news
Programming Leftovers
-
APNIC ☛ Rising CVEs in the AI epoch
At first glance, the headline figure is striking. CVE volume is tracking more than 46% above the original forecast, pointing to roughly 66,000 vulnerabilities for the year. However, the authors caution against treating this as a crisis. Instead, they argue that the surge reflects predictable structural shifts, particularly the rapid scaling of AI‑assisted discovery and expanded vulnerability cataloguing.
Their central point is simple. More vulnerabilities do not necessarily mean more risk.
-
Chris ☛ Data-directed programming in Haskell (SICP 2.4.3)
I have a copy of sicp, or as it is also known, The Wizard Book.11 (Structure and Interpretation of Computer Programs; Abelson and Sussman; mit Press; 1996.) This book is widely praised, but I can’t take the time to work my way through all of it. Instead, I’m going to occasionally jump into the parts of it that look interesting. Last week, we looked at tagged data in Haskell. The authors of sicp weren’t convinced that’s the best approach, so they move on to data-directed programming. We’ll do the same.
-
Colin Breck ☛ When Impressive Performance Gains Do Not Matter
Performance work can be incredibly challenging, but it is also a discipline for intimately understanding complex systems and engineering better products.[9] Just be sure that incredible gains in performance actually have the desired outcomes.
-
Kevin McDonald ☛ Proxy, Record, and Mock gRPC APIs with FauxRPC
In FauxRPC, I built a tool to generate fake data from Protobuf schemas dynamically. But I wanted to go further. I wanted to make mocks a natural byproduct of running your development environment. That is why I introduced Proxy Mode and Auto-Recording.
By placing FauxRPC in front of a real upstream service, it acts as a smart proxy: intercepting traffic, forwarding it to the upstream server, and writing out reusable mock stubs to disk. It even generates intelligent matching rules automatically.
-
Josep Bigorra ☛ Hacking Freedom: Compiling GNU Emacs from Source - jointhefreeworld
By compiling GNU Emacs directly from the upstream Savannah repositories, you unlock the absolute bleeding edge of the extensible, self-documenting operating system disguised as a text editor.
True autonomy over your computing environment sometimes involves building your own tools and customizing many programs.
-
Ruby ☛ Ruby 3.4.10 Released
Ruby 3.4.10 has been released.
This release is a regular stable package release contains the version update of bundled gem net-imap. The net-imap.gem update contains some security fixes. Please see the release note of net-imap v0.5.15 for the detailed update of net-imap.gem.
-
Zig ☛ Devlog ⚡ Zig Programming Language
Now that there is a separate process for users’ build.zig scripts and the build system itself, it makes sense for that to be the place that package management logic lives.
I moved these subcommands to the maker process: [...]
-
Chris ☛ Data-directed programming in Haskell (SICP 2.4.3)
time to work my way through all of it. Instead, I’m going to occasionally jump into the parts of it that look interesting. Last week, we looked at tagged data in Haskell. The authors of SICP weren’t convinced that’s the best approach, so they move on to data-directed programming. We’ll do the same. -
Dirk Eddelbuettel ☛ Dirk Eddelbuettel: tl 0.0.2 on CRAN: First Update
The still-very-new logging package tl was just updated for the first time at CRAN. The tl package wraps the (also very new) rspdlite package to offer a lightweight and consistent logging interface from both R and C++ that enjoys being ‘tiny, fast, capable’ thanks to spdlite. With tl we follow the same idea that our spdl package introduced: a simple consistent interface via just the
tl::prefix and the appropropriate logging level. In other wordstl::debug("Alert: foo now '{}'", foo)will work from both R and C++ (given a variablefoo, and, in the case of C++, an extra semicolon) and log if the current level is ‘debug’ or higher, and skip logging if not. -
Rlang ☛ rOpenSci News Digest, June 2026
Dear rOpenSci friends, it’s time for our monthly news roundup! You can read this post on our blog. Now let’s dive into the activity at and around rOpenSci!
-
Perl / Raku
-
Perl ☛ JSON::JSONFold - a CPAN module for compact, readable JSON formatting
JSON serializers tend to give us two choices: compact JSON, which is efficient but a dense wall of text that's painful to read, or pretty-printed JSON, which is readable but often wastes a lot of vertical space (a small array of numbers can turn into ten lines).
-
-
Python
-
Didier Stevens ☛ Update: base64dump.py Version 0.0.30
-
Trail of Bits ☛ Shipping post-quantum cryptography to Python
Post-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency, we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyca/cryptography.
-
-
Shell/Bash/Zsh/Ksh
-
Sal ☛ Fish shell
Fish shell, how do I love thee? Let me count the ways.
-
-
Rust
-
Rust Blog ☛ The Rust Programming Language Blog: Announcing Rust 1.96.1
The Rust team has published a new point release of Rust, 1.96.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.
-