Programming Leftovers

posted by Roy Schestowitz on Aug 21, 2024

• Simon Willison ☛ SQL injection-like attack on LLMs with special tokens

  LLMs generally reserve special token integer identifiers for these, which means that it should be possible to avoid this scenario by encoding the special token as that ID (for example 32001 for <|assistant|> in the Phi-3-mini-4k-instruct vocabulary) while that same sequence of characters in untrusted text is encoded as a longer sequence of smaller tokens.

• Phil Eaton ☛ What's the big deal about Deterministic Simulation Testing?

  But what if we could write our code in a way that we can isolate the chaotic aspects of our distributed system during testing: run multiple systems communicating with each other on a single thread and control all randomness in each system? And property test this single-threaded version of the distributed system with controlled randomness, all the while injecting faults (fancy term for unhappy path behavior like errors and latency) we might see in the real-world?

• Rlang ☛ grep() vs. grepl() in R

  Hey there, useR’s! Today, we’re going to talk about two super useful functions in R: grep() and grepl(). These functions might sound similar, but they have some key differences that are important to understand. Let’s break it down in a way that’s easy to grasp, even if you’re new to R programming.

• University of Toronto ☛ It's not simple to add function keyword arguments to Go

  I recently read An unordered list of things I miss in Go (via). One of those things is 'keyword and default arguments for functions', which in the article was not labeled as requiring a major revision to the language. In one sense this is true, but in another sense it's not, because adding keyword arguments to any compiled language raises ABI questions. This is especially the case in Go, which is generally supposed to be a low-overhead language in terms of how things are stored in memory and passed around in function calls (and Go went through an ABI change not too long ago to enable passing function arguments in registers instead of on the stack).

• [Old] Facundo Olano ☛ Code is run more than read

  There’s a lot of software being produced that just doesn’t care about its users, or that manipulates them, or that turns them into the product. And this isn’t limited to social media: as a user, I can’t even book a room, order food, or click on the Windows start button without popups trying to grab my attention; I can’t make a Google search without getting back a pile of garbage.

  There’s a mismatch between what we thought doing a good job was and what a significant part of the industry considers profitable, and I think that explains the increasing discomfort of many software professionals. And while we can’t just go back to ignoring the economic realities of our discipline, perhaps we should take a stronger ethical stand not to harm users. Acknowledging that the user may not always come before the business, but that the business shouldn’t unconditionally come first, either:

• Jon Udell ☛ Building a Steampipe Plugin — and Powerpipe Dashboards — for WordPress

  “Users of the WordPress API may enjoy the abstraction — and standardization — that a SQL interface provides. If you need to query multiple WordPress sites, Steampipe’s connection aggregator will be really handy.

• Qt ☛ Qt Quick Effect Maker: What's new in Qt 6.8

  Qt 6.8 Beta 3 was released last week, it is a good time to start talking about what's new in the Qt 6.8 release. This blog post introduces one of those things, the new effect nodes available in Qt Quick Effect Maker. Also included is an example application using all of these effects.

• Qt ☛ Qt Journey - Building Excellent User Experiences with Qt

  In this series, we share various career stories from people working with Qt. Today, I am interviewing Przemysław Nogaj, a Head of HMI at Spyrosoft.

• Chris ☛ The Vindication of Bubble Sort

• R

  • Rlang ☛ More on Adjusting Saturated Multivariate Linear Models

    Nina has more on Adjusting Saturated Multivariate Linear Models. Think of it as a statistics topic from an engineering and data scientist’s perspective.

  • Rlang ☛ A Day in the Life of a Delivery Manager

    Ever wondered what it really takes to keep complex tech projects on track? Who even is a Delivery Manager? Meet Aga Rasińska, one of our Delivery Managers at Appsilon, who does just that every day.

  • Rlang ☛ My Experience With Long Term Maintenance Of An R Package

    R packages, like any software, require maintenance.

  • Rlang ☛ Perturbing a non-symmetrical probability distribution by @ellis2013nz

    So I will fess up, I was one of the 34% of people who chose the first, incorrect answer on this quiz on Mastodon:

    Original Toot, and explanatory responses, is available here.

  • Dirk Eddelbuettel ☛ Dirk Eddelbuettel: RcppMagicEnum 0.0.1 on CRAN: New Package!

    Happy to announce a new package: RcppMagicEnum. It arrived on CRAN yesterday following the resumption of normal service following the CRAN summer break. RcppMagicEnum brings the magicenum library by Daniil Goncharov to R.

    Modern C++ is powerful, but still lacks reflection. This may change with C++26 but until then this library can help. A simple example, also shown on the README is as follows (and can be called from R via Rcpp::sourceCpp() if the RcppMagicEnum package is installed):

• Python

  • LWN ☛ uv 0.3.0 released

    Version 0.3.0 of the uv Python package and project manager has been released. Introduced in February, uv is written in Rust and aims to be "Cargo for Python". Notable changes in this release include the addition of interfaces for managing projects, installing Python, and running scripts, along with adding new documentation. See the accompanying blog post for more information.

• Shell/Bash/Zsh/Ksh

  • University of Toronto ☛ Some brief notes on 'numfmt' from GNU Coreutils

    Many years ago I learned about numfmt (also) from GNU Coreutils (see the comments on this entry and then this entry). An additional source of information is Pádraig Brady's numfmt - A number reformatting utility. Today I was faced with a situation where I wanted to compute and print multi-day, cumulative Amanda dump total sizes for filesystems in a readable way, and the range went from under a GByte to several TBytes, so I didn't want to just convert everything to TBytes (or GBytes) and be done with it. I was doing the summing up in awk and briefly considered doing this 'humanization' in awk (again, I've done it before) before I remembered numfmt and decided to give it a try.

• Standards/Consortia

  • Futurism ☛ There's a Problem With Rescuing the Stranded Astronauts: SpaceX and Boeing Spacesuits Aren't Compatible

    While NASA and Boeing maintain that Starliner is ready to take the two crew members down to the surface in the case of an emergency — despite the possibility of several thrusters malfunctioning — even alternative rideshare options could expose Williams and Wilmore to considerable risks.

    For one, Starliner's spacesuits aren't compatible with those used on board SpaceX's Crew Dragon spacecraft. That means if the pair were to return on board the SpaceX capsule currently docked to the station, which is one rescue plan under consideration by NASA, they'd be flying without wearing a suit, as NASA confirmed during a teleconference call last week — an unfortunate reality for the space agency that will likely factor into its upcoming decision.

  • APNIC ☛ The threat of deprecated BGP attributes

    The Software Engineering Institute (SEI) CERT Division collects BGP data, so we examined the last two years of data to find out what deprecated attributes are still announced. To do so, we used the list of deprecated attributes published by the Internet Assigned Numbers Authority (IANA).