Programming Leftovers

posted by Roy Schestowitz on Aug 28, 2025

• Tony Finch ☛ strongly typed?

  What does it mean when someone writes that a programming language is “strongly typed”?

  I’ve known for many years that “strongly typed” is a poorly-defined term. Recently I was prompted on Lobsters to explain why it’s hard to understand what someone means when they use the phrase.

  I came up with more than five meanings!

• Seth Michael Larson ☛ The vulnerability might be in the proof-of-concept

  I'm on the security team for multiple open source projects with ~medium levels of report volume. Over the years, you see patterns in how reporters try to have a report accepted as a vulnerability in the project.

  One pattern that I see frequently is submitting proof-of-concept code that itself contains the vulnerability. However, the project code is also used, so the reporters try to convince you that the vulnerability is in the project code.

• Alex Ewerlöf ☛ SLI Evolution Stages

  Over the past few years, I’ve gone through hundreds of architecture diagrams and system topologies to help teams answer a simple question: [...]

• [Repeat] Security Week ☛ Organizations Warned of Exploited Git Vulnerability

  The issue exists because, when reading configuration values, Git strips trailing carriage return (CR) characters and does not quote them when writing.

• Sergio Visinoni ☛ Deploying from your IDE is a bug, not a feature

  Decades of experience and smart people putting their brains on the topic, the industry at large moved away from such reckless and unsafe practices, towards more reliable and repeatable deployment mechanisms. One could argue that the whole premise of DevOps was to build safe, reliable, and cheap ways for software engineers to ship their code to final users.

  I'm afraid we're now witnessing a potentially massive regression phase, one in which decades of experience and practice are being sacrificed on the altar of convenience and doped product growth metrics.

• Sean Goedecke ☛ Finding the low-hanging fruit in tech companies

  The huge benefit of this approach is that you can just see which operations are taking the most time. When you can generate a flamegraph, low-hanging-fruit optimization becomes almost a mechanical process: take the longest span that originates from your own code (i.e. not from libraries or frameworks), see how much quicker you can make it, then move to the next longest span and repeat.

• [Repeat] Jussi Pakkanen ☛ Reimplementing argparse in Pystd

  One of the pieces of the Python standard library I tend to use the most is argparse. It is really convenient so I chose to implement that in Pystd. The conversion was fairly simple, with one exception. As C++ is not duck typed, adapting the behaviour to be strictly typed while still feeling "the same" took some thinking. Parsing command line options is also quite complicated and filled with weird edge cases. For example, if you have short options -a and -b, then according to some command line parsers (but not others) an argument of -ab is valid (but only sometimes).

  I chose to ignore all the hard bits and instead focus on the core parts that I use most of the time, meaning: [...]

• Rlang ☛ Exploring Open Science, R Packages, and Research Software Development at the CSIDNet AGM 2025

• Rlang ☛ Send Me Your Questions and Ideas

  I’m always looking for ways to make this blog more useful for the R, Shiny, and C++ community.
  

• Rlang ☛ July 2025 Top 40 New CRAN Packages

  ciflyr v0.1.1: Provides a framework for specifying flexible linear-time reachability-based algorithms for graphical causal inference.

• Rlang ☛ Capybara v1.8.0 is now available on CRAN

  Because of delays with my scholarship payment, if this post is useful to you I kindly ask a minimal donation on Buy Me a Coffee. It shall be used to continue my Open Source efforts.

• Shell/Bash/Zsh/Ksh

  • University of Toronto ☛ The Bash Readline bindings and settings that I want

    Normally I use Bash (and Readline in general) in my own environment, where I have a standard .inputrc set up to configure things to my liking (although it turns out that one particular setting doesn't work now (and may never have), and I didn't notice). However, sometimes I wind up using Bash in foreign environments, for example if I'm su'd to root at the moment, and when that happens the differences can be things that I get annoyed by. I spent a bit of today running into this again and being irritated enough that this time I figured out how to fix it on the fly.

• Qt

  • Qt ☛ Qt for MCUs 2.8.3 released

    Qt for MCUs 2.8.3 LTS (Long Term Support) has been released and is available for download.  This patch release provides bug fixes and other improvements while maintaining source compatibility with Qt for MCUs 2.8 (see Qt for MCUs 2.8 LTS released). This release does not add any new functionality.

  • Qt ☛ Qt for MOSA: FACE Conformant Qt for Aerospace and Defense Software

  • Qt ☛ Qt 6.9.2 Released

    We are excited to announce the release of Qt 6.9.2!  As a patch release, Qt 6.9.2 does not introduce new features but delivers over 550 bug fixes, security updates, and enhancements on top of the Qt 6.9.1 release.  For a detailed breakdown of the most significant changes, refer to the  Qt 6.9.2 release notes.

  • Qt ☛ Qt Creator 17.0.1 released

    We are happy to announce the release of Qt Creator 17.0.1!

• Rust

  • Rust Weekly Updates ☛ This Week In Rust: This Week in Rust 614

    Hello and welcome to another issue of This Week in Rust!