbit hole that's what I remember.
Windows’ OS keychain API is pretty weak, accessing secrets does not require user authorization. macOS and some Linux desktops environments do it slightly better, but there’s only so much you can do to defend against an attacker with the same privileges as the user.
unencrypted if you want to. firefox always allowed a password so it is encrypted at rest. you will have to pry it out of the process memory after the user type the password.
Why can't any code that want's to steal your passwords in firefox's DB just use firefox's open source code to decrypt? Firefox requires no password to start up and access your passwords so why couldn't any other code just follow the same process?
True. They suggest you use a master password, which solves this problem. But if you ignore that it will generate one for you which will only make it a little bit more annoying for anyone trying to steal directly from the offline file.
