Free Software and Programming Leftovers

posted by Roy Schestowitz on Oct 01, 2022

• OpenSSH 9.1 is almost ready for release. Please help testing!

  An important message from Damien Miller (djm@) turned up on mailing lists and elsewhere, saying, [...]

• Responsible Disclosure Policies

  Thus one of the results of the incident is the "irresponsible disclosure" of the set of vulnerabilities Uber knows about and, presumably, would eventually have fixed. "Responsible disclousure" policies have made significant improvements to overall cybersecurity in recent years but developing and deploying fixes takes time. For responsible disclosure to be effective the vulnerabilities must be kept secret while this happens.

• 9 Puzzles to Convince You You Don't Understand Dependence

  If you’re a programmer, you probably have. If you’ve been doing this for a while, there’s a good chance you’ve gotten into a disagreement about whether you’ve successfully done so. Dependence is one of those words where everyone thinks they know what it means (Clean Code uses the word over 100 times without defining it). But as easy as it is to speak broadly about limiting dependencies, uncertainty about what it means leads into uncertainty in actual jobs.

  By the end of this post, you will learn an objective definition of dependence for software engineering. This definition encompasses all places where engineers talk about dependence, from package management to performance engineering and even usability, and it’s sufficiently rigorous to be mechanically checkable.

• Autumn Golang Diary

  I’ve posted here about my experiences with Go since 2013 and I guess it’s too late to stop now. This one is truly miscellaneous, just a bunch of things that built up in “should write about this” notes to myself while working on Quamina.

• Python virtual environments can usually or often be moved around

  On the one hand, it's convenient that this works in general, and that there's nothing in the general design of virtual environments that blocks it. On the other hand, it's clear that you can have various corner cases (as shown with pipx and Django), so it's probably best to create your venvs in their final location if you can. If you do have to move venvs (for example they have to be built in one directory and deployed under another), you probably want to test the result and scan for things with the absolute path burned into them.

• How do confidence intervals work?

  How do confidence intervals work?, In statistics, we’re frequently interested in calculating population parameters—numbers that capture some aspect of a population as a whole.

• Paper Review: Architecture of a Database System

  This is as massive paper: 119 pages. What surprised me is how approachable it is. I have relatively little background building database systems and more experience using them. Despite this, the paper was readable and I was able to take away quite a bit from it, which I've already put into practice in my redis-compatible KV store that I'm building to learn about database systems.

• Sketchy Job Interviews

  Connor Tumbleson recently shared Someone is pretending to be me where at another company, he caught a group of people impersonating him to hire someone in his name. A follow-up post came on orange site, (Ask HN: Have you experienced "hiring fraud?") and I'd like to share my experience too.

• A unified package for the Interoperability Assessment Tools is now available!

  Interoperability Assessment Tools (IATs) are comprehensive solutions that are implemented in the EU Survey.

  This set of tools delivers insights into two directions:

  They measure the current interoperability maturity of a digital public service based on a set of defined interoperability attributes and maturity stages;

  They suggest how the digital public service can improve its interoperability maturity.