news
Programming Leftovers
-
Security Week ☛ Critical Gitea Flaw Under Active Exploitation, Researchers Warn
“Any process that can reach the Gitea container’s HTTP port directly — not through the intended authenticating proxy — can impersonate any user whose login name is known or guessable. Admin accounts are the obvious targets,” the researcher notes.
The patch that was introduced in Gitea versions 1.26.3 / 1.26.4 makes reverse-proxy authentication an opt-in feature.
-
Simon Späti ☛ The Grammar of Data: Define Once, Run Anywhere with Cross-Engine Expressions
Having a grammar for data engineering means we can express the workloads in a declarative manner, and then be sure we can deterministically reproduce and apply that exact definition.
It’s similar to the concept of a Declarative Data Stack I introduced a while back, but it gives the stack not only configurations but also a language with in-built manifestation and execution engines.
-
Sandor Dargo ☛ Propagating exceptions from destructors with std::exception_ptr
A few weeks ago, I wrote about what happens when a destructor actually throws and why it is a dangerous idea. One of the readers commented that he was once in a situation where he had to propagate an exception from a destructor. But as a destructor cannot safely throw and it also cannot return any value, he needed a better solution.
And that solution was std::exception_ptr.
Let’s look into what this type is and how it can be used.
-
Kyle Reddoch ☛ Account Inventory and Least Privilege for Small Teams
Small environments have a funny way of collecting access.
A side project starts with one login. Then a friend helps. Then a contractor needs temporary access. Then a family member gets added. Then a tool asks for admin permissions. Six months later nobody knows who can do what, which email owns the account, or whether the person who helped “just for the weekend” can still delete everything.
The first problem is ownership, not technology.
Account inventory and least privilege are the boring controls that make access understandable again. You do not need enterprise identity governance to do this well. You need a list, a review habit, and the willingness to remove access that no longer has a job.
-
Oxide ☛ Performance Has Layers
One of the most beneficial things about building the whole stack is also one of the toughest things: you also own all the problems. When a packet leaves a customer’s guest, travels through a virtual NIC, crosses our software switch, hits the OPTE data path, rides the physical fabric, and arrives at another guest, it passes through several distinct components.
And if you build all of them, as we do, then every one of those components is a place you can make the system faster. It beats the hell out of a five-way call with different vendor support teams.
-
Mijndert Stuij ☛ I was wrong about game development
I thought making a game was all about what it looked like, how it played and how it felt. And in thinking that, I was so close to the truth, but also so far away. The thing I overlooked and underestimated was how hard it is to get the difficulty level of the game just right. Burst only has a couple of levers to pull to make the game easier or more challenging, but even with those few levers, I still got it wrong the first time.
-
Anthony Hobday ☛ Notes on software quality
How I think about quality
-
Kris Shamloo ☛ a software engineering interview question I like: computing the median
I have a number of questions in my quiver when I'm giving technical interviews to candidates. They are all of a similar flavor. I don't ask puzzle questions, I find them low value. Instead, I ask questions that are straightforward but have a few angles with which to explore deeper topics.
Enter the humble median.
-
Justin Le ☛ Extreme Haskell: Typed Expression EDSLs (Part 1) · in Code
In my Seven Levels of Type Safety post, I described different extremes of type safety and fancy code. I talked about how writing effective code was finding the correct compromise for the level of communication and safety you need.
But this is not that kind of blog post. This is the kind of blog post where we celebrate terrifying type-safety, facetious fanciness, and masochistic meta-analysis. This series is about what happens when we dare to go full fancy. Let’s write code that is so inscrutable, so painful and torturous to write, yet so undeniably useful that you can’t help but try to throw it into every single thing you write and will feel a gnawing emptiness in your soul until you do.
-
LWN ☛ Flexible metaprogramming with Rhombus [LWN.net]
Lisp-like languages have historically led the world in metaprogramming and flexibility. While many modern languages have adopted the idea of macros, Lisp-like languages such as Racket have continued pushing the envelope, attempting to make macros as easy as possible to incorporate into everyday programs. On the other hand, Lisp's minimal, parenthesis-based syntax can be hard to adapt to — to the point that Lisp is sometimes said to stand for "Lots of Irritating Silly Parentheses". Rhombus is a new programming language that aims to have the best of both worlds, marrying Racket's metaprogramming capabilities to a simple Python-like syntax and reasonable standard-library defaults.
-
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: RQuantLib 0.4.28 on CRAN: Small Update
A new minor release 0.4.28 of RQuantLib arrived on CRAN this evening, has been uploaded to Debian, and is being built for r2u as brings a minor update to the calendars for Israel which in QuantLib 1.43 can now use one of three different exchange choices. However, using ‘settlement’ is now deprecated so we adjusted our code.
-
LWN ☛ What's coming in Git 2.55
The Git v2.55.0-rc2 testing release appeared on June 23, suggesting that the final Git 2.55 release can be expected in the near future. While this Git update lacks radical new features, it does include a number of improvements that regular Git users will appreciate, including commands to easily edit the commit history, more formatting options, fsmonitor support for Linux, and more.
The current release, v2.54, added an experimental "git history" command. It is, in many ways, like "git rebase", in that it allows the rewriting of commits in the history, but there are some significant differences, mostly aimed at making rebasing a bit less of a fraught operation. It can work on bare repositories, which may be of use to some people. Perhaps more widely useful is "git history reword", which makes it easy to edit the changelog of a past commit with a single command.
-
Python
-
Red Hat ☛ New features in Python 3.14
Python 3.14 is the most consequential CPython release in years for teams that care about parallelism, safer string handling, and cleaner typing workflows. Whether you're on Fedora, Red Hat Enterprise GNU/Linux (RHEL), CentOS Stream, a Red Hat Universal Base Image (UBI) container, a Red Hat Hardened Image, or Red Hat OpenShift, this post tells you what changed in the language, where you can run it today, and what you need to change in your projects.
-
-
R / R-Script
-
Rlang ☛ An API for Everything There Is to Know About Packages
On R-Universe you can discover and learn everything there is to know about R packages. But did you know it does only provide a human-friendly website, but also programmatic access to all information through APIs! Thanks to those APIs you can list universes, list packages in an universe, get information on packages, and perform searches; all without any need for authentication.
The R-Universe APIs are both handy and reliable. You can build upon them, as both rOpenSci and community members have done. This post shows some examples of use cases with the R-Universe API.
-
-
Java/Golang
-
Andrii ☛ Eliminating Go bound checks with unsafe
Hot path optimization: unsafe pointer arithmetic to eliminate bound checks the Go compiler can't remove, given you can prove they are truly unnecessary.
-
-
Rust
-
LWN ☛ Rust 1.97.0 released
Version
1.97.0 of the Rust programming language has been released. Changes
include using a new symbol-mangling scheme by default, support for denying
warnings in Cargo, and an end to the practice of hiding the linker's output
after a successful build.
-
TecMint ☛ Try uutils-coreutils: Rust Alternative to GNU Coreutils
While looking around, I came across uutils-coreutils, an open-source project that reimplements GNU coreutils in Rust. It provides nearly all of the familiar commands you already use every day, but they’re written in Rust instead of C. Besides Rust’s built-in memory safety, some commands can also perform better when working with large files.
-