Programming Leftovers

posted by Roy Schestowitz on Dec 20, 2025

• NVISO Labs ☛ Integrating Abuse Case Scenarios to Improve Authorization Testing

  In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin, normal user, approver, and others.

  Consequently, testers are often provided with accounts and credentials for various roles during a grey-box assessment.

• David Celis ☛ Writing Code Is Fun

  The thing is, in all my attempts to use AI coding tools, they’ve never actually enabled me to move faster. They initially felt faster because the tangible output came more quickly but, in almost every case, I realized that I spent at least the same amount of time that I would have spent if I had just written the code myself (even just for boilerplate). AI produced the code more quickly than I would have, but between writing prompts, reviewing/scrutinizing code, and tweaking follow-up prompts to fix issues, I saved no time at all. I traded happiness for the illusion of speed (and more problems). I could surely spend a lot of time learning to use these AI tools more effectively, but why do something that’s worse and less enjoyable? I’d rather spend that time learning other things.

• Michael Tsai ☛ Batch Delete in SwiftData

  Either way, it seems confusing in the event that there are multiple batch deletes in sequence. The first one might affect which objects match the predicate of the second one.

• Python

  • Otto Kekäläinen: Backtesting trailing stop-loss strategies with Python and market data

    In January 2024 I wrote about the insanity of the magnificent seven dominating the MSCI World Index, and I wondered how long the number can continue to go up? It has continued to surge upward at an accelerating pace, which makes me worry that a crash is likely closer. As a software professional I decided to analyze if using stop-loss orders could be a reliable way to automate avoiding deep drawdowns.

• R / R-Script

  • Rlang ☛ Introducing docorator to the pharmaverse

    Disclaimer: This blog contains opinions that are of the authors alone and do not necessarily reflect the strategy of their respective organizations.

    We are pleased to introduce a new addition to the pharmaverse: {docorator}, an R package developed by GSK to facilitate the creation of production displays within pharma workflows. If you’ve ever spent hours perfecting a table or figure, only to wrestle with adding compliant headers, footers, and perfect margins for a polished product, {docorator} might be for you.

• Java/Golang

  • Frank Delporte ☛ JavaFX Links of December 2025

    Here is the final JavaFX LinksOfTheMonth for 2025… Thank you all for sharing your knowledge and experience with JavaFX. And we hope to see even more in the next year!

  • Tomasz Wisniewski ☛ golang's defer in C (kind of)

    Quite often I find myself landing on gcc’s attributes documentation page. Not sure how that happens but this is always a gold mine. I’ve recently discovered __attribute__((cleanup(func))), which allows attaching functions to variables. These functions are executed when the variable goes out of scope. Sounds familiar?

• Rust

  • Rust Blog ☛ The Rust Programming Language Blog: What do people love about Rust?

    Rust has been named Stack Overflow's Most Loved (now called Most Admired) language every year since our 1.0 release in 2015. That means people who use Rust want to keep using Rust¹--and not just for performance-heavy stuff or embedded development, but for shell scripts, web apps, and all kinds of things you wouldn't expect. One of our participants captured it well when they said, "At this point, I don't want to write code in any other language but Rust."