Programming Leftovers

posted by Roy Schestowitz on Oct 08, 2025

• Farid Zakaria ☛ Fuzzing for fun and profit

  I watched recently a keynote by Will Wilson on fuzzing – Fuzzing’25 Keynote. The talk is excellent, and one main highlight is the fact we have at our disposal is the capability to “fuzz” our software toaday and yet we do not.

• Dayvi Schuster ☛ Accidentally Made a Zig dotenv Parser

  Recently I’ve made a Zig based CLI argument parser called argh I’ve even written myself a roadmap I’d like to follow with this project. And so far I have been following it pretty well. However last week I began working on the next item on my roadmap which was to add support for environment variables to the arg parser, where you could set an environment variable to set the value of a flag.

• NVISO Labs ☛ Detection Engineering: Automate Detection Monitoring

  Maintenance is often one of the most overlooked aspects of detection engineering [1]. It is not uncommon to see deployed detections generating thousands of alerts, many of which have never been reviewed or had allow lists applied. Additionally, SIEMs and EDRs often fall short in providing effective out of the box features for this phase of the Detection Development Life Cycle (DDLC) that we went through in Part 1. They typically offer minimal functionality or no tools to support the monitoring and tuning of rules, leaving detection engineers with the tedious task of manually ensuring that detections remain effective and up-to-date.

  In previous parts of this series, we focused on methods and automations designed to ensure quality and consistency within our repository. These efforts have largely focused on validations that manage rules prior to their deployment in the target platform. In this part, we are going to introduce automation to effectively monitor our deployed detections. By setting up automations at this phase we adopt a proactive approach towards maintenance, allowing our team to take action before a blowout of alerts or an untuned detection is escalated by the SOC or the customer.

• Philip Zucker ☛ Toy Binary Decision Diagrams | Hey There Buddo!

  Binary decision diagrams https://en.wikipedia.org/wiki/Binary_decision_diagram are a data structure for storing boolean functions, spiritually something like [Bool] -> Bool. You can tabulate such a thing, but there is a lot of shared substructure. I like to think of binary decision diagrams as a normal form of if-then-else expressions that have been hash consed into a dag. You can then check for equality of the functions as pointer equality.

• Terence Eden ☛ How to *actually* test your readme

  As a developer, you probably don't want to answer dozens of tickets complaining that users are frustrated with your work. You thought you made the README really clear and - hey! - it works on your machine.

  There are various solutions to this problem - developers can release AppImages, or Snaps, or FlatPaks, or Docker or whatever. But that's a bit of stretch for a solo dev who is slinging out a little tool that they coded in their spare time. And, even those don't always work as seamlessly as you'd hope.

  There's an easier solution: [...]

• Chris ☛ Non-Obvious Haskell Idiom: ViewPattern Argument Transform

  Today we’ll look at how to transform an argument before naming it. The basic shape of this pattern is to first enable the ViewPatterns extension, and then we can write

• Vidit Bhargava ☛ Fake Apps: How to prototype your way through a major redesign

  So I did what every prototyper does with big projects. Break them down into small, manageable chunks and make fake apps! Like every good prototype, the only thing real about them was the feature I was testing, everything else was scaffolding to aid the testing of the design.

• R / R-Script

  • Rlang ☛ Plotting Distributions in R

    When working with distributions in R, each distribution has four functions, namely: [...]

• Shell/Bash/Zsh/Ksh

  • David Mead ☛ Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

    Control characters were disallowed in the hostname, but not the username. I first noticed this made it possible to spoof the password prompt: [...]