news
Programming Leftovers
-
Miguel Grinberg ☛ How Bitwarden Encrypts and Decrypts Secrets
Speaking of the Bitwarden clients, while I was writing this article it came out that the official Bitwarden CLI client was compromised in a supply chain attack. This is a tool that I personally use and have on all my computers, so this feels like a wake up call to me. Luckily I did not install the compromised version myself, but I think there is an argument to be made about rolling your own secret management client instead of relying on the one all the hackers are after!
In this article I'll share how the encryption of secrets works in Bitwarden and its Vaultwarden clone. I'll also include working Python code, in case you want to tinker with this and like myself, would be interested in building your own tooling to keep your secrets safe.
-
Jason Becker ☛ Building My Own Reverb Watchlist
For someone who can program, I have so few personal uses. Maybe that’s beacuse the people do not yearn for automation. But today I came up with a fun one.
-
Henrique Cabral ☛ The fastest Linux timestamps
One of my pet projects at my last job was to introduce distributed tracing to a low-latency pipeline (think 1–10 microseconds per stage) using OpenTelemetry. As part of this effort I spent a considerable amount of time designing, implementing, and optimising our own C++ tracing client library, as the official one has too much overhead. My goal was for the latency impact per component to stay under 5% so both developers and users would feel comfortable leaving traces always on in production; this translated to a budget of about 50–100 ns (a few hundred clock cycles) per span.
-
Riki Moe ☛ Lua can be a really cool HTML templating engine
It’s a pretty cool language. It is also one of my favourite programming languages, for which I made a case in a past blog post.
One of my favourite aspects of Lua’s design that I like to preach about is how it’s really tight and small, while also being genuinely really sweet to write. Today, I’d like to focus on its Lisp-like aspect: domain specific languages (DSLs)—specifically, we will use it to build a templating language for HTML.
But first, let me set some background.
-
WolfSSL ☛ Why C Remains the Gold Standard for Cryptographic Software
Even in memory-safe languages, logic errors and exception-handling mistakes remain common. Features like unwrap() don’t cause memory corruption, but they can introduce panics or denial-of-service paths in security-critical code.
No language replaces discipline, review, and testing.
-
Kushal Das: A git sign bug
While working on the new
git signingfeature for tumpa-cli I noticed that some of the commits can not be verified. For a moment I freaked out and then thought it must be a problem in my code. But, I could not dig enough. Opus 4.7 helped me to find the eaxct commit in git's history and a reproducer. I reported the issue to the maintainers and they are working on a fix. -
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: RProtoBuf 0.4.27 on CRAN: Upstream Adjustment
A new maintenance release 0.4.27 of RProtoBuf
This release adjusts to a change upstream. Luca Billi noticed that upstream removed some fields from
FieldDescriptor, filed and issue and followed up with a spotless PR. No other changes. -
Perl / Raku
-
Perl ☛ Who tests the tester? Me !!!
As already reported, I'm writing this color library. Recently I created my own test function for it. And since it was easier that I thought, I want to show you how, so you can write your own!
-