news
Programming Leftovers
-
Hackaday ☛ BASIC Programming With No Strings Attached
Today in programming language hacks we have string art rendered in BASIC. String art — also known as pin and thread art, or filography — is an art form where images are invoked by thread woven between pins on the border of an image. In this case the thread and the pins are virtual and there is a simple 67 line BASIC program which generates and renders them.
-
LWN ☛ Evans: A data model for Git (and other docs updates)
On her blog, Julia Evans writes about
improving Git documentation, including a new data
model man page she wrote with Marie
LeBlanc Flanagan, and updates to the pages for several other Git sub-commands
(add, checkout, push, and pull).
-
Uwe Friedrichsen ☛ We default to addition
Recently, I realized that there was still a puzzle piece missing. I more or less accidentally stumbled upon that missing piece. On social media, I saw a slide from someone else’s presentation 1 with the following text on it:
“Our brains tend to default to addition rather than subtraction when it comes to finding solutions”
This caught my attention because it looked like an explanation of why we pile up all that complexity in IT so readily – even lots of complexity we do not need to solve a given problem.
-
The Register UK ☛ Devs doubt AI-written code, but don’t always check it
But the growing usage of AI tooling has, according to Sonar, created a verification bottleneck.
"This verification step isn't trivial," the report says. "While AI is supposed to save time, developers are spending a significant portion of that saved time on review. Nearly all developers (95 percent) spend at least some effort reviewing, testing, and correcting AI output. A majority (59 percent) rate that effort as 'moderate' or 'substantial.'"
-
[Old] Eric Pement ☛ Handy One-Line Scripts for AWK
-
Rnb37 ☛ Cool project, will you actually maintain it?
I have seen a lot of cool, open source projects posted online. Helpful libraries, starter templates, frameworks. What I often don't see, however, is a plan for maintaining them.
-
[Old] Rnb37 ☛ Write code that you can understand when you get paged at 2am
The older I get, the more I dislike clever code. This is not a controversial take; it is pretty-well agreed upon that clever code is bad.
But I particularly like the on-call responsibility framing: write code that you can understand when you get paged at 2am.
-
Sal ☛ CLI cool-off
What are the lessons here, I wonder? I think one lesson is that, for me, there is no end-game or Nirvana state. Every app has its pros and cons, which means I’m always susceptible to FOMO no matter what thing I choose and how deeply I study it. I should dispel the notion that there is one true, superior path to be discovered, and instead live by the principle of good enough.
-
NVISO Labs ☛ OWASP Top 10 2025 - A Pentester's Perspective
Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few key changes.
In this article, we will first take a look back at the project’s evolution over the last 22 years and highlight a few overarching shifts and developments. We will then take a closer look at the newest version and what the changes mean specifically for penetration tests.
-
R / R-Scrip
-
Rlang ☛ R Studio or Positron? Time To Switch?
In July 2022, R Studio was rebranded to Posit. Apparently, a new era was about to start because the world’s needs were evolving, and R had a stronger companion in the Python programming language.
-
-
Python
-
Kushal Das: Introducing EktuPy
Py (daughter) is now 11 years old, and she spends a lot of time on Scratch, makes beautiful and fun things. But, she thinks she is not a programmer as she is moving blocks and not typing code like us. I had questions for long time about how to move this Scratch generation into programming in general via Python. EktuPy is my probable solution.
-
Henry Schreiner ☛ How we made Python's packaging library 3x faster
Along with a pip (and now packaging) maintainer, Damian Shaw, I have been working on making packaging, the library behind almost all packaging related tools, faster at reading versions and specifiers, something tools like pip have to do thousands of times during resolution. Using Python 3.15’s new statistical profiler and metadata from every package ever uploaded to PyPI, I measured and improved core Packaging constructs while keeping the code readable and simple. Reading in Versions can be up to 2x faster and SpecifierSets can be up to 3x faster in packaging 26.0rc1, now released! Other operations have been optimized, as well.
-
Scientific Python Blog ☛ Blog - A Year of Typing: My NumPy Fellowship Retrospective
It’s been exactly one year since I started my journey as a NumPy Fellow, and looking back, it has honestly been the best job I’ve ever had. My main goal for 2025 was to push the boundaries of static typing within the Scientific Python ecosystem. I’m happy to report that we didn’t just push the boundaries; we reshaped them.
Here is a high-level look at what we achieved, from making numpy fully type-checked to bridging the gap between scientific computing and the wider Python typing community.
-
-
Shell/Bash/Zsh/Ksh
-
Linus Heckemann ☛ Handling secrets (somewhat) securely in shells
After going to all the effort of not putting the token in a file, your shell has helpfully saved then command you ran in your history file for all your processes to steal! One way to avoid this is to prevent the command from being written to history. Bash has a configuration variable named HISTCONTROL, which when set to include ignorespace prevents commands prefixed with whitespace from being saved in history. This is inconvenient though! History is really helpful for iterating on a command that you haven’t got quite right yet.
Fortunately, there’s another approach we can take here. Using a shell variable, we can avoid putting the secret in any shell commands directly: [...]
-
Florian Anderiasch ☛ Shell scripts
I've long been unhappy with shell scripts for anything that's more than 20 lines of glue code and so I've been looking for replacements for quite a while.
The problem is usually that you need to fiddle with various versions of exec or popen or whatever the language calls their wrapper around the underlying C functions (or POSIX functionality, whatever). The task is usually to execute a command, very often piping it into another one, then using the output.
-