Hacker News: thasso

New comment by thasso in "Flux 2 Klein pure C inference"

thasso — Mon, 19 Jan 2026 20:10:30 +0000

> I believe that inference systems not using the Python stack (which I do not appreciate) are a way to free open models usage and make AI more accessible.

What's wrong with the Python stack? I have never much used it or any other ML stack so I'm genuinely curious.

New comment by thasso in "I/O Multiplexing (select vs. poll vs. epoll/kqueue)"

thasso — Sun, 12 Oct 2025 14:24:23 +0000

Your example on read(2) is a good one. There's no way to fix it purely by changing the API because, by nature, the user chooses the size of the buffer.

The difference is that fd_set is a structure that's not defined by the user. If fd_set had a standard size, the kernel could verify that nfds is within the allowed range for the fd_set structure. The select(2) system call would be harder to misuse then, although misuse would still be possible by passing custom buffers instead of pointers to fd_set structures. In that sense, I think we agree on the "problem".

It's indeed just a bit of Unix history, but I was surprised by it nonetheless.

New comment by thasso in "I/O Multiplexing (select vs. poll vs. epoll/kqueue)"

thasso — Sun, 12 Oct 2025 13:32:57 +0000

I don't get where my misunderstanding lies. Didn't I point out that the __copy_to_user call returns EFAULT if the memory is unmapped or unwritable? The problem is that some parts of the user stack may be mapped and writable although they're past the end of the fd_set structure.

> there's no formal API for it in the glibc headers

The author claims you can pass nfds > 1024 to select(2).If you use the fd_set structure with a size of 1024, this may lead to memory corruption if an FD > 1023 becomes ready if I understand correctly.

New comment by thasso in "I/O Multiplexing (select vs. poll vs. epoll/kqueue)"

thasso — Sun, 12 Oct 2025 12:43:01 +0000

This part is bewildering to me:

> Now, if you try to watch file descriptor 2000, select will loop over fds from 0 to 1999 and will read garbage. The bigger issue is when it tries to set results for a file descriptor past 1024 and tries to set that bit field in say readfds, writefds or errorfds field. At this point it will write something random on the stack eventually crashing the process and making it very hard to debug what happened since your stack is randomized.

I'm not too literate on the Linux kernel code, but I checked, and it looks like the author is right [1].

It would have been so easy to introduce a size check on the array to make sure this can't happen. The man page reads like FD_SETSIZE differs between platforms. It states that FD_SETSIZE is 1024 in glibc, but no upper limit is imposed by the Linux kernel. My guess is that the Linux kernel doesn't want to assume a value of FD_SETSIZE so they leave it unbounded.

It's hard to imagine how anyone came up with this thinking it's a good design. Maybe 1024 FDs was so much at the time when this was designed that nobody considered what would happen if this limit is reached? Or they were working on system where 1024 was the maximum number of FDs that a process can open?

[1]: The core_sys_select function checks the nfds argument passed to select(2) and modifies the fd_set structures that were passed to the system call. The function ensures that n <= max_fds (as the author of the post stated), but it doesn't compare n to the size of the fd_set structures. The set_fd_set function, which modifies the user-side fd_set structures, calls right into __copy_to_user without additional bounds checks. This means page faults will be caught and return -EFAULT, but out-of-bounds accesses that corrupt the user stack are possible.

Show HN: I wrote a from-scratch OS to serve my blog

thasso — Tue, 16 Sep 2025 14:32:25 +0000

Hey HN! This is a fun/educational project I built to learn OS programming. I started working on it right after graduating high school last year and have been working on it on and off during my first year of university. It features a TCP/IP stack, an HTTP server, a RAM file system, a BIOS bootloader, paging and memory management, and concurrent tasks based on cooperative scheduling, along with a custom library. It's written in a C programming style focused on safety (based on a custom library of core abstractions) that's inspired by the writing of Chris Wellons (nullprogram.com).

There is a link to a test deployment in the README. The TCP/IP implementation is nowhere near perfect, of course, so there may be issues loading the page. I'm curious how the system holds up if this post gets any attention ;-)

Comments URL: https://news.ycombinator.com/item?id=45262784

Points: 13

# Comments: 1

New comment by thasso in "Ask HN: The government of my country blocked VPN access. What should I use?"

thasso — Fri, 29 Aug 2025 11:26:44 +0000

Claude gave me a pretty convincing response without hesitation. Can't verify if it's sensible though.

New comment by thasso in "Long Term Support"

thasso — Fri, 01 Aug 2025 15:40:39 +0000

Can recommend this podcast [1] with Richard Hipp, primary author of SQLite, talking about, among other things, about the origins of SQLite and how they tested it for use in aviation.

[1]: https://corecursive.com/066-sqlite-with-richard-hipp/

New comment by thasso in "A Rust shaped hole"

thasso — Thu, 17 Jul 2025 07:20:30 +0000

A nice thing about C is that you can be pretty confident that you know all major footguns (assuming you spent some time reading about it). With languages that are young or complex there is a much greater chance you’re making a terrible mistake because you’re not aware of it.

Secure Your Keys with Keyand.me

thasso — Fri, 11 Jul 2025 07:55:16 +0000

Article URL: https://thasso.xyz/key-and-me.html

Comments URL: https://news.ycombinator.com/item?id=44529449

Points: 1

# Comments: 0

New comment by thasso in "Is anybody using this private key?"

thasso — Fri, 04 Jul 2025 16:53:28 +0000

Wait why did it say the key was unused when I submitted the first time, but now it shows the key is already taken?

New comment by thasso in "The Rise of Whatever"

thasso — Fri, 04 Jul 2025 09:06:55 +0000

I'm shocked every time I go to City Hall and wait while the clerk types my name letter by letter with two fingers. Doesn't he do that every day?! How as it never occurred to him or anyone else that maybe, just maybe, they would benefit from a typing course. It’s just one example of a pattern I’ve noticed with a lot of office workers.

New comment by thasso in "Demystifying Debuggers"

thasso — Wed, 11 Jun 2025 06:48:20 +0000

If you are interested in debuggers, there was a post series by Sy Brand a few years back:

https://blog.tartanllama.xyz/writing-a-linux-debugger-setup/

Eli Bendersky also wrote about debuggers (I think his post is a great place to start):

https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-...

I was fascinated with debuggers a while back exactly because they were so mysterious to me. I then wrote a ptrace debugger myself [1]. It features pretty simple implementations of the most common stuff you would expect in a debugger. Though I made the grave mistake of formatting all the code in GNU style.

[1]: https://github.com/thass0/spray/tree/main/src

New comment by thasso in "Ask HN: Anyone making a living from a paid API?"

thasso — Sat, 31 May 2025 15:43:16 +0000

Is this legal? How frequently do people with unique knowledge in a company pull things like this off?

New comment by thasso in "Chomsky on what ChatGPT is good for (2023)"

thasso — Sun, 25 May 2025 17:51:41 +0000

> The world’s preeminent linguist Noam Chomsky, and one of the most esteemed public intellectuals of all time, whose intellectual stature has been compared to that of Galileo, Newton, and Descartes, tackles these nagging questions in the interview that follows.

By whom?

New comment by thasso in "Wrench Attacks: Physical attacks targeting cryptocurrency users (2024) [pdf]"

thasso — Sun, 25 May 2025 15:23:15 +0000

Why don't we hear about this happening to people who are equally wealthy in classical (non-crypto) assets? Are they more discreet and harder to make out or are there protections in place at, e.g., banks that limit the efficacy of these kinds of attacks? I guess most wealth people don't have enough of their wealth in liquid assets to be a good target but people with lot's of crypto assets can easily transfer it all.

New comment by thasso in "On File Formats"

thasso — Sun, 25 May 2025 05:49:13 +0000

For archive formats, or anything that has a table of contents or an index, consider putting the index at the end of the file so that you can append to it without moving a lot of data around. This also allows for easy concatenation.

New comment by thasso in "InventWood is about to mass-produce wood that's stronger than steel"

thasso — Mon, 19 May 2025 17:43:51 +0000

What’s the limit on how much wood we can produce? I hear people say using wood is good for carbon capture, but trees take a lot of time to grow, no? If we started using 2x to 10x the amount of wood as we did before, wouldn’t we deplete our stock of trees?

New comment by thasso in "Implementing a RISC-V Hypervisor"

thasso — Sat, 17 May 2025 13:40:39 +0000

I’m really fascinated by hypervisors but I struggled to find resources when first trying to get into them. Would love it if someone could point me to more content like this.

New comment by thasso in "I think about C99 strict aliasing rules"

thasso — Sat, 17 May 2025 00:03:40 +0000

Systems languages have these weird semantics to allow writing performant low-level code and abstracting over the hardware at the same time (unsafe Rust too, check out its memory model for example). This doesn’t make any sense. Either you want a high level language to write correct code on many machines, or, if you want to make code fast, you want a language that allows writing for a specific platform. The C standard is stupid, just turn on -fno-strict-aliasing like any sane person would and get on with it.

New comment by thasso in "Odin: A programming language made for me"

thasso — Tue, 13 May 2025 10:03:12 +0000

> The worst part about uninitialized variables is that they frequently are zero and things seem to work until you change something else that previously happened to use the same memory.

This is not the whole story. You're making it sound like uninitialized variables _have_ a value but you can't be sure which one. This is not the case. Uninitialized variables don't have a value at all! [1] has a good example that shows how the intuition of "has a value but we don't know which" is wrong:

  use std::mem;
  
  fn always_returns_true(x: u8) -> bool {
      x < 120 || x == 120 || x > 120
  }
  
  fn main() {
      let x: u8 = unsafe { mem::MaybeUninit::uninit().assume_init() };
      assert!(always_returns_true(x));
  }

If you assume an uninitialized variable has a value (but you don't know which) this program should run to completion without issue. But this is not the case. From the compiler's point of view, x doesn't have a value at all and so it may choose to unconditionally return false. This is weird but it's the way things are.

It's a Rust example but the same can happen in C/C++. In [2], the compiler turned a sanitization routine in Chromium into a no-op because they had accidentally introduced UB.

[1]: https://www.ralfj.de/blog/2019/07/14/uninit.html

[2]: https://issuetracker.google.com/issues/42402087?pli=1