Programming Leftovers

posted by Roy Schestowitz on Jan 31, 2024

• The Register UK ☛ Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released

  Scans from internet security data company Shadowserver indicate roughly 45,000 instances of the hugely popular CI/CD automation server are vulnerable to CVE-2024-23897, the critical flaw disclosed on January 24.

• Noel Rappin ☛ Better Know A Ruby Thing #3: Positional Arguments

  Sidebar about naming: a couple of the early reviewers of the Pickaxe book wanted us to be more precise, so in the book, the parts of a method call are called “parameters” when discussing the method definition, and “arguments” when discussing calling the method. That messed with my head trying to get it right. I think “arguments” is easier as the generic term for both, so that’s what I’ll be using here.

• Daniel Xu ☛ errno and libc

  A few weeks ago I wanted to confirm if errno was a libc abstraction or a kernel feature. The glibc docs are deliberately vague on the topic, so experimentation seemed like the best course.

• Adam Fortuna ☛ 30 Days From Learning to Launching a Swift App on Apple Vision Pro

  As part of my goal to make my 40s my best decade ever, I want to break out of this pattern and learn how to build apps using Swift. With the release of the Apple Vision Pro, I’m more excited about Swift development than I’ve ever been before.

• Phil Booth ☛ The art of good code review

  This post is an extension to a talk I gave recently at work. It was arranged at short notice and the audience were experienced engineers, so I kept it brief and tried not to be patronising. But the feedback afterwards was quite positive and there were some questions too, so here's the extended version for anyone interested. Note that our team conducts pre-merge reviews, and some of the suggestions are specific to that context. I actually prefer post-merge reviews, but am yet to persuade everyone I work with that they're better. Oh, and trigger warning: this post contains opinions.

• Rakulang ☛ Rakudo Weekly 2024.05 Brain NRG

  Hillel Wayne has written another widely shared blog post about their use of the Raku Programming Language: this time about the difficulty of (mentally) generating truly random numbers in An RNG that runs in your brain (/r/rakulang, HackerNews, programming.dev, lobste.rs comments).

• Peter Hutterer: New gitlab.freedesktop.org 🚯 emoji-based spamfighting abilities

  This is a follow-up from our Spam-label approach, but this time with MOAR EMOJIS because that's what the world is turning into. Since March 2023 projects could apply the "Spam" label on any new issue and have a magic bot come in and purge the user account plus all issues they've filed, see the earlier post for details. This works quite well and gives every project member the ability to quickly purge spam. Alas, pesky spammers are using other approaches to trick google into indexing their pork [1] (because at this point I think all this crap is just SEO spam anyway). Such as commenting on issues and merge requests. We can't apply labels to comments, so we found a way to work around that: emojis!

• Qt ☛ Qt Group's growing importance for AUTOSAR projects

  Qt produces a highly efficient and hardware-independent GUI framework both for microprocessors (MPUs) and microcontrollers (MCUs). In modern automotive products, both technologies are often used in parallel.

• Evan Hahn ☛ What's the best way to concatenate Uint8Arrays?

  This post is for people familiar with JavaScript’s Uint8Array.

  Sometimes, I want to combine multiple Uint8Arrays into one. Something like this: [..]

• Qt ☛ Infineon TRAVEO II & Qt for MCUs: The Strategic Edge

  Qt and Infineon recently announced their partnership to bring the world’s most advanced MCU graphics framework as a part of Infineon’s line of microcontrollers. The full range of Infineon’s graphics-enabled TRAVEO™ T2G microcontrollers is now readily available with Qt Quick Ultralite graphics runtime as a bundled offering and fully integrated with Qt's broader efficient development offering.

• Noel Rappin ☛ Better Know A Ruby Thing #3: Positional Arguments

  Ruby has three ways to pass information from a method call to a method definition: positional arguments, keyword arguments, and block arguments. Each of these ways has: [...]

• Barry Kauler ☛ woofV packages-templates redesigned

  Woof, right from the very early days, has a folder 'packages-templates', which, in a nutshell, has hacks to modify a package before and after installation. Back in the early days, the main reason for this mechanism was to reduce the size of packages. Another purpose was that packages could come from different distribution repositories, and might need some massaging -- for example some files kept in unexpected places.

  We are not so much concerned about size reduction these days; however, 'packages-templates' is still useful. The format of information in 'packages-templates' has remained the same in WoofQ as the very early Woofs. Same as Woof-CE "legacy" branch: [...]

• R

  • Rlang ☛ Using the ‘RowReorder’ extension in a Shiny app

  • Rlang ☛ Playing with webr

  • Rlang ☛ R For SEO Part 4: Functions

    R For SEO Part 4: Functions
    Welcome back to part four of my series on using R for SEO. We’re at the halfway point now and hopefully you’re starting to see the power that the R language can bring to your optimisation and analysis.

  • Rlang ☛ mirai Parallel Clusters

  • Rlang ☛ How to Extract Month from Date in R (With Examples)

    Greetings fellow R enthusiasts! Today, we’re diving into a fundamental task: extracting the month from a date in R. Whether you’re new to R or a seasoned pro, understanding how to manipulate dates is essential.

• Python

  • Python Speed ☛ Profiling your Numba code

    If you’re writing numeric Python code, Numba can be a great way to speed up your program. By compiling a subset of Python to machine code, Numba lets you write for loops and other constructs that would be too slow in normal Python. In other words, it’s similar to Cython, C, or Rust, in that it lets you write compiled extensions for Python.

    Numba code isn’t always as fast as it could be, however. This is where profiling is useful: it can find at least some of the bottlenecks in your code.

  • Ross Poulton ☛ Farewell, Djangosites: Time for something new to take it’s place.

    The good news is that there is a much better designed, actively maintained, broader resource that was built by Rasul Kireev: Built with Django has a great list of projects that the community can contribute to along with tutorials and other Django content.

  • Filippo Valsorda ☛ Post-quantum Cryptography for the Go Ecosystem

    The package amounts to ~500 lines of code, plus 200 lines of comments, and 650 lines of tests. It has no dependencies except for golang.org/x/crypto/sha3. It’s meant for upstreaming into the Go standard library (initially as an internal-only package used in an opt-in crypto/tls experiment) and was designed to provide high security assurance through ease of review, simplicity, and thorough testing.