The point of ID laws is not to stop "bots" or "sockpuppets", it's to enable governments to shut down the speech of their political adversaries by painting them as dangerous. That is not democracy, that is authoritarianism, even if you absolutely hate the people that are being shut up.

Western countries are not in the midst of polarized political crises because of "external bad actors" or "sockpuppets". They're in these crises because of fundamental contradictions in values and desired policies between different segments of the populace.

The Europeans are currently full steam ahead in attempting to "fix" the situation by criminalizing dissent, which will, in the end, only exacerbate the political crisis by making the democratic system illegitimate.

These kinds of features are not intended for use in daily application development. They're systems-language features designed for building high performance, safe, very-low-level code. It will be entirely optional for the average Swift developer to learn how to use these features, just in the same way that it's optional for someone to learn Rust.

The EU DMA says they have to allow third party browser engines access to the same resources (the JIT) that Safari has. It specifically allows them to place reasonable requirements on those third party alternatives:

> The gatekeeper shall not be prevented from taking, to the extent that they are strictly necessary and proportionate, measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.

Access to rwx memory is inherently dangerous, and it's completely reasonable to expect third parties to have proven that they are serious about producing a usable browser engine before putting such a risky product on the market for consumers to download. The law does not require them to allow any third party application to access the JIT, only a third party application that competes with Safari (a usable web browser).

> You are claiming that static code analysis tools extensively used in C++ cannot detect all conceivable and hypothetical memory issues. The weasel words in here is that it is possible to detect them, but some can conceivably slip through.

No, there are entire classes of memory vulnerabilities that are impossible to check with static analysis because checking them is equivalent to the halting problem.

> To drive the point home, there are already a few CVEs even from use-after-free bugs in Rust code. What does that make out of the all assertion? Would this be a reasonable argument to reject Rust as an unsafe language?

The CVE that you referenced in the other comment was Rust calling into unsafe C code, as I pointed out. If you have a real example feel free to post it.

> The problem with these claims is that they rely on weak strawmen arguments and a very superficial analysis of the problem space. I get the need to do marketing, but if the audience is technical them don't you think arguments should stand on solid technical ground?

The views I have laid out here are the consensus among compiler engineers and in theoretical computer science. You only have to look at the compiler group at Apple:

- heavily invested in static analysis - maintains the clang static analyzer - maintains number of runtime memory analysis tools in Xcode - not invested in rust at all and seemingly not interested

Yet they are adding lifetime dependency annotations to Swift, making it more like Rust: https://github.com/swiftlang/swift-evolution/blob/ef71df4158...

The reason for this is that static analysis simply cannot do it when the semantic information about lifetimes is lost, even for a group that knows how to write strong static analysis tools. Program flow is too ambiguous without it, so it becomes impossible to detect such memory vulnerabilities without running the program and fuzzing it – an expensive, time consuming, and probabilistic process.

https://github.com/Forestryks/process-sync-rs/issues/3

One could say "Rust doesn't stop you from calling out into unsafe C code, so it's still possible to produce memory vulnerabilities in Rust", and it would be true, but it kind of misses the point and only really bolsters the Rust people when they say they want to rewrite everything in Rust.

In Rust, an API with a rule such as "you must check that the mutex is unlocked before you can destroy it" would be implemented using the type system in such a way as to make it impossible to drop it without checking its state. This is something that is not possible to do in C and cumbersome to do in C++.

You cannot detect all of these issues with static analysis. Rust does it by requiring the programmer to annotate lifetime dependencies in the source code. Without this additional semantic information, static analysis cannot fully reason about the lifetimes of variables.

There are efforts by some to introduce lifetime annotations to C++ (https://news.ycombinator.com/item?id=30888172), but any changes to the core language face a very steep uphill battle with the C++ standards committee, so any movement on this is likely to be compiler-specific attribute-based systems, adopted largely by companies invested in a particular compiler ecosystem (such as Apple or Google) to annotate their proprietary code.

On top of this, Rust is a very expressive language, with its features (like enum sum-types, traits etc) making it very easy to implement patterns such as compiler-checked state machines and polymorphism that doesn't involve the recognized downsides of class hierarchies.

It is not for everyone, and not for every kind of project, but its features resonate positively with a lot of people in systems programming because of their experiences with other systems languages and their downsides.

This is why Rust is popular today, particularly in certain communities.

Having been around far left activist groups in my past, there are many who think that doing things like this on purpose is morally justified, because it keeps the conversation on climate change. The media incentivizes it by covering them as "climate-fueled wildfire" stories, every single time.

Wildfires in Canada were at a two-decade low in 2020, during the lockdowns. Think about that.

An investigation via open sources by the BBC and Meduza (an anti-Putin media outlet based in Latvia) has confirmed the deaths of about 15k Russian soldiers since the start of the war, and estimates the true number to be up to 60% higher.

What sources do you have that the widely reported media number of 200k+ is actually true that doesn’t ultimately come from the government of Ukraine (who would have an interest in over-inflating their victories) or by a western government that is militarily supporting Ukraine?

They most likely only plan to long-term occupy the parts of Ukraine where the majority of the population still living there supports them. The last thing that Russia wants is fighting a never ending insurgency in Lviv oblast.

— it burns for a long time - it resists suppression

https://en.m.wikipedia.org/wiki/Incendiary_device

If you want gasoline to meet the definition you have to make napalm out of it.

https://www.vox.com/first-person/22256595/vaccine-covid-paki...

So I find it unlikely that they internally enforce prohibitions against meddling with anything at all.

[1] https://en.wiktionary.org/wiki/shtum#English

Given that the content HAS been verified as real, then bringing up the circumstances of how the laptop ended up in the NY Post's hands is simply an irrelevant diversion designed to muddy the waters.

> That word is doing a _lot_ of work there.

What work is it doing? If the content is real, what circumstances of the obtaining could possibly change opinions or analysis made *solely about* the content?

Nobody denies there were political machinations and obfuscations about the laptop's journey, involving political adversaries of Joe Biden, but that story is a separate one from analysis of the laptop's contents.