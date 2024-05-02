Programming Leftovers
Trail of Bits ☛ Curvance: Invariants unleashed
The success of a fuzzing suite is grounded in the quality of its invariants. Throughout this project, we focused on fine-tuning each invariant for accuracy and relevance. Fuzzing, in essence, is like having smart monkeys on keyboards testing invariants, whose effectiveness relies heavily on their precision. Our journey with Curvance over nine weeks involved turning in-depth discussions on codebase properties into precise English explanations and then coding them into executable tests, as shown in the screenshots below.
Rlang ☛ How to add Axes to Plot in R
How to add Axes to Plot in R, In the world of data visualization, creating visually appealing and informative plots is crucial for effectively communicating insights.
The R programming language offers a plethora of tools to customize your plots, including the ability to add user-defined axis ticks using the axis() function.
In this article, we will walk you through three examples that demonstrate how to create plots with custom axis ticks in R.
Arne Bahlo ☛ Thoughts on Zig
Zig is a programming language designed by Andrew Kelley. The official website lists three principles of the language: [...]
Buttondown ☛ "Integration tests" are just vibes
Even if we can't define integration test, we still have recognize them. There are tests that are bigger than our "unit tests" and smaller than an end-to-end test, and people have strong opinions about writing more or less of them. We can have a sense of something being an "integration test" even if we can't strictly define it.
I think it's more useful to think of integration tests in terms of family resemblances. There are certain measurable properties of tests, and integration tests measure relatively different than a unit test. One quality is test speed: unit tests are "fast", integration tests are "slow". This does not mean all integration tests are slower than any unit test (unit property tests can be very slow). But slow tests are more likely to be integration tests than unit tests.
Hillel Wayne ☛ Software Friction
Friction compounds with itself: two setbacks are more than twice as bad as one setback. This is because most systems are at least somewhat resilient and can adjust itself around some problem, but that makes the next issue harder to deal with.
The Register UK ☛ Programming language R patches code exec security flaw
The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base. Doing so will trigger the execution of a code payload within the file or package, which could leak the user's files to another source, delete data, or perform other devilish activities.
The hole was closed in version 4.4.0 of R Core, which was released earlier this month – upgrading ASAP is strongly advised.
The flaw lies in how R deserializes data. R's built-in deserialization feature, which loads information from files to unpack into data structures in memory, is insecure and can be exploited to execute arbitrary code on a victim's machine.
Tokei: Quickly Count Different Metrics in Your Codebase
Once you have completed your assignment on a big software project (with or without a team), have you ever thought about how much code in different programming languages has been used in the project?
Adriaan de Groot ☛ File modes in C++20
I was looking at some code that sets file permissions – file modes – by calling
chmod(2). The command-line
chmod(1)has a bunch of possibilities for setting permissions, but the underlying system-call needs an
int, and the C headers for it are annoying to use. So I fired up some C++ machinery to “make it nicer to use”.
Tame JSON and XML with Apache Groovy
Effortlessly handle JSON and XML data in Apache Groovy applications with built-in slurpers. This guide explores Groovy's JsonSlurper and XmlSlurper, demonstrating how to parse and navigate complex data structures with minima; code.
Rlang ☛ Introducing Tapyr: Create and Deploy Enterprise-Ready PyShiny Dashboards with Ease
Are you an R/Shiny user looking to leverage the incredible capabilities of Shiny for Python without sacrificing the familiarity and comfort of your existing tools? Introducing Tapyr—our Shiny for Python framework.
Rlang ☛ Quantile Normalization in R with the {TidyDensity} Package
In data analysis, especially when dealing with multiple samples or distributions, ensuring comparability and removing biases is crucial. One powerful technique for achieving this is quantile normalization.
The Anarcat ☛ Antoine Beaupré: Tor migrates from Gitolite/GitWeb to GitLab
Note: I've been awfully silent here for the past ... (checks notes) oh dear, 3 months! But that's not because I've been idle, quite the contrary, I've been very busy but just didn't have time to write about anything. So I've taken it upon myself to write something about my work this week, and published this post on the Tor blog which I copy here for a broader audience.
Perl / Raku
Perl ☛ What's new on CPAN - March 2024
Welcome to “What’s new on CPAN”, a curated look at last month’s new CPAN uploads for your reading and programming pleasure. Enjoy!
Python
The Register UK ☛ Google layoffs hit Python and Flutter teams
Despite Alphabet last week reporting a 57 percent year-on-year jump in net profit to $23.66 billion for calendar Q1, more roles are being expunged as the mega-corp cracks down on costs.
The Python team is reportedly affected and an undisclosed number of Flutter and Dart engineers have been let go.
Java
The Register UK ☛ Java 17 is now the favorite brew of developers, along with
The nearly three-year-old Java 17 has overtaken Java 11 as the most widely used long-term support (LTS) version of the programming language, according to app monitors at New Relic.
Major users of Java, specifically large corporates, tend to be cautious with their technology stack. Shifting to a version of Java released in September 2021 therefore looks positively avant garde.
Rust
Matthew Palmer: The Mediocre Programmer's Guide to Rust
Me: “Hi everyone, my name’s Matt, and I’m a mediocre programmer.”
Everyone: “Hi, Matt.”
Facilitator: “Are you an alcoholic, Matt?”
Me: “No, not since I stopped reading Twitter.”
Facilitator: “Then I think you’re in the wrong room.”
Yep, that’s my little secret – I’m a mediocre programmer. The definition of the word “hacker” I most closely align with is “someone who makes furniture with an axe”. I write simple, straightforward code because trying to understand complexity makes my head hurt.
Which is why I’ve always avoided the more “academic” languages, like OCaml, Haskell, Clojure, and so on. I know they’re good languages – people far smarter than me are building amazing things with them – but the time I hear the word “endofunctor”, I’ve lost all focus (and most of my will to live). My preferred languages are the ones that come with less intellectual overhead, like C, PHP, Python, and Ruby.
This Month in Redox - April 2024
Jeremy fixed a “copy-on-write” bug in his recent RedoxFS performance optimizations, where small data chunks could truncate records. This was causing page faults on small executables built inside of Redox (like a Hello World program).
As our dynamic linking support is a work-in-progress, he configured GCC to build static binaries by default (Rust builds static binaries by default).
Standards/Consortia
BahaaZidan ☛ A brief history of web development. And why your framework doesn't matter.
The simplest architecture to build a website would be to have one server to handle everything. That means that there’s no frontend router, no hydration, no AJAX, and definitely no cache/store like Apollo or Redux. It’s very simple, the user requests an HTML page, the user gets an HTML page back. Oh and mutations will all be handled by native HTML forms. This used to be how everything worked. Not much JavaScript was written. Just whatever language you picked for backend and HTML/CSS. This worked because the web was made to be a decentralized space for sharing information. The websites made in those days were very static in nature and very little mutations happened so it was fine for the page to refresh after each form submission. It was also fine to load an entirely new HTML document every time the user navigated to another page.
