Programming Leftovers

posted by Roy Schestowitz on Jun 13, 2026

• Nat Bennett ☛ The Tech Debt Snowball Method

  Small improvements reverse this. It can be surprisingly satisfying to stop and fix a few paper cuts in your workflow, especially if you pick things that you deal with all the time. Those stupid warning messages in the tests. That half-implemented repository pattern that confuses every new person who joins the team. That handful of tests that are sensitive to the order they run in, so you can't speed the suite up by running a bunch of tests in parallel.

• Modus Create LLC ☛ Writing static checks to an unsuspecting library with Liquid Haskell

  This post presents a little epic to insert static checks in Haskell’s Diff package using Liquid Haskell (LH). Static or compile-time checks are helpful to confirm formerly implicit assumptions in the implementation, providing an additional layer of assurance.

  Making illegal states unrepresentable at an affordable cognitive cost is a staple of statically typed functional programming. Endeavors like Dependent Haskell and Liquid Haskell delve into this aspect. A distinctive feature of LH is that it works on top of regular Haskell code, meaning that the program can still be compiled after disabling it, thus making it possible to enforce properties without changing the source code. In what follows I’ll give you a glimpse of how the Liquid Haskell approach feels in practice and how far it can go.

  Liquid Haskell was created by the UCSD Programming Systems group and these days is mainly maintained and further improved by my colleague Facundo Domínguez. Applying Liquid Haskell to strengthen libraries has precedent in the Haskell ecosystem, and it was in this spirit that Facundo suggested this project as we were pondering an attempt to statically check our in-house Ormolu, of which Diff is a transitive dependency and a more suitable commitment given the engineering time I could bestow upon it.2

• Andrew Nesbitt ☛ Joint Guidance on Vulnerability Naming and Disclosure

  The Vulnerability Naming Authority (VNA), in coordination with the CVE Numbering Authority consortium and the National Telecommunications and Information Administration, has published a unified process for the assignment, registration, and disclosure of named vulnerabilities. The process introduces a controlled vocabulary, a centralised approvals registry, and a top-level domain, .vuln, allocated for use exclusively in disclosure communications.

  The process applies to any vulnerability disclosed publicly by an entity operating within the United States. Vulnerabilities assigned only a CVE identifier remain out of scope.

• Rlang ☛ Test Doubles Taxonomy for R: Dummy, Stub, Spy, Mock, Fake

  You might call them all “mock”.

  Mock the database. Mock the API. Mock the function. The word becomes a catch-all for any test double, any object you substitute for a real dependency in a test. Lumping them together makes it harder to choose the right tool, and the wrong choice leads to brittle, misleading tests.

  There are five distinct types, each with a specific job. Knowing which is which is how you stop writing tests that do the wrong thing.

• Perl / Raku

  • Arne Sommer ☛ Prefixed Existence with Raku

    This is my response to The Weekly Challenge #377.

• Python

  • Kenneth Reitz ☛ PyTheory Playground

    Earlier this spring I wrote a few essays about PyTheory, the music theory library I was stuck on for five years and finally unstuck. The short version: it models tones, scales, chords, and fretboards in Python the way a musician actually thinks about them, it grew into a mini DAW with a NumPy synthesizer inside, and I used it to write an album. It hasn't slowed down since. The library that rendered that album has since learned to transcribe audio, engrave sheet music with LilyPond, tune a guitar in real time, and sync its clock with Ableton.

  • Hugo van Kemenade ☛ I'm delighted to rejoin the Sovereign Tech Fellowship

    I’m happy to rejoin the Sovereign Tech Fellowship!

    I was one of six participants in the 2025 pilot to pay maintainers of critical open source technologies in the public interest. By all accounts this first cohort was a resounding success, and I’m glad to see the programme continue.

    It was wonderful to be part of the inaugural Sovereign Tech Fellowship, and incredibly beneficial to my projects: it gave me the time to focus on releasing Python 3.14 and 3.15 smoothly, to mentor and onboard others, and to support the wider community.