Programming Leftovers

posted by Roy Schestowitz on Jan 11, 2023

• The Rust Programming Language Blog: Announcing Rust 1.66.1

  The Rust team has published a new point release of Rust, 1.66.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.

  [...]

  Rust 1.66.1 fixes Cargo not verifying SSH host keys when cloning dependencies or registry indexes with SSH. This security vulnerability is tracked as CVE-2022-46176, and you can find more details in the advisory.

• In Python, zero is zero regardless of the number type

  Before I actually tried it, I expect the dict to start out with either two or three entries and end up with one or two, given that boolean True and False are actually ints with False being the same as zero. In fact the dict starts out with one entry and ends up with none, because in Python all three of these zeros are equal to each other: [...]

• 5 new advanced features improving C# 11 [Ed: Tom Deseyn continues to work for Microsoft on a Red Hat salary. Insane self-harming behaviour. Also compare to 'secure' boot.]

• My Git settings for carrying local changes on top of upstream development

  For years now I've been handling my local changes to upstream projects by committing them and rebasing on (Git) pulls, and it's been a positive experience. However, over the years the exact Git configuration settings I wanted to make this work smoothly have changed (due to things such as Git 2.34's change in fast-forward pull settings), and I've never written down all of the settings in one place. Since I recently switched to Git for a big repository where I carry local changes, this is a good time to write them down for my future reference.

• Verifiable Software Development Estimations

  I have long wanted to write this article but I never knew how to structure it. I still don’t, but I’ll give it a shot anyway. Like in the past few articles, there’s some probability theory underlying this article, but I will gloss over it entirely to make it approachable for practically-minded people.

• In Defense of Testing Mocks

  It’s over a year late, I know, but the 2021 Newsletter collection is now available to purchase as a PDF. 70,000 words, 250 pages, 20 bucks. Unlike last year, there’s no private subscriber-only emails, so this is purely for people who want to read it on the go / give me money. I might add a postmortem review or an introduction piece if there’s enough interest.

  I also wrote a bunch of automation so later editions get out a lot faster, I’ll try to get around to the 2022 edition by the end of the month.

• Compiled and Interpreted Languages: Two Ways of Saying Tomato

  What we might think to be a settled truth often isn't. I was reminded of this recently after I publicly stated that there is no such thing as a compiled or an interpreted programming language: many people have made clear to me that they believe strongly that languages clearly fall into one of these two categories. Indeed, a simple web search suggests that the vast majority of pages describing compiled and interpreted languages propose a crisp delineation between the two.

  I certainly sympathise with the temptation to classify languages in this way, because most programming languages are commonly implemented using one technique or the other. However, experience has taught me that it's important not to conflate the most common implementation choice with inherent properties of a language.

  In this post I'm therefore going to show, using a series of programming language implementations, why languages shouldn't be classified as compiled or interpreted. Before I do that, I need to start by clarifying the difference between a programming language specification and an implementation of that specification.

• Another prolific year of open-source contributions

  This time last year, we wrote about the more than 190 Trail of Bits-authored pull requests that were merged into non-Trail of Bits repositories in 2021. In 2022, we continued that trend by having more than 400 pull requests merged into non-Trail of Bits repositories!

  Why is this significant? While we take great pride in the tools that we develop, we recognize that we benefit from tools maintained outside of Trail of Bits. When one of those tools doesn’t work as we expect, we try to fix it. When a tool doesn’t fill the need we think it was meant to, we try to improve it. In short, we try to give back to the community that gives so much to us.

• Why Fortran is a scientific powerhouse

  People often are surprised to find out how prevalent Fortran is in the real world. For instance many climate models were originally written, and continue to be maintained in Fortran (languages like Julia are attempting to unseat it, but I think Julia would be a better language if it had an ISO standard associated with it).

  One of the reasons Fortran still works is longevity. It’s much easier to build on something that was originally developed in Fortran (which is backwards compatible), rather than starting from scratch. People always make is seem so easy, but many a re-engineering project has come unstuck because of a failure to understand how the original software worked. Fortran is also exceptionally good at doing math, and climate models are nothing if not all about crunching data and doing math.