Programming and Systems (Leftovers)
-
Debian Family
-
Seth Michael Larson ☛ New experimental Debian package for Cosign (Sigstore)
Cosign has a new experimental package available for Debian thanks to the work of Simon Josefsson. Simon and I had an email exchange about Sigstore and Cosign on Debian after the discussion about PEP 761 (Deprecation and discontinuation of PGP signatures).
Debian and other downstream distros of Python and Python packages are incredibly important consumers of verification materials. Because these distros actually verify materials for every build of a package, this increases the confidence for other users using these same artifacts even without those users directly verifying the materials themselves. We need more actors in the ecosystem doing end-to-end verification to dissuade attackers from supply-chain attacks targeting artifact repositories like python.org and PyPI.
-
-
Content Management Systems (CMS), R, Rust, and More
-
Major outage for Kiwi TCMS
Hello testers, in the spirit of transparency we'd like to inform everyone that on Dec 11th 2024 between 07:20-09:30 UTC Kiwi TCMS suffered a major outage!
The Kiwi TCMS web application was up and running, however the database behind it had stopped accepting requests resulting in 500 Internal Server Error page visible to everyone. A little over 1000 requests (both manual and via API) were affected!
-
Rlang ☛ How to Select Row with Max Value in Specific Column in R: A Complete Guide
When working with data frames in R, finding rows containing maximum values is a common task in data analysis and manipulation. This comprehensive guide explores different methods to select rows with maximum values in specific columns, from base R approaches to modern dplyr solutions.
-
Yordi Verkroost ☛ Advent of Code is the Perfect Coding Ritual
The amount of joy I get from this experience makes me question why I stepped away from being a full-time professional developer. Why did I trade full-time coding for teaching new generations the programming skills they'll use and enjoy for a lifetime?
-
Marcus Buffett ☛ How I prevent myself from committing temporary code to production | Marcus' Blog
A couple months ago I had one particularly annoying piece of debugging code make it to production. We ended up in a loop of fetching user’s data when they visited the site. This caused a whole host of issues, including mobile app slowness, and over-fetching from an external service we rely on.
The thing is, I always know in the moment of writing this code, that I should return to it later or remove it before committing, but it’s really easy for that to slip out of my working memory. So I resolved to find a better way to keep the workflow I work best in, while not risking anything making it through. I quite like where I ended up so I figured I’d share.
-
Martijn Faassen ☛ Secret Weblog • The Humble For Loop in Rust
Rust has some really nice functional programming facilities built in, all around an iterator concept. Rust being focused on performance and low level control makes it possible to use this without paying a performance cost. Sometimes I still prefer to use the humble for loop though. In quite a few cases, it combines high performance with high readability. I thought I'd motivate why.
-
Thomas Günther ☛ Beautiful focus outlines · Medienbäcker Thomas Günther
Focus outlines highlight the active interactive element on a web page. They’re crucial for accessibility, especially for keyboard users and those with motor impairments. If you ever tried navigating a website without a mouse, you can imagine how frustrating it is when you can’t see where you are. If not, imagine not seeing your cursor. Or just try it yourself by tabbing through your favorite website.
Unfortunately, focus outlines are often overlooked in web design. Clients and designers might not even notice them, leaving developers to handle design and implementation. Some might even suggest removing focus outlines for a cleaner aesthetic 😱
-
Trail of Bits ☛ Auditing the Ruby ecosystem’s central package repository
Ruby Central hired Trail of Bits to complete a security assessment and a competitive analysis of RubyGems.org, the official package management system for Ruby applications. With over 184+ billion downloads to date, RubyGems.org is critical infrastructure for the Ruby language ecosystem.
-
-
Perl / Raku
-
Shell/Bash/Zsh/Ksh
-
Don Marti ☛ run a command in a tab with gnome-terminal
To start a command a new tab, use the --tab command-line option to gnome-terminal, along with -- to separate the gnome-terminal options from the options passed to the commnd being run.
-
-
Standards/Consortia
-
RIPE ☛ Zeros Are Heroes: NSEC3 Parameter Settings in the Wild
DNSSEC relies on public-key cryptography to add integrity and authentication to plain DNS. When done in offline mode, resource record sets are signed so that signatures can be returned along with responses. This does not return signatures when queried for non-existent data, because there is nothing in the zone file to sign.
To address this problem, the NSEC (Next Secure) resource record is used to prove that nothing exists between two names sorted in the canonical order. When receiving the NSEC record, a resolver can easily verify if the queried domain lies within the corresponding range.
-
Miguel Young de la Sota ☛ Nobody Gets Fired for Picking JSON, but Maybe They Should?
JSON is famously simple. In fact, you can fit the entire grammar on the back of a business card. It’s so omnipresent in REST APIs that you might assume you already know JSON quite well. It has decimal numbers, quoted strings, arrays with square brackets, and key-value maps (called “objects”) with curly braces. A JSON document consists of any of these constructs: null, 42, and {"foo":"bar"} are all valid JSON documents.
-
IETF ☛ draft-josefsson-ssh-chacha20-poly1305-openssh-01 - Secure Shell (SSH) authenticated encryption cipher: chacha20-poly1305
This document describes the Secure Shell (SSH) chacha20-poly1305 authenticated encryption cipher.
-