Webtagr - Technology News Summarizer

Go 1.25's Experimental JSON Packages: Performance Boost and Stricter Syntax

2025-09-10

Go 1.25 introduces experimental `encoding/json/v2` and `encoding/json/jsontext` packages to improve Go's JSON encoding and decoding capabilities. These address shortcomings in the existing `encoding/json` package, such as imprecise JSON syntax handling, performance bottlenecks, and API deficiencies. Improvements include stricter handling of invalid UTF-8, duplicate keys, and nil slices/maps. Streaming processing significantly improves performance, especially unmarshaling. While largely backward compatible, developers are encouraged to test with `GOEXPERIMENT=jsonv2` and provide feedback.

(go.dev)

Development

arXivLabs: Community Collaboration on New arXiv Features

2025-09-10

arXivLabs is an experimental framework enabling collaborators to develop and share new arXiv features directly on the website. Participants, including individuals and organizations, share arXiv's values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners who adhere to them. Have an idea to enhance the arXiv community? Learn more about arXivLabs.

(arxiv.org)

Development

Bottlefire: Container Images to Zero-Dependency Linux Executables

2025-09-10

Bottlefire transforms container images into standalone, zero-dependency Linux executables that bundle Firecracker and automatically launch microVMs. Users can run these executables on any modern amd64/arm64 Linux platform with KVM support without needing root privileges or complex system-level setups. Bottlefire microVMs feature zero-config userspace networking, port mapping, and host-to-VM directory sharing, offering the ease of use of containers. Simply download and run with a curl command for a surprisingly streamlined experience.

(bottlefire.dev)

Development microvm

Beyond print debugging: 7 superpowers of debuggers

2025-09-10

Tired of endless print statements for debugging? This article unveils seven hidden advantages of debuggers: inspecting the entire call stack, dynamically evaluating expressions (like a REPL), precisely catching exceptions, altering execution flow without code changes, standardizing project setup, simplifying collaboration, and providing a smoother onboarding experience for new contributors. Debuggers are not just code tracing tools; they're powerful weapons for boosting development efficiency and code quality, leading you from tedious print debugging to efficient development.

(mahesh-hegde.github.io)

Development

RISC-V Hypervisor in 1,000 Lines of Rust

2025-09-10

This online book teaches you how to build a minimal RISC-V hypervisor capable of booting Linux-based operating systems using Rust. A sequel to 'Operating System in 1,000 Lines', it starts from bare-metal programming and leverages Rust's ecosystem to simplify development, aiming for a type-1 hypervisor in under 1,000 lines of code. Implementation examples are available on GitHub.

(1000hv.seiya.me)

Development Hypervisor

Synthesizing OOP and Functional Design for Reusability

2025-09-09

This 1998 ECOOP paper tackles the challenge of extending both tools and data types in evolving programs by combining the strengths of object-oriented and functional programming. Traditional approaches struggle to support both: functional programming excels at adding tools, while OOP excels at adding new tools or extending datasets, but not both simultaneously. The paper proposes a composite design pattern that synthesizes the best of both, suggesting new linguistic features for class-based languages to achieve extensibility without modifying existing code.

(cs.brown.edu)

Development code reuse

X Design Notes: Unifying OCaml Modules

2025-09-09

The author is designing a new programming language, X, aiming to combine PolySubML's type inference and structural subtyping with most of OCaml's functionality, particularly addressing the syntactic and conceptual differences between OCaml's module system and ordinary values. The post details how OCaml modules are unified in X, covering aspects like alias members in records, struct and sig syntax, module opening and inclusion, module extension, and abstraction with existential types. It proposes improvements to OCaml's module system, such as avoiding wildcard imports. The ultimate goal is a simpler, more understandable, and powerful programming language.

(blog.polybdenum.com)

Development

The End of Hand-Coding? A Developer's Perspective from Amazon to a Startup

2025-09-09

After leaving Amazon's AI coding assistant team, the author joined Icon, witnessing firsthand the AI revolution in software development. Amazon's slow processes and KPI-driven decisions hampered efficiency, unlike Icon's AI-powered approach where developers focus on design and user needs, automating much of the coding. The author predicts that pure coding skills will be less crucial, while user understanding, product strategy, and marketing will become paramount. Developers need to adapt, enhancing their skills in these areas to remain competitive in the age of AI.

(www.xipu.li)

Development

DuckDB npm Packages Compromised with Malware

2025-09-09

DuckDB's Node.js npm packages were compromised by a sophisticated phishing attack. Malicious versions of four packages were published, containing code designed to interfere with cryptocurrency transactions. Fortunately, these malicious versions appear not to have been downloaded before being identified and deprecated by the DuckDB team. The team swiftly responded by deprecating the malicious versions and releasing updated, safe versions. The attack involved a convincing fake npm website that tricked a maintainer into resetting their 2FA, granting the attackers the ability to publish the malicious packages. This incident underscores the importance of robust security practices, even for experienced developers.

(github.com)

Development

NPM Package Malware Attack & LavaMoat Defense

2025-09-09

A recent attack saw malicious code injected into the `is-arrayish` NPM package, aiming to steal ETH from user transactions. The malware achieved this by overriding browser functions like `fetch`, `XMLHttpRequest`, and `window.ethereum.request`. Instead of a detailed attack analysis, the article demonstrates how LavaMoat prevents such attacks. LavaMoat isolates each dependency's modules into separate lexical global contexts (Compartments), restricting access to globals and imports specified in a policy. This prevents malicious code from altering transaction addresses. Even sophisticated malware would struggle to bypass LavaMoat's defenses.

(github.com)

Development NPM security

Visual Guide to Rust's Type System

2025-09-09

RustCurious.com presents a visual guide to Rust's type system, using an interactive chart to categorize all possible types in Rust. The guide focuses on `lang_items` – built-in types and traits supporting specific syntax – to demystify what can be built purely in library code. `Vec`, `String`, and `HashMap` are excluded as they are simply structs. Rust's clear separation of a platform-independent core allows for no_std crates, crucial for embedded firmware and other systems where a dynamic heap isn't available.

(rustcurious.com)

Development

Taming Legacy Code: A Summary of Michael Feathers' "Working Effectively with Legacy Code"

2025-09-09

This article summarizes the core ideas of Michael Feathers' classic book, "Working Effectively with Legacy Code." The book argues that the crux of legacy code is the lack of tests. To safely modify legacy code, tests must be added first. This is challenging because adding tests requires modifying the code, creating a paradox. The book outlines steps for identifying change points (Seams), breaking dependencies, writing tests, and refactoring, along with incremental testing techniques (Sprout and Wrap) and a technique to quickly understand code (Scratch Refactoring). The author emphasizes the importance of unit tests and introduces characterization tests to capture the existing code's behavior. Finally, the article advises avoiding direct dependency on library implementations to reduce maintenance costs.

(understandlegacycode.com)

Development

Singular vs. Plural Database Table Names: The Case for Singular

2025-09-09

A common debate in database design revolves around whether table names should be singular or plural. While plural names (e.g., `users`) seem intuitive, the author argues that singular names (e.g., `user`) offer significant advantages. Singular names improve readability in SQL joins and prevent inconsistencies with ORMs that automatically pluralize names. Maintaining singular names ensures schema consistency and avoids potential naming conflicts.

(www.teamten.com)

Development

CRDTs: The Key to Strong Eventual Consistency

2025-09-09

CRDTs (Conflict-free Replicated Data Types) are data structures that can be replicated across multiple nodes, edited independently, and merged seamlessly. This article delves into how CRDTs achieve Strong Eventual Consistency (SEC), a more robust model than traditional eventual consistency. SEC ensures that even with independent updates across multiple nodes, conflicts are resolved automatically and deterministically, leading to low latency, high fault tolerance, and offline functionality. The author argues that CRDTs are fundamental building blocks for strongly eventually consistent systems, with applications extending far beyond collaborative editing and multiplayer to-do lists, into distributed databases and beyond.

(lewiscampbell.tech)

Development Strong Eventual Consistency Distributed Databases

Contracts for C: A Proof of Concept

2025-09-09

This article explores bringing the concept of contracts from C++ to the C language. The author proposes a solution using `contract_assert` and `contract_assume` macros for precondition and postcondition checks respectively. The `defer` macro and C23's `unreachable` macro simplify postcondition expression. The article demonstrates how inline functions and helper functions can add contract checks without altering core function implementations, leveraging compiler optimizations. While further interface specification refinement is needed, this article provides a viable proof of concept for contracts in C.

(gustedt.wordpress.com)

Development Contracts

A Graceful Approach to Adblock Detection: A Subtle Prompt

2025-09-09

Tired of internet ads polluting the web and the meager income they generate, the author implemented a clever solution: a non-intrusive prompt suggesting users employ ad blockers like uBlock Origin for a better online experience. The prompt only appears if no ad blocker is detected and sufficient space is available, offering an easy close button and a cookie mechanism to prevent repetition. The code is clean, using JavaScript and CSS, and considers various ad-blocking methods and browser compatibility.

(maurycyz.com)

Development

Massive NPM Package Supply Chain Attack: Millions of Downloads Compromised

2025-09-09

A significant supply chain attack targeted the npm ecosystem, compromising multiple packages with over 2.6 billion weekly downloads. Attackers used phishing emails to gain access to a maintainer's account, subsequently injecting malware into several widely used packages. This malware intercepts cryptocurrency transactions in the browser, redirecting funds to attacker-controlled wallets. While some malicious versions have been removed by the NPM team, the incident highlights the vulnerabilities of software supply chains and the growing threat of phishing and browser-based attacks. The impact was mitigated somewhat as it only affected users with fresh installs during a narrow time window.

(www.bleepingcomputer.com)

Development

Nova Launcher's Uncertain Future: Open Source Promise in Jeopardy?

2025-09-09

Following last year's layoffs of nearly the entire Nova Launcher team, founder Kevin Barry has left the company after being asked to cease development and open-sourcing efforts. Nova's website is down, and the future of the popular Android launcher is uncertain. Branch Metrics, which acquired Nova, previously stated that open-sourcing was a contractual obligation if Barry left. However, with both Barry and the former CEO gone, this promise remains unfulfilled, prompting a community petition demanding open-sourcing.

(www.theverge.com)

Development Android Launcher

Nova Launcher Founder Departs, Open-Source Plans Shelved

2025-09-09

Kevin Barry, founder of Nova Launcher, announced his departure from Branch and the halting of Nova Launcher's open-sourcing efforts. Despite Branch's prior commitment to open-sourcing the code upon Kevin's departure, this promise ultimately went unfulfilled. Kevin had spent the past year solely maintaining Nova Launcher and had undertaken significant preparation for its open-source release, including code cleanup and license review. This move has caused concern and regret within the community, leaving the future of this popular launcher uncertain.

(teslacoilapps.com)

Development Departure

LLVM IR Gains Byte Type: Native Support for Raw Memory Operations

2025-09-09

A Google Summer of Code 2025 project under the LLVM Compiler Infrastructure successfully added a new byte type to the LLVM IR, representing raw memory values. This enables native implementation of memory intrinsics like memcpy, memmove, and memcmp, fixes unsound transformations, and unlocks new optimizations, all with minimal performance overhead. The project addressed LLVM's longstanding lack of a type for representing raw memory, improving compiler correctness and optimization through pointer provenance tracking and precise poison bit representation. Clang's handling of C/C++ raw memory access types was also improved, along with fixes for several unsound optimizations.

(blog.llvm.org)

Development

Recreating Apple's WWDC 2025 Liquid Glass Effect with CSS, SVG, and Physics

2025-09-09

This article delves into recreating the stunning Liquid Glass UI effect showcased at Apple's WWDC 2025. It uses CSS, SVG displacement maps, and physics-based refraction calculations to achieve a convincing approximation. The author explains the principles of refraction, detailing how light bends when passing through different materials and how mathematical functions describe the glass surface shape. SVG displacement maps are then employed to simulate the refraction effect. The article culminates in creating UI components, such as magnifying glasses, search boxes, switches, and sliders, with the Liquid Glass effect. Note that optimal performance is currently seen in Chrome due to browser compatibility with SVG filters as backdrop-filter.

(kube.io)

Development

Massive npm Package Supply Chain Attack: 2 Billion Weekly Downloads Compromised

2025-09-09

On September 8th, security researchers discovered a massive supply chain attack targeting 18 popular npm packages, accumulating over 2 billion weekly downloads. The malware silently intercepts crypto and Web3 activity in browsers, manipulating wallet interactions and redirecting funds to attacker-controlled accounts. The attacker compromised the maintainer's account via phishing emails, silently updating the packages. While some affected packages have been cleaned, caution is advised; utilize secure npm package management practices.

(www.aikido.dev)

Development

Grid-Aware Websites: Making Your Site Greener

2025-09-08

This article explores the concept of 'grid-aware websites,' which adjust website performance based on the percentage of renewable energy in the user's electricity grid to reduce carbon emissions. The author demonstrates grid-awareness implementation in 11ty and Astro frameworks using an e-commerce product display page example, detailing technical implementation, challenges, and future directions. The core idea is to dynamically adjust website functionality based on grid energy cleanliness, simplifying pages and reducing resource consumption on 'dirty' grids to lower the website's carbon footprint. While facing API cost and cross-stack collaboration challenges, this technology has the potential to become a significant tool for improving website sustainability.

(www.nicchan.me)

Development green web

Running LLMs Locally on macOS: A Skeptic's Guide

2025-09-08

This blog post details the author's experience running large language models (LLMs) locally on their macOS machine. While expressing skepticism about the hype surrounding LLMs, the author provides a practical guide to installing and using tools like llama.cpp and LM Studio. The guide covers choosing appropriate models based on factors like size, runtime, quantization, and reasoning capabilities. The author emphasizes the privacy benefits and reduced reliance on AI companies that come with local LLM deployment, offering tips and tricks such as utilizing MCPs to extend functionality and managing the context window to prevent information loss. The post also touches on the ethical concerns surrounding the current state of the AI industry.

(blog.6nok.org)

Development

Package Managers: Pandora's Box of Programming?

2025-09-08

This article critically examines the downsides of package managers in programming languages. The author argues that package managers automate "dependency hell," masking project complexity, and leading to excessive trust in third-party code. Especially in languages lacking robust standard libraries, inconsistent package definitions by different managers can even lead to "package manager managers." The author advocates for manual dependency management, believing it forces developers to think critically about dependencies and improves code stability and maintainability. While acknowledging the time cost, the author argues the security and control outweigh the convenience of automation, using Go's comprehensive standard library as an example.

(www.gingerbill.org)

Development package managers

Feature Comparison: Two Powerful Photo & Video Management Apps

2025-09-08

This comparison analyzes the features of two photo and video management applications. Both support uploading and viewing videos and photos, auto-backup, duplicate prevention, selective album backup, downloading to local devices, multi-user support, albums and shared albums, scrubbable scrollbars, RAW format support, metadata viewing (EXIF, map), search by metadata, objects, faces, and CLIP, virtual scrolling, OAuth support, LivePhoto/MotionPhoto backup and playback, user-defined storage structures, public sharing, archiving and favorites, global map, partner sharing, facial recognition and clustering, memories (x years ago), stacked photos, and folder view. However, one app lacks administrative functions, background backup, 360-degree image display, tags, and offline support.

(github.com)

Development photo management video management app comparison

Visual Story-Writing: Interactive Storytelling through Visual Manipulation

2025-09-08

Visual Story-Writing is a system that lets users edit stories by manipulating visual representations of events, characters, and their actions. It uses GPT-4 to suggest text edits based on changes to the visualization (e.g., moving a character, connecting characters). Built with TypeScript, React, and Vite, it requires an OpenAI API key and includes video tutorials and an arXiv paper.

(github.com)

Development

ICEBlock App Developer Ignores Critical Security Vulnerabilities

2025-09-08

The ICEBlock app, downloaded over a million times, allows anonymous reporting of ICE sightings. However, its developer, Joshua Aaron, has ignored critical security vulnerabilities in his Apache server. Security researcher Micah Lee repeatedly warned Aaron and provided solutions, but Aaron ignored them and even blocked Lee's accounts. This raises serious concerns about user data security and highlights the app's irresponsible approach to security.

(micahflee.com)

Development application security vulnerability disclosure

Code Reading: A Superpower for Bug Hunting

2025-09-08

This post details a significant career shift: from iterative coding to proactively finding bugs. Instead of relying solely on test-driven iteration, the author advocates for carefully reading code to preemptively identify problems. The key, the author argues, is to carefully read code, build a complete mental model of the program, and then identify the differences between that model and the actual code in Git. The post suggests focusing on control flow and data structures, and identifying potential error-prone patterns in the code. This approach dramatically reduces bugs and improves code quality.

(matklad.github.io)

Development code reading bug finding

Turning Complaints into Contributions: A Leader's Guide

2025-09-08

Persistent complaining in teams impacts morale and productivity. This article explores the psychology behind complaints, including reinforcement, learned helplessness, locus of control, cognitive biases, and the need for belonging. Instead of suppressing or fixing complaints, leaders are urged to use inquiry to involve team members in solutions. Practical tools like reframing complaints, small group discussions, complaint harvesting, and meeting rituals are suggested to transform negative energy into constructive action. The focus is on shifting from blame to ownership and fostering a culture of contribution.

(andiroberts.com)

Development

Category: Development