Programming Leftovers

posted by Roy Schestowitz on Nov 22, 2024

• Security Week ☛ MITRE Updates List of 25 Most Dangerous Software Vulnerabilities

  Cross-site scripting (XSS) vulnerabilities are at the top of this year’s CWE Top 25 list, up from the second position last year, with out-of-bounds write flaws dropping to the second place.

  While SQL injection bugs have remained on the third position, cross-site request forgery (CSRF), path traversal, and out-of-bounds read defects went up by five, three, and one place, respectively, displacing OS command injection and use-after-free issues.

• Karl Seguin ☛ One method declaration; two Zig annoyances

  In the following code, we create a Post structure with a skeleton format method. Despite being pretty comfortable with Zig, I could stare at this code for hours and not realize that it has two issues.

• PHP: PHP 8.4[.1] Release Announcement

• LWN ☛ PHP 8.4.1 released

  Version

  8.4.1 of the PHP language has been released. See this page for details on

  the new features in this release. "PHP 8.4 is a major update of the PHP

  language. It contains many new features, such as property hooks,

  asymmetric visibility, an updated DOM Hey Hi (AI) performance improvements, bug

  fixes, and general cleanup."

• Python

  • The New Stack ☛ How To Convert a Timestamp to a String in Python

    Timestamps are incredibly useful in programming. Instead of having to hard-code dates, you can instead opt to go with timestamps

  • TecMint ☛ 10 Best Python Libraries Every Data Analyst Should Learn

    Whether you’re just starting as a data analyst or are looking to expand your toolkit, knowing the right Python libraries can significantly enhance your productivity in Python.

  • Didier Stevens ☛ Interfacing With A Cheap Geiger Counter | Didier Stevens

    This picture was taken on an airplane: you have more radiation (cosmic rays) at high altitude.

    I figured out how to interface with this counter in Python to log real time data: [...]

  • Raspberry Pi ☛ Using Python with virtual environments | The MagPi #148

    Raspberry Pi OS comes with Python 3 pre-installed. Interfering with the system Python installation can cause problems for your operating system. When you install third-party Python libraries, always use the correct package-management tools.

    On Linux, you can install python dependencies in two ways: [...]

• Shell/Bash/Zsh/Ksh

  • William Woodruff ☛ TIL: Some surprising code execution sources in bash

    I ran across two surprising sources of code execution in bash (and probably other shells) recently.

    In a historic context these probably weren't too serious of a problem, but in the context of CI systems where everything is a rats' nest of shell and YAML they could be useful execution primitives.