Programming Leftovers

posted by Roy Schestowitz on Nov 15, 2025

• The Register UK ☛ Crims flood npm with 150K+ junk packages to farm TEA tokens [Ed: Microsoft TCO (NPM)]

  These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance.

• Security Week ☛ Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign

  A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.

• Swift Programming Language ☛ Roadmap for improving the type checker

  In the past, we've released various "manifestos" and "roadmaps" to discuss planned improvements to the language. This post is also a roadmap of sorts, but instead, the focus is on the implementation rather than user-visible language changes (however, I will briefly mention a few potential language changes at the very end).

  Specifically, I'm going to talk about some work we are doing to improve expression type checking in the Swift compiler. This includes changes that have already shipped in Swift 6.2, changes that are on the main development branch, changes that we plan on working on next, and more tentative longer-term plans.

• Michael Tsai ☛ Roadmap for Improving the Swift Type Checker

  I’m glad to see that this is being taken seriously and that they’re also considering minor source-breaking changes that could produce big benefits.

• Kyle Kingsbury ☛ Op Color Plots

  A lot of my work involves staring at visualizations trying to get an intuitive feeling for what a system is doing. I’ve been working on a new visualization for Jepsen, a distributed systems testing library. This is something I’ve had in the back of my head for years but never quite got around to.

• Eric P Hanson ☛ Thoughts on being a package registry maintainer

  Julia is a modern programming language with a fairly large package ecosystem (currently ~10k packages) that provide all kinds of useful functionality to build on. Packages are registered in a global registry called General, which is installed by default by the package manager, allowing users to easily add and use registered packages.

• ACM ☛ Memory Safety for Skeptics

  Any of the following strategies are intended to maximize the benefit of memory safety while minimizing the cost of pursuing it. The specific choice of which approach is right is context dependent and should be made with consideration of the importance of the component, the current and new target language, the team involved, and the timetable.

• ACM ☛ Safe Coding

  This article introduces safe coding, a collection of software design patterns and practices that cost-effectively provides a high degree of assurance against entire classes of such vulnerabilities. The core idea is to shift responsibility for safety from the individual developer to the programming language, libraries, and frameworks. Safe coding achieves this by identifying risky operations—those with complex safety preconditions—and systematically eliminating their direct use in application code. Instead, risky operations must be encapsulated within safe abstractions: modules whose public APIs are safe to use by design and whose implementations take full responsibility for satisfying all internal safety preconditions.

• [Repeat] Andy Wingo ☛ the last couple years in v8's garbage collector

  Let’s talk about memory management! Following up on my article about 5 years of developments in V8’s garbage collector, today I’d like to bring that up to date with what went down in V8’s GC over the last couple years.

• [Old] Jeremy Williams ☛ Security Architects Need to be Wrong on the Internet

  There are no comprehensive experts in cybersecurity.

  Let me be clear about what I mean: cybersecurity encompasses somewhere between 10 and 30 distinct domains (depends who’s counting).

• Python

  • Paolo Melchiorre ☛ How to use UUIDv7 in Python, Django and PostgreSQL

    Learn how to use UUIDv7 today with stable releases of Python 3.14, Django 5.2 and PostgreSQL 18. A step by step guide showing how to generate UUIDv7 in Python, store them in Django models, use PostgreSQL native functions and build time ordered primary keys without writing SQL.

  • Linux.org ☛ Python Series Part 18: Working with Buttons in Tkinter

    Everyone who has used a computer or even a phone or tablet know what a button is in a Graphical User Interface (GUI). A button is a clickable object that causes something to happen or start processing.
    

    In this article, we can cover buttons on Tkinter. Keep in mind that if you have read the article on Labels, then most of this you should know since most options are the same for almost all widgets.

• Java/Golang

  • Alexandru Nedelcu ☛ Try-catch-finally in Java is Cursed

    Java has a usable interruption protocol, and that’s good. However, one problem with it is that it relies on InterruptedException, and it can be caught and ignored. Being a “checked exceptions”, many developers simply ignore it