Programming Leftovers
-
Jussi Pakkanen ☛ Jussi Pakkanen: Meson's New Option Setup ‒ The Largest Refactoring
The problem
Meson has had togglable options from almost the very beginning. These split into two camps. The first one is "common options" like optimizations, warning level, language standard version and so on. The second one is "per project" options that are specific to each project, such as which backend to use. For a long time things were quite nice but as people started using subprojects more and more, the need to configure common options on a per-subproject basis became more and more important.
Meson added a limited way of setting some options per subproject, but it was never really felt like a proper integrated solution. Doing it properly turns out to have a lot of requirements because you want to be able to: [...]
-
Sandor Dargo ☛ What is std::ref?
Have you heard about std::ref and std::cref? The helper functions that generate objects of type std::reference_wrapper? The answer is probably yes. In that case, this article is probably not for you. But if you haven’t heard about them, or the only usage of std::reference_wrapper you faced was storing references in a vector, then probably it’s worth reading on.
-
Dan Slimmon ☛ The queueing shell game
When queues break down, they break down spectacularly. Buffer overruns! Out-of-memory crashes! Exponential latency spikes! It’s real ugly. And what’s worse, making the queue bigger never makes the problems go away. It always manages to fill up again.
If 4 of your last 5 incidents were caused by problems with a queue, then it’s natural to want to remove that queue from your architecture. But you can’t. Queues are not just architectural widgets that you can insert into your architecture wherever they’re needed. Queues are spontaneously occurring phenomena, just like a waterfall or a thunderstorm.
-
Karl Seguin ☛ Custom String Formatting and JSON [De]Serializing in Zig
In our last blog post, we saw how builtins like @hasDecl and functions like std.meta.hasMethod can be used to inspect a type to determine its capabilities. Zig's standard library makes use of these in a few place to allow developers to opt-into specific behavior. In particular, both std.fmt and std.json provide developers the ability to define functions that control how a type is formatted and JSON serialized/deserialized.
-
Trail of Bits ☛ “YOLO” is not a valid hash construction
The fact is, these problems are harder than they seem. For us, it can be frustrating to see home-rolled solutions over and over in the products clients bring us because the problems have already been solved. So let’s discuss a few of the YOLO constructions we frequently see, what’s wrong with them, and what to do instead.
-
Jon Seager ☛ Libations: Tailscale on the Rocks · Jon Seager
Some time ago, Tailscale released a Go library named tsnet. To quote the website:
"tsnet is a library that lets you embed Tailscale inside of a Go program"
In this case, the embedded Tailscale works slightly different to how tailscaled works (by default, anyway…). Rather than using the universal TUN/TAP driver in the Linux kernel, tsnet instead uses a userspace TCP/IP networking stack, which enables the process embedding it to make direct connections to other devices on your tailnet as if it were “just another machine”. This makes it easy to embed, and drops the requirement for the process to be privileged enough to access /dev/tun.
-
Ruben Schade ☛ The Dev Encyclopedia
I saw The Dev Encyclopedia making the rounds this morning:
Find out what that Sr. Developer is talking about.
Sounds like fun!
-
Adam Young: Working with the Booked schedule API
One benefit of working in a hardware company is that you actually have hardware. I have worked in software for a long time, and I have learned to appreciate when new servers are not such a scarce resource as to impact productivity. However, hardware in our group needs to be shared amongst a large group of developers, and constantly reserved, assigned, and reprovisioned. We use an install of the booked scheduler to reserve servers. As with many tools, I am most interested in using it in a scripted fashion. Booked comes with an Hey Hi (AI) Here’s some of the things I can do with it.
-
LWN ☛ Standards for use of unsafe Rust in the kernel
Rust is intended to let programmers write safer code. But compilers are not omniscient, and writing Rust code that interfaces with hardware (or that works with memory outside of Rust's lifetime paradigm) requires, at some point, the programmer's assurance that some operations are permissible. Benno Lossin suggested adding some more documentation to the Rust-for-Linux project clarifying the standards for commenting uses of unsafe in kernel code. There's general agreement that such standards are necessary, but less agreement on exactly when it is appropriate to use unsafe.
Lossin's proposed documentation starts by describing the purpose of the unsafe keyword in Rust: to explicitly signal when code relies on guarantees that are not checked by the compiler. Since programmers writing unsafe code are relying on properties that the compiler cannot help check, it is especially important to make sure that the properties are documented: both what they are, and why they hold.
-
Perl / Raku
-
Paul Chochrane ☛ Fixing a fifteen-year-old curve fit bug
The backwards compatibility of Perl software is wonderful. That’s why it’s all the more jarring when you find a package that doesn’t work. This is the story of a 15-year-old bug that I managed to track down and, fortunately, resolve.
-
-
Python
-
Juha-Matti Santala ☛ Serve local HTML and CSS files with http.server
In addition to importing functionality from standard library modules to your Python scripts, some modules can be run with python -m [module] (docs), providing nice command line tooling.
Today we look at one of those options, http.server.
-
Jeff Triplett ☛ 🐍 UV Updates and PEP 723: Simplifying Python Packaging and Scripting
The uv: Unified Python packaging update brings fresh air to the Python community, with several improvements streamlining the development process. One exciting addition is an early preview of PEP 723, also known as Single-file scripts.
-
James G ☛ Adventures building a spreadsheet engine in Python
Spreadsheets are a fascinating tool. With a spreadsheet, you can both store and structure data, and include formulas that run computations on the contents of a sheet. Every so often, I ask myself how a spreadsheet works. How do spreadsheets turn data and a list of formulas into a complete table of data? This week, I set out to build a spreadsheet engine in Python.
-
Juha-Matti Santala ☛ Keep track of happenings with logging
In software development, observability is the act of collecting data of software’s operations. One key part of it is logging and Python’s standard library’s logging module offers basic utilities to start logging.
-
Armin Ronacher ☛ Rye and uv: August is Harvest Season for Python Packaging | Armin Ronacher's Thoughts and Writings
If you are using Rye today, consider this blog post as a reminder that you should probably starting having a closer look at uv and give feedback to the Astral folks.
-
-
Shell/Bash/Zsh/Ksh
-
University of Toronto ☛ What a POSIX shell has to do with $PWD
It's reasonably well known about Unix people that '$PWD' is a shell variable with the name of the current working directory. Well, sort of, because sometimes $PWD isn't right or isn't even set (all of this is part of the broader subject of shells and the current directory). Until recently, I hadn't looked up what POSIX has to say about $PWD, and when I did I was surprised, partly because I didn't expect POSIX to say anything about it.
-
-
Java
-
William Liu ☛ Will's Root: corCTF 2021 ret2cds writeup: Escaping a Seccomp Sandbox via Class Data Sharing regions in OpenJDK
This year, my team hosted a very successful corCTF! Though we did make it much more difficult than expected, we still received overwhelmingly positive reviews. I thought it would be a good idea to make some writeups for the challenges I designed, which included ret2cds (pwn, 6 solves), vmquack (rev, 3 solves), and the series of kernel challenges designed by D3v17 and me (Fire of Salvation and Wall of Perdition); unfortunately, despite teams coming very close, the difficulty of other pwn tasks combined (firefox pwn, and two novel heap note challenges on glibc 2.32 and 2.34) caused there to be 0 solves in 48 hours. For this post, I will detail a brief writeup for the ret2cds challenge, in which one must abuse the OpenJDK Class Data Sharing region in the netcat process (rewritten in java to behave like a xinetd service or socat process) to escape the sandbox and pop a reverse shell.
-
-
R
-
Rlang ☛ Visualizing the Impact of U.S. Crude Oil Production Surge on Prices
U.S. Crude Oil Inventories increased more than expected, but this didn’t cause oil prices to decline amid FED rate cut expectations.
-
Rlang ☛ lapply vs. sapply in R: What’s the Difference?
In the world of R programming, understanding the difference between lapply() and sapply() can make your coding life much easier.
-
Rlang ☛ Building Bridges in Haifa, Israel: How the New R User Group in Haifa is Establishing a Diverse R Community
The R Consortium recently interviewed Eli Eydlin, a dedicated member of the R community who has been instrumental in establishing an R User Group in Haifa, Israel.
-
Rlang ☛ Join DataCamp for a Month of Free Data & Hey Hi (AI) Literacy Events
Throughout September, DataCamp has brought together a selection of the world’s data and Hey Hi (AI) experts for a month of events, podcasts, articles, and more—all focused on driving data and Hey Hi (AI) literacy for individuals and businesses.
-