> a RCE vulnerability is the type of thing that nation state actors in Russia and North Korea dream of
Does this mean other state actors are beyond needs of RCE vulns as their tools belt and North Korea and Russia lagging behind? Some other interpretation from security-involved practitioners here - like, I don't know - we already have Pegasus, phew on OpenCode RCE?
> Does this mean other state actors are beyond needs of RCE vulns
No, from experience, any nation state actor would love to take advantage of a RCE vuln: this was painted from the perspective of Bottlerocket which is in use by DoD, NSA, etc.
Genuine question, as someone who never used Claude Code, but used OpenCode/Aider/GeminiCli - as many here say Opencode is better, mind sharing why (from end user perspective)?
I was thinking to try Claude Code later and may reconsider doing so.
I experimented with Claude Code but returned to the familiar Aider which existed before all of these tools AFAIK.
You’ll notice people in Aider GitHub issues being concerned about its rather conservative pace of change, lack of plug-in ecosystem. But I actually started to appreciate these constraints as a way to really familiarise myself with the core “edit files in a loop with an end goal” that is the essence of all agent coding.
Anytime I feel a snazzy feature is lacking from Aider I think about it and realise I can already solve it in Aider by changing the problem to editing a file in a loop.
Well, there is Aider-CE aka Cecli, which moves, updates almost every day (I'm tried to try it but much).
Opencode is totally different beast comparing to Aider and I mostly stopped using Aider for 2 months or so - it just iterate simpler and faster with OpenCode for me.
> Figure 9: Durable writes with io_uring. Left: Writes and fsync
are issued via io_uring or manually linked in the application.
Right: Enterprise SSDs do not require fsync after writes.
This sounds strange to me, of not requiring fsync. I may be wrong, but if it was meant that Enterprise SSDs have buffers and power-failure safety modes which works fine without explicit fsync, I think it's too optimistic view here.
I suspect it’s a misunderstanding. PLP capacitors let the drive not flush writes before reporting a write completed in response to a sync request, but they don’t let the software skip making that call.
Yeah that's just flat out not correct. If you're writing through a file system or the buffer cache and you don't fsync, there is no guarantee your data will still be there after, say, a power loss or a system panic. There's no guarantee it's even been passed to the device at all when an asynchronous write returns.
However, in our experiments (including Figure 9), we bypass the page cache and issue writes using O_DIRECT to the block device. In this configuration, write completion reflects device-level persistence. For consumer SSDs without PLP, completions do not imply durability and a flush is still required.
> "When an SSD has Power-Loss Protection (PLP) -- for example, a supercapacitor that backs the write-back cache -- then the device's internal write-back cache contents are guaranteed durable even if power is lost. Because of this guarantee, the storage controller does not need to flush the cache to media in a strict ordering or slow way just to make data persistent."
(Won et al., FAST 2018)
https://www.usenix.org/system/files/conference/fast18/fast18...
We will make this more explicit in the next revision. Thanks.
Note that Aider is not much maintained over last 3 months or so, there is a fork Aider CE, though I'm just watching their changes through rss and not used myself.
I'm more in Opencode world now and its in general more efficient for me (I'm sorta sysadmin by day, not a programmer, so agentic mode with Opencode saves a lot of time cuz you can just tell - write adhoc Python script and check which objects/methods present at that library- savings me from a boring part of you know programming/diving deep in unknown languages).
On Aider part, I especially liked ability to nitpick the function name, which is great for more focused changes/investigations.
by WSL? Not my own experience, but I have couple of guys who still on Win10/WSL. Myself I've migrated to Win11 not sure when exactly, likely 4 years ago
it may happen that you just don't need it - the same way not everyone need to use vim/neovim.
without tmux/screen though, it's much harder, even less reliable, to work over ssh, so it becomes natural need for such sort of tools.
Say I use screen and later tmux since I believe ~ 2010 but not using "advanced" features like "panes" and screen splitting every month, most of the time for me it's just switching between windows in session and different sessions (not that often) and that's all.
As a helper, for some projects, I do use predefined layouts (say first 4 windows opens with inventory dir, other 2 with root folder of ansible repo) so on, but need this also not very often, like when laptop reboots (which is every ~ 3 week on Win11 nowdays)
Does this mean other state actors are beyond needs of RCE vulns as their tools belt and North Korea and Russia lagging behind? Some other interpretation from security-involved practitioners here - like, I don't know - we already have Pegasus, phew on OpenCode RCE?
reply