news
Programming Leftovers
-
Kevin McDonald ☛ The Case for Greppable Code
Imagine staring at a production log with a generic error in a function called processData(). You search the codebase, only to find forty different functions with that exact name spread across five repositories. This is the opposite of searchable code.
Greppability[3] is a measure of how easily a human can find specific logic using simple text search. Modern IDEs are great, but greppability is the safety net for when they fail: during code reviews, in terminal sessions, while scanning traces, or when navigating a massive mesh of microservices.
-
Buttondown LLC ☛ People get confused when language implementations break language guarantees
I don't actually have any fix for this. I just find it a fascinating example of a leaky abstraction. Maybe we could write a code highlighter that highlights all functions that transitively use a "weird" function or something.
-
Andrew Nesbitt ☛ brief
Anyone landing in an unfamiliar repo, whether that’s a new contributor, a security scanner, or an AI coding agent, has to answer the same handful of questions before doing anything useful: what language is this, how do I install dependencies, what’s the test command, which linter do I run before committing, and for a security review, which functions in this stack are the dangerous ones.
-
Frederick Vanbrabant ☛ Good architecture shouldn't need a carrot or a stick
As architects, our customers are typically internal colleagues, so let’s try to step into the shoes of our customers.
You (as a non-architect) want to pitch a project to automate a part of your teams work process. They tell you that to start doing that you need to fill in x amount of documents and present your project to a board of people you’ve never heard of. Yeah, I don’t want to do that. I got approval from my boss that I can do the project, who are these people that I need to spend two weeks of document gathering for that can block everything.
Alternatively you get someone placed in your team that has a lot of ownership of the project and can dictate how you should handle your project. Also, not exactly ideal. More meetings, more things to keep track of, and most importantly: how will my end process even look like?
What if there is a 3rd way?
-
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: RcppArmadillo 15.2.6-1 on CRAN: Several Updates
widely used by (currently) 1263 other packages on CRAN, downloaded 45.7 million / vignette) by Conrad and myself has been cited 683 times according
This versions updates to the 15.2.5 and 15.2.6 upstream Armadillo releases from, respectively, two and five days ago. The package has already been updated for Debian, and built for r2u.
-
Perl / Raku
-
Rakulang ☛ 2026.16 Selkie TUI Framework
Matt Doughty has served up a double helping of Selkie this week. This is a TUI (Terminal User Interface) module written in Raku that provides a simple, declarative way to roll your own TUI app in Raku. Please do check it out – I look forward to seeing a crop of Raku TUIs to feature in the weekly.
-
-
Ruby
-
Ruby ☛ CVE-2026-41316: ERB @_init deserialization guard bypass via def_module / def_method / def_class
We published security advisory for CVE-2026-41316.
-
Ruby ☛ Ruby 4.0.3 Released
Ruby 4.0.3 has been released.
This release only contains ERB 6.0.1.1, which fixes CVE-2026-41316.
If your application calls Marshal.load on untrusted data AND has both erb and activesupport loaded, please update your ERB to 4.0.3.1, 4.0.4.1, 6.0.1.1, 6.0.4 or later. You may use this Ruby 4.0.3 release to do so.
-
-
Rust
-
Niko Matsakis: Symposium: community-oriented agentic development [Ed: Rust People entertaining slop, not code]
I’m very excited to announce the first release of the Symposium project as well as its inclusion in the Rust Foundation’s Innovation Lab.
-