frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

From Human Ergonomics to Agent Ergonomics

https://wesmckinney.com/blog/agent-ergonomics/
1•Anon84•59s ago•0 comments

Advanced Inertial Reference Sphere

https://en.wikipedia.org/wiki/Advanced_Inertial_Reference_Sphere
1•cyanf•2m ago•0 comments

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

https://www.phoronix.com/news/Fluorite-Toyota-Game-Engine
1•computer23•4m ago•0 comments

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

https://publicdomainreview.org/essay/typing-for-love-or-money/
1•prismatic•5m ago•0 comments

Show HN: A longitudinal health record built from fragmented medical data

https://myaether.live
1•takmak007•8m ago•0 comments

CoreWeave's $30B Bet on GPU Market Infrastructure

https://davefriedman.substack.com/p/coreweaves-30-billion-bet-on-gpu
1•gmays•19m ago•0 comments

Creating and Hosting a Static Website on Cloudflare for Free

https://benjaminsmallwood.com/blog/creating-and-hosting-a-static-website-on-cloudflare-for-free/
1•bensmallwood•24m ago•1 comments

"The Stanford scam proves America is becoming a nation of grifters"

https://www.thetimes.com/us/news-today/article/students-stanford-grifters-ivy-league-w2g5z768z
1•cwwc•29m ago•0 comments

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

https://cheekypint.substack.com/p/elon-musk-on-space-gpus-ai-optimus
2•simonebrunozzi•37m ago•0 comments

X (Twitter) is back with a new X API Pay-Per-Use model

https://developer.x.com/
2•eeko_systems•44m ago•0 comments

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

https://github.com/dmtrKovalenko/zlob
3•neogoose•47m ago•1 comments

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

https://github.com/mabrucker85-prog/Project_Lance_Core
2•mav5431•48m ago•1 comments

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

https://phys.org/news/2026-02-scientists-levitating-crystals.html
3•sizzle•48m ago•0 comments

When Michelangelo Met Titian

https://www.wsj.com/arts-culture/books/michelangelo-titian-review-the-renaissances-odd-couple-e34...
1•keiferski•49m ago•0 comments

Solving NYT Pips with DLX

https://github.com/DonoG/NYTPips4Processing
1•impossiblecode•50m ago•1 comments

Baldur's Gate to be turned into TV series – without the game's developers

https://www.bbc.com/news/articles/c24g457y534o
2•vunderba•50m ago•0 comments

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

https://www.youtube.com/watch?v=40SnEd1RWUU
2•dangtony98•56m ago•0 comments

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

https://github.com/bowang-lab/EchoJEPA
1•euvin•1h ago•0 comments

Disablling Go Telemetry

https://go.dev/doc/telemetry
1•1vuio0pswjnm7•1h ago•0 comments

Effective Nihilism

https://www.effectivenihilism.org/
1•abetusk•1h ago•1 comments

The UK government didn't want you to see this report on ecosystem collapse

https://www.theguardian.com/commentisfree/2026/jan/27/uk-government-report-ecosystem-collapse-foi...
4•pabs3•1h ago•0 comments

No 10 blocks report on impact of rainforest collapse on food prices

https://www.thetimes.com/uk/environment/article/no-10-blocks-report-on-impact-of-rainforest-colla...
2•pabs3•1h ago•0 comments

Seedance 2.0 Is Coming

https://seedance-2.app/
1•Jenny249•1h ago•0 comments

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

https://apps.apple.com/us/app/fitspire-5-minute-workout/id6758784938
2•devavinoth12•1h ago•0 comments

Dexterous robotic hands: 2009 – 2014 – 2025

https://old.reddit.com/r/robotics/comments/1qp7z15/dexterous_robotic_hands_2009_2014_2025/
1•gmays•1h ago•0 comments

Interop 2025: A Year of Convergence

https://webkit.org/blog/17808/interop-2025-review/
1•ksec•1h ago•1 comments

JobArena – Human Intuition vs. Artificial Intelligence

https://www.jobarena.ai/
1•84634E1A607A•1h ago•0 comments

Concept Artists Say Generative AI References Only Make Their Jobs Harder

https://thisweekinvideogames.com/feature/concept-artists-in-games-say-generative-ai-references-on...
1•KittenInABox•1h ago•0 comments

Show HN: PaySentry – Open-source control plane for AI agent payments

https://github.com/mkmkkkkk/paysentry
2•mkyang•1h ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•1h ago•1 comments
Open in hackernews

Writing Memory Safe JIT Compilers

https://medium.com/graalvm/writing-truly-memory-safe-jit-compilers-f79ad44558dd
73•sgammon•4mo ago

Comments

dataflow•4mo ago
From https://v8.dev/blog/sandbox

> Using a memory-safe language for these components and removing JIT compilers could work, but would significantly reduce the engine's performance (ranging, depending on the type of workload, from 1.5–10× or more for computationally intensive tasks)

I don't get it, why the dichotomy between "no JIT" and "sandboxed JIT"? Isn't the not also the option of producing JITted code with safety guarantees, similarly to how the Rust compiler generates code with safety guarantees?

manwe150•4mo ago
I think the issue they are stating is the errors are either in the optimizer (needing alive2 equiavlent) or in the analysis passed. A memory safe language (in this case JavaScript) can convince a buggy compiler to do things out of spec. The attack surface of the interactions of the compiler might be more interesting or larger than of the compiler itself

Rust only guarantees it up to bugs in the analysis though, which is usually okay for rust, but not for truly adversarial inputs (JavaScript)

The better comparison might be ebpf, where you take the output of one compiler, then verify with a second compiler, then compile with a third compiler, so there are that many more gates you need to pass to get malicious input to produce exploitable output, while still getting speed

bawolff•4mo ago
My impression is that JIT bugs would be similar to a bug in the rust compiler. No system is perfect and the rust compiler is just as susceptible to bugs as a jit engine is.

The difference being that your rust programs aren't usually written by malicious people. The goal is to prevent accidental memory safety issues not intentional ones. In contrast the JIT compiler is compiling code made by the adversary.

matheusmoreira•4mo ago
Wish they'd go into more detail about these Futamura projections and how the partial evaluation is implemented. I get it at a conceptual level but I'm still not confident enough to implement one myself.
sgammon•4mo ago
The linked tech talk ("Deoptimization [...]") goes into a lot more detail -- worth a watch if you find this stuff interesting:

https://www.youtube.com/watch?v=pksRrON5XfU

Leszek•4mo ago
The V8 sandbox doesn't just protect against JIT issues, it also protects against logical issues in the runtime and object model.
mike_hearn•4mo ago
Not exactly. It's the nature of a sandbox that it doesn't remove bugs, it only reduces their blast radius. The Truffle architecture actually removes bugs by changing how you write the language VM to begin with.
Leszek•4mo ago
I said it "protects" against bugs, not that it "removes" them. The Truffle architecture removes mismatches between JIT and interpreted code (when it doesn't have bugs itself, which is not guaranteed either), but it doesn't remove runtime or object model logic errors that affect both.
funcDropShadow•4mo ago
Because, Truffle is reused in multiple language VMs their overall attack surface is smaller than it would be with classical language VM architectures.
comex•4mo ago
I don't think this is actually memory-safe. It sounds like the JavaScript-specific parts of the VM are untrusted, i.e. bugs in it won't violate memory safety. But the core GraalVM compiler and its optimizations would still have to be trusted (or if not, the post doesn't explain why not).
mike_hearn•4mo ago
(I wrote the article).

The optimizations do have to be correct. However, there are some significant factors that make it a lot easier in the Truffle architecture:

1. The optimizations are themselves implemented in a language with memory safety and lots of static analysis tools, so they're just less likely to be buggy for the usual reasons.

2. Most of the complex optimizations that matter for a language like Javascript or Python are implemented in the interpreter, which is then partially evaluated. In a classical language VM complex optimizations like PICs, specialization, speculation etc are all hand coded in C++ by manipulating compiler IR. It's a very unnatural way to work with a program. In the Truffle architecture they're implemented in normal Java in relatively straight-line logic, so there's just far fewer ways to mess up.

3. The intrinsics are also all written in a memory safe language. Buggy intrinsics are a common cause of compiler errors.

It is nonetheless true that at some points the program is transformed, and those transforms can have bugs. Just like how languages with memory safety and strong standard libraries don't eliminate all bugs, just a lot of them. It's still a big upgrade in correctness, I think.

darkamaul•4mo ago
I think the _copy-and-patch_ approach [0] is probably the best compromise here.

You get many of the guarantees of compiled code (strong correctness, reduced mismatch between interpreter vs JIT semantics, etc.), while still being very close to native performance.

In fact, Python is already moving in that direction: the new bytecode-based copy-and-patch JIT in Python 3.13 shows correct results even before heavy performance tuning.

So to me this seems like a very promising road: I wonder how practical this is if the base language is not C/C++ but Rust (or any kind of memory safe language).

[0] https://arxiv.org/abs/2011.13127

shikon7•4mo ago
> Although being written in Java does improve memory safety, we just saw that rewriting V8 in a safe language wouldn’t help with the types of bugs V8 is trying to solve and so we would intuitively expect that GraalJS must suffer from the same classes of bugs. Yet, it doesn’t.

Essentially it exchanges the bugs of a V8 engine for the bugs of the GraalVM, right?

drysart•4mo ago
That's what I got from reading the article; the takeaway is that all its doing to solve the types of problems V8 has is by shifting the complications beneath another layer. All the problems and challenges and potential for mistakes still exist, they're just within GraalVM now.

Which is not without real benefit, of course; it's a lot easier to build and secure one genericized VM runtime toolkit than it is to rebuild everything from scratch for every single language runtime like V8 that might need to exist. It's far better to competently solve the difficult problem once than to try to competently solve it over and over and over.

anonymousDan•4mo ago
Yeah I wonder if there has been much work on formal verification here (including of compiler passes). I know the LLVM team have done some interesting work on verifying LLVM passes using the Alive2 tool for example.
mike_hearn•4mo ago
No, that's not what it's arguing.

Basically it's easier to implement optimizations correctly if you're expressing them in regular logic instead of hand-written graph manipulations. The underlying approach is fundamentally different.

pjmlp•4mo ago
I love the work being done by GraalVM team, and the ones that predated it like MaximeVM and JikesRVM, proving that it is possible to use safer languages for all layers of compiler development, instead of the usual cargo cult of what is supposed to work.
bencyoung•4mo ago
I think this is exactly the same approach PyPy used 15 or so years ago! Partially evaluate the language runtime
svieira•4mo ago
It is! https://news.ycombinator.com/item?id=7061913