Programming Leftovers
-
Mat Duggan ☛ Help Everyone Do Better Security
I could write 20,000 words on this topic and still not be at the end. The word miserable barely does justice to how badly this stuff is designed for people to use. Complexity is an unavoidable side effect of flexibility in software. If your thing can do many things, it is harder to use.
We rely on expertise as a species to assist us with areas outside of our normal functions. I don't know anything about medicine, I go to a doctor. I have no idea how one drives a semi truck or flies a plane or digs a mine. Our ability to let people specialize is a key component to our ability to advance. So it is not reasonable to say "if you do anything with security at all you must become an expert in security".
-
Matt Rickard ☛ When A/B Testing Doesn't Work
In technical products, there’s a tendency to lean towards A/B tests. To run simultaneous changes across different slices of your user base and to measure the outcome.
A/B tests can be extremely useful in some cases — if you’re at Google or Meta scale or if you’re doing something like performance marketing. But in the vast majority of cases, it’s more pain than it’s worth — and might even be detrimental.
-
Undeadly ☛ Disruptive amd64 snapshot coming
Of course, on non-critical amd64 systems running snapshots, this is a good opportunity to test (and report any problems).
-
Python
-
Seth Michael Larson ☛ Patching the libwebp vulnerability across the Python ecosystem
Vulnerabilities in extremely prolific software components like CVE-2023-4863 affecting libwebp have shown the far-reaching effects that vulnerabilities in bundled open source software can have. libwebp was bundled along with an uncountable number of software installations from iOS, all browsers, all Electron apps, and more.
Python's ecosystem of packages is no different, many projects relied on libwebp for processing images and due to the simple nature of the vulnerability it is likely that many usages of those libraries were also unsafe. In order to learn about mobilizing an entire upstream open source software ecosystem to patch, I set out to do just that for libwebp and documented the experience.
-
-
Java
-
Frank Delporte ☛ JavaFX Links of October 2023
Thanks to the Devoxx conference, there are many hours you can spend on JavaFX-related videos! But as every month, there is a lot more to read and learn about JavaFX… Have fun with this overview of the “JavaFX LinksOfTheWeek” that got published on jfx-central.com during October.
-