news
Programming Leftovers
-
Miguel Grinberg ☛ How to Securely Store Secrets in Environment Variables
You may have seen the recent reports of a malware that stole API keys, tokens and other secrets from a large number of developers. Where were these secrets stolen from? You guessed it, they were mostly stolen from environment variables.
We use environment variables to configure information that processes need to run, but this type of storage was not designed for security, so using the environment for secrets always comes with risk. Given how serious this recent attack was, I thought it would be good to write a short article describing how I manage my secrets as part of my open source work.
-
MaskRay ☛ Weak AVL Tree
The 2014 paper Rank-Balanced Trees (Haeupler, Sen, Tarjan) presents a framework using ranks and rank differences to define binary search trees.
-
University of Toronto ☛ String formatting with named format arguments and format flexibility
Suppose, not entirely hypothetically, that you have a tool that prints out records (one per line) and each record has a bunch of information associated with it, which you print out in columns. You'd like to provide a way for people to control which columns of information are printed for the records. If there's only a few options, maybe you can do this with a few different format strings using the traditional "%s %s %s" approach of positional formatting (because you're old fashioned and haven't really updated to the modern world of string formatting), but this doesn't really scale up very well; you rapidly get into a massive explosion of options and formatting.
-
JYN ☛ what is a build system, anyway?
At a high level, build systems are tools or libraries that provide a way to define and execute a series of transformations from input data to output data that are memoized by caching them in an object store.
Transformations are called steps or rules 1 and define how to execute a task that generates zero or more outputs from zero or more inputs. A rule is usually the unit of caching; i.e. the cache points are the outputs of a rule, and cache invalidations must happen on the inputs of a rule. Rules can have dependencies on previous outputs, forming a directed graph called a dependency graph. Dependencies that form a cyclic graph are called circular dependencies and are usually banned.2
Outputs that are only used by other rules, but not “interesting” to the end-user, are called intermediate outputs.
-
Hackers' Pub ☛ Stop writing CLI validation. Parse it right the first time.
There's this blog post that completely changed how I think about parsing. It's called Parse, don't validate by Alexis King. The gist? Don't parse data into a loose type and then check if it's valid. Parse it directly into a type that can only be valid.
-
R / R-Script
-
Rlang ☛ Elephant(s) in the room: Graph neural networks, embeddings, and foundation models in spatial data science
Graph Neural Networks (GNNs) are a deep learning architecture that represents spatial data as graphs: nodes are spatial units (pixels, regions, locations) and edges are relationships (proximity, similarity, connectivity). Nodes aggregate information from neighbors through message passing, similar to spatial lag models. Common types include Graph Convolutional Networks (GCNs), Graph Attention Networks (GATs), GraphSAGE, and Graph Isomorphism Networks (GINs).
-
-
Python
-
Simon Willison ☛ JustHTML is a fascinating example of vibe engineering in action
I recently came across JustHTML, a new Python library for parsing HTML released by Emil Stenström. It’s a very interesting piece of software, both as a useful library and as a case study in sophisticated AI-assisted programming.
-
HowTo Geek ☛ PyCharm 2025.3 update adds faster Python project management, free Jupyter support, and more
Just like with IntelliJ IDEA, JetBrains is ditching the separate downloads for the Community Edition and Pro version of PyCharm. There's now a single unified PyCharm IDE that you only need to download once, and if you have a valid Pro license, it will unlock the Pro features in that unified application. As part of this migration, the free PyCharm now supports Jupyter notebooks, but is otherwise mostly the same experience.
Moving onto new features, PyCharm 2025.3 will use uv as the default environment manager for all new projects by default, as long as it's installed on your system. The uv utility is a popular replacement for the pip package manager, pyenv, virtualenv, and other core Python tools written in Rust. It's 10-100x faster for package operations than pip, so it might be worth switching your existing projects to uv as well, if you haven't already.
-
-
Java/Golang
-
Simple Observability ☛ Go is portable, until it isn't
We thought Go would give us a single, portable agent binary for every Linux distro. Turns out… not exactly. But also, kind of yes.
This post kicks off a series about the traps we fell into while building a cross-platform server monitoring agent.
-
HowTo Geek ☛ IntelliJ IDEA 2025.3 arrives with more free features, full Java 25 support
JetBrains has released IntelliJ IDEA 2025.3, the first version of the new unified IDE for Java development. It's combining the Community Edition and Ultimate builds into one package and adding a few new features on top, including full support for Java 25.
IntelliJ IDEA is one of the most popular development environments for Java and Kotlin, but its two separate versions created some uncessary complexity. JetBrains announced earlier this year that it would merge the free IDEA Community Edition and paid Ultimate version into one package. The company also planned to create a fully open-source build, which arrived in the previous 2025.2 release.
The new IntelliJ IDEA 2025.3 update is the long-awaited merger, with one single downloadable package for both core and extended features. You can download it for free with the same features that were always available in the Community Edition, and a valid Ultimate license unlocks other functionality. You can also try a free trial for Ultimate without switching IDEs.
-
HowTo Geek ☛ JetBrains GoLand 2025.3 is here to upgrade your Go programming
JetBrains might be best known for its IDEA, PyCharm, and WebStorm integrated development environments, but it also has one for Go language development: GoLand. The latest version can help you hunt down resource leaks, code with multiple AI agents, use Terraform files, and much more.
JetBrains has released GoLand 2025.3 alongside similar updates for its other IDEs, including IntelliJ IDEA 2025.3. The most important improvement here might be early resource leak detection, which can help you find files, connections, or other resources that are opened in your code but never properly closed. For example, if your code opens a local file and doesn't close it afterwards, you'll see an inspection warning suggesting a close action.
GoLand is also getting the same multi-agent feature as other JetBrains environments. Anthropic's Claude Agent is the first third-party AI agent supported in GoLand, and you can switch between it and JetBrains' own Junie agent within the same chat interface.
-