Programming Leftovers

posted by Roy Schestowitz on Aug 26, 2023

• Revitalizing stalled open source projects

  This post is a response to this very common refrain. It provides strategies for contributing to an open source project whose development has stalled by triaging pull requests and issues.

  I'm writing this post as someone who has been on both sides of this over the last ~20 years of contributing to, and maintaining, open source software projects. I've encountered stalled projects and helped revitalize them, and -- as the long-time maintainer of a popular project -- I've benefited from others injecting energy into a project.

• [Old] On Pair Programming

  Many people who work in software development today have heard of the practice of pair programming, yet it still only has patchy adoption in the industry. One reason for its varying acceptance is that its benefits are not immediately obvious, it pays off more in the medium- and long-term. And it's also not as simple as "two people working at a single computer", so many dismiss it quickly when it feels uncomfortable. However, in our experience, pair programming is vital for collaborative teamwork and high quality software.

• rOpenSci News Digest, August 2023

  You can read this post on our blog. Now let’s dive into the activity at and around rOpenSci!

• Bash shell expansion inside double quotes

  In the context of this month's SAP Developer Challenge on APIs, some participants working through today's task have tripped up on a Bash feature, a feature which is one of a family of features relating to "expansion" of information. In this short post I dig into what that feature is, and how to ensure you don't trip yourseves up with it.

• Python vulnerability disclosure end-to-end

  The advisory for CVE-2023-40217 was published this week which affects Python versions before 3.11.5, 3.10.13, 3.9.18, and 3.8.18. This was my first end-to-end vulnerability disclosure for Python which included handling of embargoed info (ie non-public), a coordinated release of fixed Python versions, and publishing of the advisory to the security-announce@python.org mailing list and to the PSF Advisory Database.

  Now that I've experienced the flow from end-to-end and I can start to think about where there is potential for improvement and what items need to be on our "checklist" to reduce stress and guesswork from remediation developers, release managers, and coordinators. This process is pretty opaque (for obvious reasons) so I also wanted to share the experience with everyone to know what's happening in the background to keep Python users safe.

• Meta lets Code Llama run riot under almost-open terms

  Users however are directed to address Code Llama in English as the model hasn't been put through safety testing in other languages and might just say something awful if queried in an out-of-scope language.