> it's basically not possible to run any kind of outbound VPN connection (even to private servers) from inside of China anymore.

Really? Because the paper you linked says they don't block any TLS connections so you can just run a VPN over TLS:

> TLS connections start with a TLS Client Hello message, and the first three bytes of this message cause the GFW to exempt the connection from blocking.

> every language is flawed

But not equally flawed.

https://www.lesswrong.com/posts/dLJv2CoRCgeC2mPgj/the-fallac...

> A language alone doesn't dictate reliability.

Nobody would claim that. But are you trying to say that the language has no effect on reliability? Because that's obviously nonsense.

Language choice has some effect on reliability, and I would say Python's effect is mediocre-to-bad. Depending on if you use Pyright. Not too bad if you do. Pretty awful if you don't.

I think one of the most useful places for async is embedded - Embassy is amazing & you can't use GC there. Rust async almost seems like it was designed more for that than for the high level web stuff that lots of people use it for.

They definitely could have made it more ergonomic though. Pin is super confusing and there are a disappointing number of footguns, e.g. it's very easy to mess up loop/select and that's super common.

Yeah I guess it probably helps you specifically, because most malware is going to do the lazy thing and use install scripts. But it doesn't help everyone in general because if e.g. NPM disabled those scripts entirely (or made them opt-in) then the malware authors would just put their malware into the `npm run` as you say.