Programming Leftovers

posted by Roy Schestowitz on May 01, 2025

• Security Week ☛ Tech Giants Propose Standard For End-of-Life Security Disclosures

  The draft standard, released through the OASIS standards body, argues that today’s end-of-life (EoL) notices are scattered, inconsistently worded and hard to track, causing major problems for organizations running obsolete software or hardware without understanding the expanded security risk.

  The push comes amid widespread concern that outdated or unsupported systems have quietly compounded cybersecurity risks inside organizations, particularly when those end-of-life systems are embedded in complex software supply chains or industrial infrastructure.

• Wired ☛ These Startups Are Building Advanced AI Models Without Data Centers

  Researchers have trained a new kind of large language model (LLM) using GPUs dotted across the world and fed private as well as public data—a move that suggests that the dominant way of building artificial intelligence could be disrupted.

• UNIXdigest ☛ The reason why i don't use AI or even code completion

  AI is hyped up to be something it isn't and it's "stupidity" (you can't really call it stupid, because it cannot be smart to begin with) is concealed behind what appears to be solid and authoritative answers. Still it knows absolutely crap about what it is doing.

• University of Toronto ☛ Being reminded that Git commits are separate from Git trees

  What this means is that if you completely change the commits so that all of them have new hashes, for example by rebuilding your history from scratch in a new version of the repository, but you keep the actual tree contents the same in most or all of the commits, the only thing that actually changes is the commits. If you add this new repository (with its new commit history) as a Git remote to your existing repository and pull from it, most or all of the tree contents are the same across the two sets of commits and won't have to be fetched. So you don't fetch gigabytes of tree contents, you only fetch megabytes (one hopes) of commits.

• Artyom Bologov ☛ Designing the Language by Cutting Corners

  But do I need all of these, actually? What if I took a much lazier approach and decided to cut some corners? Let's do exactly that!

• Scoop News Group ☛ DARPA believes AI Cyber Challenge could upend patching as the industry knows it 

  At the semifinal round held at DEFCON last year, teams using LLMs and automated reasoning systems successfully found and patched numerous synthetic vulnerabilities in a range of open-source projects, including the Linux kernel and SQLite. According to McHenry, these results indicate not just proof-of-concept, but a potential paradigm shift in how secure software could be produced and maintained.

  Formal methods — a way of using math to prove that software works as intended — have for decades been regarded as effective but laborious and expensive, suited only for the most critical systems and requiring expert staff. McHenry noted that combining LLMs with formal methods enables automatic generation and validation of correctness proofs, drastically lowering the labor and cost barriers.

• [Repaat] Silicon Angle ☛ Google report finds drop in zero-day exploitation in 2024 but warns enterprise risks are rising

  By operating system and with zero surprise, Microsoft Windows continued to be a popular target [sic] for attacks, with the number of exploited zero-day vulnerabilities rising to 22 in 2024. Google’s Chrome remained the most targeted browser and Android devices continued to suffer from vulnerabilities in third-party components, although overall mobile exploitation fell compared to the previous year.

• The Record ☛ Google: 75 zero-days seen in 2024 as nations, spyware vendors continue exploitation

  Google, which defines zero-days as vulnerabilities exploited in the wild before a patch is made publicly available, said cyber espionage was still the leading motivation behind the exploitation of bugs.

  The report divides the 75 bugs into two buckets: those impacting end-user platforms like mobile devices or browsers and others such as security software and appliances.

• Sean Goedecke ☛ The valley of engineering despair

  The start of a project always feels good. I have a clear idea of what needs doing, and there’s plenty of time to do it. The very end of a project usually feels good too - by that point all the important pieces are ready, and it’s just a matter of getting the final tweaks and bugfixes in. The hard part is the middle of the project, when all these things are happening at the same time: [...]

• Balthazar Rouberol ☛ Build your own tools

  Whenever I set on building myself a new tool, I get unreasonably excited, because it means that I get to practice my craft of problem-solving through writing code to scratch an itch. It also means that through this practice, I get to improve my own comfort by solving that particular issue.

• Rlang ☛ vowels: Phonetics cloze quiz about Cardinal vowels

  Cloze exercise in which two randomly-selected Cardinal vowels have to be described according to the three parameters vowel height, frontness-backness, and lip rounding.

• Michael's and Christian's blog ☛ Fast Grouped Counts and Means in R

  This blog post presents a couple of approaches and then compares their speed with a naive benchmark.

• Perl / Raku

  • Perl ☛ Building Map::Tube::<*> maps, a HOWTO: extending the network

    The first post in this series introduced us to Map::Tube. There, we built the fundamental structure of the Map::Tube::Hannover module and created the basic map file for the Hannover tram network. This time, we’ll look at a map file’s structure and extend the network. At the end, we’ll visualise a graph of the railway network we’ve created so far.

• Python

  • [Repeat] The New Stack ☛ Basic Python Syntax: A Beginner’s Guide To Writing Python Code

    Every programming language has a unique syntax. Some languages borrow syntax from others, while others create something wholly different. No matter the language you intend to use, you have to understand its syntax; otherwise, you’ll struggle to get anything done.

    Syntax is a set of rules that define how code is written in a particular language. Some of the key elements of a language’s syntax include: [...]

• Shell/Bash/Zsh/Ksh

  • The Register UK ☛ Ghost in the shell script: Boffins seek code correctness

    So Vasilakis and his academic colleagues – Lukas Lazarek, Seong-Heon Jung, Evangelos Lamprou, Zekai Li, Anirudh Narsipur, Eric Zhao, Michael Greenberg, Konstantinos Kallas, and Konstantinos Mamouras – have been developing ways to apply static analysis - a method for analyzing how code will perform without having to actually execute it - to evaluate shell scripts. Their idea is to make it possible to check a script for correctness before it gets the chance to nuke your files.

    They describe their efforts in a forthcoming paper [PDF] titled "From Ahead-of- to Just-in-Time and Back Again: Static Analysis for Unix Shell Programs," which they will present at the HotOS XX conference in May. (The event’s 20th edition brings with it a Roman numeral that has nothing to do with the adult entertainment industry.)

• Rust

  • Rust Weekly Updates ☛ This Week In Rust: This Week in Rust 597

    Hello and welcome to another issue of This Week in Rust!