Awesome! The one thing that turns me off a little is `ModTime`. I generally avoid incorporating modification times into my build (generally I force them to 1970), but a hash for the ETag would be very welcome.

Yep etags is on my list of things to implement

I've added etag support

https://golang.org/x/crypto/nacl for the Gophers among us (it provides only box/secret_box, though)

https://medium.com/@sdboyer/so-you-want-to-write-a-package-m... would be a good start

I'm assuming you mean vdevs — you can resize zvols (virtual block devices) just fine. (and you can even grow disk-type vdevs, though they'll be somewhat unbalanced)

Yeah, sorry, edited. It's mainly the ability to resize RAIDZ or RAIDZ2 zdevs that would be really helpful.

SSLmate (https://sslmate.com/) actually makes things similarly simple — I've been using them for a few months now.

You can't prove the hash function is correct, no. But you can prove the hash function is implemented equivalently to its definition. That's what the article is about.

That's true. But if you can't prove that your hash function has the desirable properties you expect/hope for, then I think that is important to acknowledge.

No, those are separate issues. There might be philosophical value on acknowledging the impossibility to prove the correctness of the algorithm, but it has little or no practical value when you want to prove if your implementation of the algorithm is correct.

Your argument is like saying that because there is no way to guarantee your physical product's design is 100% defect free, there is no point to implement quality controls in the manufacturing floor.

MaidSafe (http://maidsafe.net) and Skylight (https://skylight.io) are both written in Rust, Maidsafe having recently moved to it from C++.

It's worth noting that KVM doesn't allow remapping the APIC base address at all: https://github.com/torvalds/linux/blob/49d7c6559bf2ab4f1d56b...

I don't think it would matter. KVM wouldn't move the real APIC -- it would just move the fake APIC it exposes to the guest. SMM doesn't run in guest mode, so SMM code wouldn't see the fake APIC.

(If KVM allowed moving the APIC, then you could use this to escalate privileges from guest kernel mode to /guest/ SMM, and KVM is adding guest SMM soon, but that's a much less interesting attack IMO.)

I haven't been back home (Amsterdam) for most of this year, but I find that surprising — I usually have trouble coming up with more than three ice cream parlours off the top of my head. Where's all this great ice cream I've been missing out on?

This article wasn't written by Steve Klabnik — merely "reprinted".

> Recently, it was brought up on Proggit that Chris Smith's "What to Know Before Debating Type Systems" was no longer online. This is a really great article, and in an effort to make sure it survives, I've grabbed the archive.org cache and am 'reprinting' it here. If you're into programming languages, read this and level up!