news
Programming Leftovers
-
The New Stack ☛ Beyond the Hype: 4 Ways To Use AI for Cybersecurity Defenses
The security math doesn’t add up: While organizations take 258 days on average to identify breaches, AI-accelerated attacks operate in seconds. This isn’t just a speed gap; it’s a fundamental strategic disadvantage.
-
Scoop News Group ☛ Project Zero disclosure policy change puts vendors on early notice
Project Zero, Google’s squad of security researchers who find and study zero-day vulnerabilities, will now publicly share when it discovers a vulnerability within one week of reporting that defect to the vendor. Google said these reports will include the affected product and name of the vendor or open-source project responsible for the software or hardware, the date the report was filed and when the 90-day disclosure deadline expires.
-
The Record ☛ North Korean hackers target open-source repositories in new espionage campaign
Between January and July, cybersecurity firm Sonatype said it blocked 234 malicious packages uploaded to the widely used npm and PyPI code repositories and linked to the campaign. The packages, which impersonated legitimate developer tools, were designed to steal credentials, profile victims’ devices and plant backdoors. The researchers estimate the campaign may have impacted more than 36,000 developers.
-
Cyble Inc ☛ Critical CodeIgniter4 Vulnerability CVE-2025-54418
According to the official GitHub advisory, CVE-2025-54418 is a command injection vulnerability in CodeIgniter4’s ImageMagick handler, part of its image processing component. Applications that rely on ImageMagick for image manipulation, particularly through the resize() and text() methods, are at risk, especially if they accept user-controlled input such as filenames or text content.
-
Embarcadero Inc ☛ Coming in RAD Studio 13: A Conditional Ternary Operator for the Delphi Language
A ternary or conditional operator is an operator which behaves like an if statement, with a condition and two possible values. In many other programming languages, the ternary operator is indicated using the ?: syntax. In Delphi, we want to preserve as much as possible a familiar and Pascal-oriented syntax, so we decided to use the if symbol as an operator. In other words, if can now be used to indicate a statement or an operator, depending on the position in the source code.
This is an example of a simple assignment expression in two versions, the first based on a traditional if statement and the second on an if operator: [...]
-
Buttondown LLC ☛ 2000 words about arrays and tables
I'm way too discombobulated from getting next month's release of Logic for Programmers ready, so I'm pulling a idea from the slush pile. Basically I wanted to come up with a mental model of arrays as a concept that explained APL-style multidimensional arrays and tables but also why there weren't multitables.
-
Simon Josefsson ☛ Simon Josefsson: Independently Reproducible Git Bundles
The gnulib project publish a git bundle as a stable archival copy of the gnulib git repository once in a while.
Why? We don’t know exactly what this may be useful for, but I’m promoting for this to see if we can establish some good use-case.
A git bundle may help to establish provinence in case of an attack on the Savannah hosting platform that compromise the gnulib git repository.
-
Alley Chaggar: Challenges
Debugging and My Challenges
For the past two weeks, I’ve been debugging the json module. I hooked up the JSON module into the codebase hierarchy by modifying valagsignalmodule.vala to extend the JSON module, which, before extended the GObject module. Running the test case called json.vala, crashes the program.
-
Noel Rappin ☛ Programming Proverbs in 1975 and 2025
As developers, we tend to think that our best practices are universal laws that we’ve discovered and which get refined over time. That’s true to an extent, but I think we underrate the ways our environment and technology shape what a best practice even is or what the best way to use a developers time might be. Looking at the past can help us calibrate what is and is not part of our environment.
-
Education
-
The International Morse Preservation Society ☛ FISTS North America Home Page
What FISTS wants to accomplish.
1. To further the use of CW on the amateur bands.
2. To encourage newcomers to the CW mode.
3. To engender friendship within the membership. -
Rlang ☛ R Girls Open Event 2025
Forwards members Heather Turner and Ella Kaye were invited to attend the “Data Science for Girls” open event hosted by R-Girls at Green Oak Academy, Birmingham, UK on July 9 2025. They joined other guests from Ascent and Health Data Research UK to find out how students at this girls’ school have been using R.
-
-
Python
-
Miguel Grinberg ☛ Benchmarking MicroPython
My answer to the question was that microcontrollers cannot replace a computer, and that these devices are only useful for small, focused tasks that are not demanding in any way. But after returning from the conference I kept thinking about this question, which piqued my curiosity. So I decided to build a better mental image of the performance these little machines have.
In this blog post I want to share some results that compare Python code running on a few microcontroller boards that I have collected through my experiments with hardware, along with my laptop and a Raspberry Pi 4 to help put things into perspective.
-
-
R / R-Script
-
Jumping Rivers ☛ Animated Maps with {ggplot2} and {gganimate}
In this blog post, we are going to use data from the {gapminder} R package, along with global spatial boundaries from ‘opendatasoft’. We are going to plot the life expectancy of each country in the Americas and animate it to see the changes from 1957 to 2007.
The {gapminder} package we are using is from the Gapminder foundation, an independent educational non-profit fighting global misconceptions. The cover issues like global warming, plastic in the oceans and life satisfaction.
-
-
Golang
-
Filippo Valsorda ☛ Go Assembly Mutation Testing
For Go 1.26, I am working on introducing a mutation testing framework for assembly, which will effectively act as enhanced code coverage. This will not improve tests by itself, but it will let us see what assembly code and data paths are not covered by our test suite, so we can improve it.
-
-
Rust
-
Rust Weekly Updates ☛ This Week In Rust: This Week in Rust 610
Hello and welcome to another issue of This Week in Rust!
-
-
Standards/Consortia
-
Jeff Geerling ☛ Decoding Meshtastic with GNURadio on a Raspberry Pi
I've been playing with Meshtastic a lot, since learning about it at Open Sauce last year. I'm up to 5 little LoRa radios now, and I'm working on a couple nicer antenna placements, so I can hopefully help shore up some of the north-south connections on the MeshSTL map.
-