Programming Leftovers

posted by Roy Schestowitz on Feb 21, 2026

• Niel Madden ☛ Looking for vulnerabilities is the last thing I do

  All this is to say that for companies with low security maturity, finding security bugs comes with a very outsized overhead in terms of tying up resources. If your security team is one or two people, then this makes it harder to get out of this rut and into a better place.

  So my primary job is to improve the processes and documentation so that these incidents become a well-oiled machine, and don’t tie up resources any more than necessary. I generally use OWASP SAMM as a framework to measure what needs to be done (sticking largely to the Design, Implementation & Verification functions), but it boils down to a number of phases to raise the bar: [...]

• Bogdan Chadkin ☛ How my side project got banned from the [Internet]

  A little piece about dealing with security providers and clearing my side project's reputation after a false positive flagging.

• Jan-Lukas Else ☛ Bye Gitea, hey Forgejo! - Jan-Lukas Else

  I procrastinated a long time, but I finally migrated my self-hosted Git instance from Gitea to Forgejo. I still don’t know how to pronounce it, but it’s maintained by Codeberg e.V., where I’m also a member.

• Spencer Lloyd DixoLloyd Dixon ☛ Cleaning up merged git branches: a one-liner from the CIA's leaked dev docs

  In 2017, WikiLeaks published Vault7 - a large cache of CIA hacking tools and internal documents. Buried among the exploits and surveillance tools was something far more mundane: a page of internal developer documentation with git tips and tricks.

  Most of it is fairly standard stuff, amending commits, stashing changes, using bisect. But one tip has lived in my ~/.zshrc ever since.

• Brandon Simmons ☛ Linking Smaller Haskell Binaries

  Haskell binaries can get quite large (think ~100MB), especially for projects with many transitive dependencies. Here are two strategies that can help at link time, the latter being more experimental.

  I used the test-pandoc binary from pandoc on GHC 9.2.5 below. This was nice because obviously it was easy to test if linking broke anything (just run the tests).

• Python

  • University of Toronto ☛ Parsing hours and minutes into a useful time in basic Python

    Suppose, not hypothetically, that you have a program that optionally takes a time in the past to, for example, report on things as of that time instead of as of right now. You would like to allow people to specify this time as just 'HH:MM', with the meaning being that time today (letting people do 'program --at 08:30'). This is convenient for people using your program but irritatingly hard today with the Python standard library.