news
Programming Leftovers
-
Ruby ☛ Ruby 4.0.6 Released
Ruby 4.0.6 has been released.
Please see the GitHub releases for further details.We intend to release the latest stable Ruby version (currently Ruby 4.0) every two months following the most recent release. Ruby 4.0.7 will be released in September, and 4.0.8 in November.
-
TecMint ☛ 17 Best Node.js Frameworks and Libraries for Developers in 2026
We first published this roundup in 2023, but the Node.js framework ecosystem has changed a lot since then. Some frameworks from the original list are no longer actively maintained, while others have become popular choices for modern applications.
-
Josep Bigorra ☛ Maak: The power of Lisp that powers your trusty command runner and the enlightments
Instead of learning a limited DSL, you can leverage your existing Lisp skills to define tasks, manage data, and automate your workflows with ease. Define functions, manipulate lists, use conditional, create macros—the entire language is at your disposal.
-
The New Stack ☛ What an ex-NSA red teamer wants every SOC to stop doing
The modern security operations center (SOC) team isn’t short on data. It’s buried under it. Cloud platforms, SaaS applications, endpoints, identity systems, and security products all generate a steady flow of events, leaving analysts to determine which ones indicate a genuine compromise and which are simply background noise.
It’s little wonder that alert fatigue remains one of the defining challenges in security operations. The issue isn’t simply volume. It’s context.
-
Rlang ☛ From Peer Review to Mentorship: My rOpenSci Story
I was later invited to review a package myself. The experience gave me a different perspective on the review process. As a reviewer, I saw that the goal was not simply to determine whether a package met some standards or merits, but to help authors improve their software through constructive feedback. When applications opened for the Champions Program, mentoring felt like a natural next step. Having experienced rOpenSci as both a software author and a reviewer, it seemed like a meaningful way to contribute to the community.
-
Adam Johnson ☛ Python: find all instances of a class with gc.get_objects()
This approach can be slow, because it traverses all live objects, puts them in a list, and then filters them with an isinstance() on each one. However, that’s normally fine for debugging purposes.
-
Wired ☛ Python Is So Slow. Can Julia Solve the Two-Language Problem?
But every one of these languages, they wrote, “is perfect for some aspects of the work and terrible for others.” Greedy as they were, they wanted “a language that’s open source, with a liberal license … Something that is dirt simple to learn, yet keeps the most serious hackers happy.” Julia would be the one language to unite them all.
-
Lea Verou ☛ In defense of polyfills • Lea Verou
Don’t get me wrong, concerns about polyfills are well-intentioned. They come from implementors and standards folks who want to preserve the design flexibility to build the best API surface possible — a goal I share deeply. Being both a spec editor and a library author, striking that balance is something I navigate all the time.
Still, I was under the impression that seeing polyfills as a net positive was the consensus view of the web standards community as a whole. That while we may not have consensus on the specific tradeoffs or solutions, we see polyfilling as a good thing and we generally do want web platform features to be polyfillable.
-
Lalit Maganti ☛ The git history command deserves more attention
Working with lots of changes in parallel on git can be painful. You end up juggling branches and commits, and running scary rebase -i commands that can leave your tree in a half-broken state if you so much as sneeze.
-
R / R-Script
-
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: qlcal 0.1.2 on CRAN: Fresh Upstream Updates
The twentieth release of the qlcal package arrivied at CRAN today, and has been built for r2u. This version synchronises with QuantLib 1.43 released today as over seventy country / market calendars and can compute holiday lists, its complement (i.e. business day lists) and much more.
-
Rlang ☛ Tabler Server A minimal framework to create web dashboards in R
Besides local apps, I have been working on Tabler Server to manage tabler apps on a Linux machine.
Nothing of this is particularly novel. Most of this was done standing on the shoulders of giants to combine R and Linux tools efficiently.
-
Rlang ☛ My last R posts: How conformalization helps weak models, fast conformal prediction with jackknife+ (and no refitting), and sklearn in R
This post is about the tisthemachinelearner R package, that allows to use scikit-learn models in R. It is a wrapper around the tisthemachinelearner Python package. Prediction intervals can be computed using either split conformal prediction, surrogate methods or the bootstrap.
-
-
Python
-
Threat Source ☛ The serpent’s tongue: Luring the Python out of its den
Users often believe that for a malicious payload to be executed they need to directly interact with the infected piece of code (e.g., providing it with a sensitive input, executing its entry point, or importing it to a working project). In reality, Python packages can establish a foothold simply through installation. While analyzing these techniques in detail, we will take a deeper look at the background process of package installation for Python. This will help understand the threat landscape for Python packages, including legitimate components adversaries try to alter for their benefit.
-
Hugo van Kemenade ☛ Security: line goes up · Hugo van Kemenade
Like many other projects, CPython is experiencing a huge increase in security reports.
-
Jesse Li ☛ Estimating the heights of New Yorkers from their scuff marks
The wall at Smith–Ninth Streets in Brooklyn is made of concrete. Its rough surface holds onto memories longer than the smooth tile that adorns most other stations in the city. A commuter waiting for the train leans with one foot against the wall, and their shoe leaves a mark, joining the marks left by past travelers. In aggregate, they form a darkened band about 18 inches above the floor.
-
-
Shell/Bash/Zsh/Ksh
-
Quick regional screen recording to MP4 via slurp
A lightweight and dependency-minimal way to record a selected region of your Wayland screen.
By using `slurp`'s custom formatting directly (`%wx%h+%x+%y`), we eliminate the need for piping through helper tools like `sed` or `awk` to construct the geometry argument for `gpu-screen-recorder`.
-
Panagiotis Vryonis ☛ shg, the shell guard
Shell history is one source of leaked credentials. Commands containing API keys, bearer tokens, passwords, or connection strings are often written to history files without much thought.
We shouldn’t do it, but, let’s admit it, we all do it, especially when we feel safe, on a computer entirely under our control.
-
-
Java/Golang
-
Rachel Kaufman ☛ A Better Way to Test Object Equality in Java Unit Tests
You’re so right, there is!
If we’re using AssertJ instead of JUnit’s assertions, there’s this pattern: [...]
-