news
Programming Leftovers
-
Sandor Dargo ☛ C++26: Cleaning up string literals
The two papers we are covering today are complementary in a philosophical sense. They both improve how string literals are handled in C++26. P2361R6 tackles strings that are never evaluated — the ones that only exist at compile time. P1854R4 tackles evaluated string literals, making non-encodable characters ill-formed instead of implementation-defined. Let’s start with the unevaluated side.
-
Miod Vallat ☛ Trojaned OpenSSH
This is a story I had been considering writing for a long time, as many wrong or stupid things have been said or written at the time it happened.
Being on a quite sensitive subject, I have however opted to redact a few things, especially the identity of two OpenBSD developers, as well as some IP addresses and other minor details which could help identify them. They will be referred to as dev1 and dev2 in this story. It does not matter who they are, and they really are trustworthy.
-
Josh Lospinoso ☛ Calls Are Now a Security Surface
The classic return-address story is stack-based. call records where to come back. ret uses that recorded address. Control-flow hardening asks what happens if that state is corrupted. Intel Control-flow Enforcement Technology, as documented by the Linux kernel, includes a shadow-stack feature. A shadow stack is a secondary stack not directly modifiable by applications. When a CALL instruction executes, the processor pushes the return address onto both the normal stack and the shadow stack. When RET executes, the processor compares the return address from the normal stack with the one on the shadow stack; a mismatch causes a control-protection fault.1 That changes the meaning of “I restored the stack.” A hand-written stub or trampoline can satisfy the old visible rule: [...]
-
Rlang ☛ Learning Amino Acids Part 1: Non-Polar Amino Acids, Rodrigues Rotation, and Lennard-Jones Potential
🧬 Back to basics! Learning non-polar amino acids, what zwitterions actually are, and dipping into the applied math — Rodrigues rotation and Lennard-Jones potential. Slowly building toward optimal phi/psi!
-
Rlang ☛ Little useless-useful R functions – Ulam Prime Spiral
-
Rlang ☛ Little useless-useful R functions – Ulam Prime Spiral
-
Perl / Raku
-
Perl ☛ Time::Str - Time Zones and Leap Seconds
Time::Str parses and formats date/time strings across 20+ standard formats, with an optional C/XS backend and nanosecond precision. The previous post, Introducing Time::Str, covered parsing and formatting. This one covers two additions, time zones and leap seconds, and ends with a note on the new C parsers.
-
-
Python
-
Seth Michael Larson ☛ Are insecure code completions a vulnerability?
Three months ago I saw that PyCharm shipped with a “Full Line Completion” plugin that “uses a local deep learning model to suggest entire lines of code”. These suggestions manifest as whole-line suggestions after you start typing and can be accepted with Tab. Essentially auto-complete for entire lines.
I decide to test this functionality. I started by writing import urllib3, created a new line, and then typed u and received a suggested completion for the line marked below with a dashed border. I was not impressed by the result: [...]
-
Rahul Gopinath ☛ Learning Regular Languages with the TTT Algorithm
Several independent contributions are incorporated in the TTT algorithm. Rivest and Schapire 1 contributed the binary search counterexample analysis, which finds the single relevant suffix in a counterexample in \(O(\log k)\) queries (rather than \(k\) queries). The introduction of discrimination tree as a replacement for the observation table is due Kearns and Vazirani 2.
TTT by Isberner, Howar and Steffen 3 adds two further refinements: prefix transformation, which keeps access sequences minimal, and discriminator finalization, which keeps the discrimination tree shallow. TTT is provably redundancy-free. That is, it never makes a membership query whose answer could have been derived from earlier queries.
A notable extension is ADT 4, which extends TTT with adaptive distinguishing sequences, which can reduce resets in hardware settings.
-
-
Rust
-
Niko Matsakis: Only Bounds
onlybounds are going to be the most impactful change to Rust that you’ve never heard of. They are currently being designed and developed by the Arm team (David Wood, Rémy Rakic, et al.) as part of the Sized Hierarchy and Scalable Vector Extension project goal. This post explores the feature and aims to answer a particular question about the design (the scope of bounds, I’ll explain). But before I dive in, I want to give a bit of context.
-