news
Programming Leftovers
-
Alex Gaynor ☛ Motion to Dismiss for Failure to State a Vulnerability
When a project receives a vulnerability report, what’s the first question they should ask? I believe the correct answer is that we should ask: In what way does the claimed vulnerability violate our threat model? A lot of times the answer is obvious, we don’t need to spend a lot of time interrogating how SQL injection or a buffer overflow violates our threat model. But it’s not always obvious: does it violate the threat model for a privileged user to be able to write to a given path on disk? In my experience a remarkable portion of invalid vulnerability reports are invalid not because what they say isn’t true, but because even if every word is true, it doesn’t actually articulate a violation of any threat model.
-
[Old] Eli Bendersky ☛ Consistent hashing
This post is an introduction to consistent hashing, an algorithm for designing a hash table such that only a small portion of keys has to be recomputed when the table's size changes.
-
Bisco ☛ Birger Schacht: A plea for
A couple of weeks ago there was an article on the Freexian blog about Using JavaScript in Debusine without depending on JavaScript. It describes how JavaScript is used in the Debusine Django app, namely “for progressive enhancement rather than core functionality”. This is an approach I also follow when implementing web interfaces and I think developments in web technologies and standardization in recent years have made this a lot easier.
-
Hackaday ☛ The Lambda Papers: When LISP Got Turned Into A Microprocessor
During the AI research boom of the 1970s, the LISP language – from LISt Processor – saw a major surge in use and development, including many dialects being developed. One of these dialects was Scheme, developed by [Guy L. Steele] and [Gerald Jay Sussman], who wrote a number of articles that were published by the Massachusetts Institute of Technology (MIT) AI Lab as part of the AI Memos. This subset, called the Lambda Papers, cover the ideas from both men about lambda calculus, its application with LISP and ultimately the 1980 paper on the design of a LISP-based microprocessor.
-
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: RcppArmadillo 15.2.0-0 on Microsoft's proprietary prison GitHub : New Upstream, Simpler OpenMP
widely used by (currently) 1270 other packages on CRAN, downloaded 42 million times / vignette) by Conrad and myself has been cited 650 times according
This versions updates to the 15.2.0 upstream release made today. It brings a few changes over Armadillo 15.0 (see below for more). It follows the most recent RcppArmadillo 15.0.2-2 release and the Armadillo 15 upstream transition with its dual focus on moving on from C++11 and deprecation of a number of API access points. As we had a few releases last month to manage the transition, we will sit this upgrade out and not upload to CRAN in order to normalize our update cadence towards the desired ‘about six in six months’ (that the CRAN Policy asks for). One can of course install as usual directly from the GitHub repository as well as from r-universe which also offers binaries for all CRAN platforms.
-
Java/Golang
-
Anton Zhiyanov ☛ Go proposal: Compare IP subnets
Compare IP address prefixes the same way IANA does.
-