news
Programming Leftovers
-
Filippo Valsorda ☛ Cross-Site Request Forgery
Unlike Cross-Origin Resource Sharing (CORS), which is about sharing responses across origins, CSRF is about accepting state-changing requests, even if the attacker will not see the response. Defending against leaks is significantly more complex and nuanced, especially in the age of Spectre.
-
Andrew Healey ☛ Counting Words at SIMD Speed
I've written some progressively faster word counting programs. First, we'll start with Python, and then we'll drop down to C, and finally, we'll use single instruction, multiple data (SIMD) programming to go as fast as possible.
The task is to count the words in an ASCII text file. For example, Hello there! contains 2 words, and my 1 GiB benchmark text file contains 65 million words.
-
Perl / Raku
-
Perl ☛ Eertree: Palindromic Tree
My implementation passed all the test cases from the Challenge, but I was able to find counter examples (e.g. the string “xabcxc”) for which the implementation didn’t work correctly. I clearly had no idea what “continue traversing” meant, even though I had implemented the traversing up to the moment correctly.
-
-
Golang
-
Linuxiac ☛ Go 1.25 Released with Experimental Garbage Collector and New JSON API
One of the most striking additions is the new experimental garbage collector, designed to improve performance when handling small objects, potentially cutting GC overhead by 10–40% in real-world workloads.
-
Ted Unangst ☛ what is the go proxy even doing?
The go module proxy caches requests from users, so everyone has a consistent and reliable experience regardless of upstream host. But what if the go proxy is contributing to the instability of the upstream host? There have been other complaints about the go proxy, that’s just the way it works, but I collected a few minutes of logs to examine that may be interesting.
-