Programming Leftovers

posted by Roy Schestowitz on Apr 09, 2026

• Rlang ☛ Collaborating between Bioconductor and R-universe on Development of Common Infrastructure

• [Old] Feldera ☛ Nobody ever got fired for using a struct

  When a few variables belong together, we put them in a struct. Programmers do this automatically without thinking about it much.

  And most of the time it's the right choice.

  Structs are simple, fast, and predictable. But once in a while they break down. This is the story of one of those cases.

• Andrew Nesbitt ☛ Package Security Problems for AI Agents

  I went through the recent OWASP Top 10 for Agentic Applications and pulled out the scenarios related to package management, which turn up in all ten categories and don’t sort neatly into any one of them, since a typosquatted MCP server is simultaneously a name attack, a registry attack, and a metadata poisoning vector.

• Simon Hartcher ☛ Applying "Programming Without Pointers" to an mbox indexer using Zig

  I must have watched Programming without pointers (or PWP) roughly 10 times by now. In garbage collected languages where memory allocations are mostly invisible, it can be so easy to forget that memory allocations are often poison for high performance software.

  In the video, Zig’s creator Andrew Kelley shows us how to structure our programs so that they only need to do minimal memory allocations, reducing the number of total pointers that we need to manage. Memory allocations are expensive, so reducing them can improve the overall complexity of our programs. I think that the pattern of PWP can make the code a little bit more complex if you’re not used to writing code that way. But once you’re used to it, I think that complexity can go away as you’ll recognise the pattern when you see it.

  Here’s how I applied it to a real problem that I had.

• Python

  • [Old] Polars ☛ Multiprocessing

    TLDR: if you find that using Python's built-in multiprocessing module together with Polars results in a Polars error about multiprocessing methods, you should make sure you are using spawn, not fork, as the starting method: [...]

  • [Old] Elementl Inc ☛ What Is Multiprocessing

    Multiprocessing refers to a paradigm where multiple processes are employed to execute different tasks simultaneously in order to optimize the execution time and improve the efficiency of a pipeline, particularly for large volumes of data or heavy compute requirements. This is achieved using the multiprocessing module in Python which allows the creation of process-based parallelism.

    Here are some important points about multiprocessing in Python: [...]

  • [Old] Martin Mirakyan ☛ Thread Pools and Process Pools in Python (75/100 Days of Python) | by Martin Mirakyan | Medium

    When using multiprocessing in Python, it’s important to consider the number of processes you create versus the number of CPUs available on your machine to achieve the best performance.

  • Towards Dev ☛ What’s the Best Way to Handle Concurrency in Python: ThreadPoolExecutor or asyncio?

    Coming from Go to Python, learning multithreading and async programming model was nothing short of unpleasant for me. A part of that may have something to do with me not having any respect for Python’s syntax but mostly because Python’s GIL (Global Interpreter Lock) which controls resource access for concurrency scenarios, is dumb. In Go, I can simply specify go primitive in front of any synchronous function et. voila. Python is not that and the implementation of asyncio library seemed like a crazy talk. On top of that my existing code base was fully synchronous (like a regular human being) and I was too lazy to covert a whole bunch of things just to run some functions parallelly. So yeah, blah blah blabbitty-blah, TL;DR there are two built-in libraries that can get you through most of your day-to-day needs —

  • Bruce Schneier ☛ Python Supply-Chain Compromise

    There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them.

• Java/Golang

  • The New Stack ☛ In the AI Age, Java is More Relevant Than Ever

    Java is the language used throughout enterprise platforms: ERPs, your ecommerce backends, analytics, logistics, and business workflows. You have decades of code, build pipelines, deployment practices, and operational runbooks all built around the JVM. When it comes to a language for AI though, your first thought might be Python, Node.js and TypeScript, or even Go.

    When you’re figuring out what AI features are useful to add to those critical enterprise systems, it may well make sense to experiment in a language like Python. But when it’s time to move from experimentation to production, Java is ready for building AI – and the AI tools that are speeding up developers across the industry are now ready for Java too.

  • Vikash Patel ☛ Part 2: Decoupling the Renderer: Terminal to Raylib in One Interface | Lorbic

    If your game logic knows about OpenGL, your architecture has failed. This post dissects the Interface Segregation Principle in Go, demonstrating how the Derelict Facility engine swapped an ANSI terminal renderer for hardware-accelerated Raylib without changing a single line of game simulation code.

  • Vikash Patel ☛ Part 3: Casting Shadows Without Trigonometry: The Beauty of Integer Math | Lorbic

    To calculate Field of View in a grid-based game engine, you have to cast rays. The naive approach uses heavy floating-point trigonometry. This post explores Bresenham's Line Algorithm: a 60-year-old technique from the era of hardware plotters that draws perfect lines using only integer addition and comparison.

  • Blain Smith ☛ Building Go APIs with Huma, sqlc, and Goose

    I've been building an API recently with a stack that I think hits a sweet spot of just enough structure to keep a team productive, not so much that you're fighting the tools. The stack is Huma for the HTTP layer, sqlc for database queries, and Goose for migrations. Each tool does one thing well and stays out of your way for everything else.

  • Andrew Nesbitt ☛ Who Built This?

    Michael Stapelberg wrote last week about Go’s automatic VCS stamping: since Go 1.18, every binary built from a git checkout embeds the commit hash, timestamp, and dirty flag, queryable with go version -m or runtime/debug.ReadBuildInfo() at runtime. His argument is that every program should do this, so you can always answer “what version is running in production?” without guessing. Go is unusual in doing this by default, and the rest of the package management landscape varies wildly in how it handles this, if it handles it at all.

  • Jakub Ciolek ☛ cloud security, system engineering and compilers

    Early in March, I reported two compiler bugs affecting Go releases up to 1.26.1 which broke the Go memory safety guarantees using only safe Go code.

    This means the proof-of-concepts did not import unsafe, did not use CGO and did not rely on custom assembly nor data races. Using specially constructed code, I was able to turn both bugs into control-flow hijack, and with the loop bug I also got execution of injected instructions.

• Rust

  • Rust Weekly Updates ☛ This Week In Rust: This Week in Rust 646

    Hello and welcome to another issue of This Week in Rust!