Programming Leftovers
-
Rachel ☛ autoconf makes me think we stopped evolving too soon
I've gotten a few bits of feedback asking for my thoughts and/or reactions to the whole "xz backdoor" thing that happened over the past couple of days. Most of my thoughts on the matter apply to autoconf and friends, and they aren't great.
-
Jussi Pakkanen ☛ Aesthetics matter
Take any project you are working on currently. It can either be a work project or an open source one. Now think about all the various components it has. Go through them one by one in your mind. Pause at each one. Ponder them. Does any one of them immediately conjure up the following reaction in your mind:
"I'm not touching that shit!"
If the answer is yes then congratulations, you have found the most likely attack vector against the project. Why? Because that part that is guaranteed to have the absolute worst code reviews for the simple reason that nobody wants to touch it with a ten foot pole [2]. It is the very definition of someone else's problem. In the case of Autotools the problem is even worse, because there are no tools to find bugs automatically. Static analysis? No [3]! Linters? No! Even something simple like compiler warnings? Lol no! The reason they don't exist is exactly the same as above: the whole problem space is so off-putting that even the people who could do something about it prefer to work on something more meaningful instead. Badness begets more badness and apathy. The fact that it does not halt and catch fire most of the time is seen as sufficient quality.
-
Roman Kashitsyn ☛ Good names form Galois connections
I recently read a chapter on naming things in "The Programmer’s Brain" by Felienne Hermans. There is a lot of research on the topic of names in programming. Researchers found that good names improve code comprehension and that poor names correlate with buggy code and proposed a few heuristics for choosing good namesd.
The book provides a few recommendations on how to create good names, but it left me unsatisfied. I felt that I already knew how to choose good names, but I wanted to have a good mathematical model for what good names are. This article is the result of my exploration.
-
Dirk Eddelbuettel ☛ ulid 0.3.1 on CRAN: New Maintainer, Some Polish
Happy to share that ulid is now (back) on CRAN. It provides universally unique identifiers that are lexicographically sortable, which improves over the more well-known uuid generators.
ulid is a neat little package put together by Bob Rudis a few years ago. It had recently drifted off CRAN so I offered to brush it up and re-submit it. And as tooted earlier today, it took just over an hour to finish that (after the lead up work I had done, including prior email with CRAN in the loop, the repo transfer from Bob’s to my ulid repo plus of course a wee bit of actual maintenance; see below for more).
-
Python
-
Python ☛ PEP 738 – Adding Android as a supported platform
This PEP proposes adding Android as a supported platform in CPython. The initial goal is for Android to achieve Tier 3 support in Python 3.13.
This PEP is based on PEP 730 – “Adding iOS as a supported platform” by Russell Keith-Magee, and covers many of the same issues. Notable differences between the two platforms can be found by searching for the word “iOS”.
-
-
Shell/Bash/Zsh/Ksh
-
Russ Cox ☛ research!rsc: The xz attack shell script
At a high level, the attack is split in two pieces: a shell script and an object file. There is an injection of shell code during configure, which injects the shell code into make. The shell code during make adds the object file to the build. This post examines the shell script. (See also my timeline post.)
-
-
Education
-
Rlang ☛ Navigating ShinyConf 2024: A First-Timer’s Guide to Virtual Conferences
With ShinyConf 2024 just around the corner, first-time attendees may find themselves grappling with a mix of excitement and uncertainty. Fear not! This comprehensive guide aims to equip you with the tools and knowledge you need to prepare, thrive, and make the most out of your ShinyConf experience.
-
-
Standards/Consortia
-
Hindustan Times ☛ NASA wants to come up with a new clock for the moon, where seconds tick away faster
It's not quite a time zone like those on Earth, but an entire frame of time reference for the moon. Because there's less gravity on the moon, time there moves a tad quicker — 58.7 microseconds every day — compared to Earth. So the White House Tuesday instructed NASA and other U.S agencies to work with international agencies to come up with a new moon-centric time reference system.
-
Gizmodo ☛ NASA Receives White House Order to Develop Lunar Time Standard
Due to Einsteinian relativity, time passes differently on the Moon than it does on Earth. The same can be said for space in general. Time—or at least its perception—would slow down significantly if you were near a black hole because of the object’s intense gravitational pull. The difference between how time passes on the Moon versus the Earth is very slight, but it adds up.
-
Reuters ☛ Exclusive: White House directs NASA to create time standard for the moon
Under its Artemis program, NASA is aiming to send astronaut missions to the moon in the coming years and establish a scientific lunar base that could help set the stage for future missions to Mars. Dozens of companies, spacecraft and countries are involved in the effort. An OSTP official said that without a unified lunar time standard it would be challenging to ensure that data transfers between spacecraft are secure and that communications between Earth, lunar satellites, bases and astronauts are synchronized. Discrepancies in time also could lead to errors in mapping and locating positions on or orbiting the moon, the official said.
-