news
Programming Leftovers
-
The Register UK ☛ Broken access control still tops list of app sec top 10
The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.
-
Max Bernstein ☛ A catalog of side effects
Optimizing compilers like to keep track of each IR instruction’s effects. An instruction’s effects vary wildly from having no effects at all, to writing a specific variable, to completely unknown (writing all state).
This post can be thought of as a continuation of What I talk about when I talk about IRs, specifically the section talking about asking the right questions. When we talk about effects, we should ask the right questions: not what opcode is this? but instead what effects does this opcode have?
Different compilers represent and track these effects differently. I’ve been thinking about how to represent these effects all year, so I have been doing some reading. In this post I will give some summaries of the landscape of approaches. Please feel free to suggest more.
-
Andy Bell ☛ Programming principles for self taught front-end developers
Like many front-end developers, I don’t have a formal computer science background. I rolled into this discipline as a designer wanting more control over the end product and though I did get a bachelors of ICT degree, the actual studies were, ahem, quite light in terms of “fundamental computer science”. This means all I know about capital-s Software Development, I learned as I went from various sources. If that’s you too, this article hopefully saves you a few years.
-
Chris ☛ Advent of Code on the Z-machine
Fantasy consoles like the Pico-8 are a great idea. A fantasy console provides a standardised and portable environment in which developers can explore ideas within creative constraints. The Z-machine, developed by Infocom in 1979, is the earliest fantasy console I know, although this is probably the first time it’s been called that.
-
[Old] Mike Belousov ☛ How I learned to love Zig's diagnostic pattern | Mike Belousov's Website
So I tried to roll my own error union. Zig has tagged unions (like enums in Rust) after all, how hard could it be?
TL;DR: I now see the wisdom in zig's alternative to error union payloads, the diagnostic pattern.
-
Rlang ☛ Rainfall
-
Rlang ☛ Little useless-useful R functions – Finding substrings in number Pi
They say that number Pi holds all infinite possibilities, all the words, all the combinations. Well, easier said to be done. So let’s put this to a test. This is my translational table.
-
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: duckdb-mlpack 0.0.4: Added random forest and logistic regression
A new release of the budding duckdb extension for mlpack, the C++ header-only library for machine learning, was merged into the duckdb community extensions repo today, and has been updated at its duckdb ‘mlpack’ extension page.
-
Python
-
Rlang ☛ Python package development for R developers (episode 2 !)
In a previous article, I shared my experience as an R developer diving into Python package development!
I had noted several aspects that felt less smooth than in R, or even completely missing!
Thanks to feedback from the community, I’ve been able to identify some tools that can help address the frustrations I encountered initially!
-
Ned Batchelder ☛ Three releases, one new organization
To measure your code, coverage.py needs to know what code got executed. To know that, it collects execution events from the Python interpreter. CPython now has two mechanisms for this: trace functions and sys.monitoring. Coverage.py has two implementations of a trace function (in C and in Python), and an implementation of a sys.monitoring listener. These three components are the measurement cores, known as “ctrace”, “pytrace”, and “sysmon”.
-