Webtagr - Technology News Summarizer

Malicious nx Packages on npm: Credential Theft and System Shutdown

2025-08-27

Multiple versions of the npm package 'nx' (including 21.5.0, 20.9.0, etc.) were maliciously compromised. An attacker used a stolen npm token to publish packages containing code that scans the user's file system, collects credentials (GitHub, system passwords, etc.), and uploads this information to a GitHub repository under the user's account. The malicious code also modifies the user's `.zshrc` and `.bashrc` files to execute `sudo shutdown -h 0` upon terminal launch, potentially shutting down the system. Affected users should immediately update their 'nx' package to the latest version and check their GitHub for compromised repositories. Nx has removed the malicious packages and implemented enhanced security measures, including mandatory 2FA and the new Trusted Publisher mechanism for all npm packages.

(github.com)

Development

C++-style OOP in C: Kernel Services via Function Pointers

2025-08-27

This article details how the author implemented a virtual table (vtable) mechanism in their operating system kernel using C's function pointers and structs, mimicking object-oriented programming. This approach enables unified management of kernel services like starting, stopping, and restarting, and allows for flexible scheduling policy changes without extensive code modification. The author explains the implementation and application of vtables with examples of device drivers and service management, discussing the advantages and disadvantages. While the C syntax leads to slightly verbose code, this method enhances readability and maintainability, improving kernel flexibility and extensibility.

(oshub.org)

Development

Delphi TensorFlow Lite Image Classifier

2025-08-27

This Delphi code implements a simple TensorFlow Lite image classifier. It loads a model file, preprocesses image data from an Image1 component, and feeds the data to a TensorFlow Lite interpreter for inference. The inference results, probabilities for each class, are displayed in a ListView1 component. The code includes error handling and resource release mechanisms for stability.

(learndelphi.org)

Development Image Classification

Urgent: Malicious nx Build Kit Steals GitHub Keys

2025-08-27

A malicious post-install command in the popular nx build kit has been discovered, creating a repository prefixed with 's1ngularity-repository' on affected users' GitHub accounts. This malware steals wallets, API keys, and environment variables, storing them in a base64-encoded file. Cleverly, it leverages LLMs like Claude Code CLI or Gemini CLI to offload much of its fingerprintable code to a prompt, making detection harder. Impacted versions of nx have been removed from npm. Users should immediately check their GitHub accounts, update nx to the latest safe version, and rotate any compromised secrets.

(semgrep.dev)

Development nx build kit github security

Intentionally Slowing Down Programs: A Surprising Boost to Developer Tool Accuracy

2025-08-27

Most research on programming language performance focuses on speeding up programs, but a new study explores the benefits of intentionally slowing them down. By inserting NOP or MOV instructions into program basic blocks, researchers achieved fine-grained control over program execution, leading to more precise race condition detection, speedup simulation, and profiler accuracy assessment. Experiments on an Intel Core i5-10600 showed that NOP and MOV instructions are best suited for this purpose, opening new avenues for future advanced developer tooling.

(stefan-marr.de)

Development profilers

QEMU 10.1 Released: Enhanced Architecture Support and Performance Improvements

2025-08-27

QEMU 10.1 is out, boasting enhanced support for multiple architectures including RISC-V, Arm, and x86, alongside significant performance improvements. New instruction set support (SME2, SVE2, etc.) has been added, along with new board models and virtualization features. Existing functionalities have also seen upgrades, such as improved floating-point exception emulation, optimized block device operations, and network performance boosts. Notably, Rust support has been enhanced but remains experimental.

(wiki.qemu.org)

Development System Emulation

Monodraw: System Requirements and FAQs

2025-08-27

Monodraw requires macOS 11 Big Sur or later. Older macOS versions can use v1.3 (macOS 10.10 Yosemite) or v1.5 (macOS 10.14 Mojave). The command-line tool is only included in versions downloaded directly from our website and purchased from our store due to App Store sandbox restrictions. Feedback can be sent via email or tweet @Monodraw. Your email address will not be shared with third parties; it's only used for important updates and product news. A press kit is available for download, and educational pricing is offered. Monodraw does not collect any user data.

(monodraw.helftone.com)

Development

FilterQL: A Tiny Query Language for Filtering Structured Data

2025-08-27

FilterQL is a lightweight query language for filtering structured data. It consists of a TypeScript library and a language specification, with implementations in other languages welcome. Users define a schema for their data and then use a concise syntax to filter, sort, and limit results, such as `genre == Action` or `year >= 2008 && rating >= 8.5 | SORT rating desc`. FilterQL supports a variety of comparison and logical operators, and allows for custom operations to extend its capabilities. It's perfect for building CLIs or other tools needing flexible data filtering.

(github.com)

Development typescript

WebLibre: A Privacy-Focused Browser Enters Alpha

2025-08-27

WebLibre is an independent browser project built on Mozilla's Gecko engine and Mozilla Android components. It offers a full-featured web browser with support for Firefox mobile add-ons, prioritizing privacy and usability. Currently in alpha, expect frequent updates, bugs, and breaking changes. Only F-Droid builds are free from Google dependencies.

(docs.weblibre.eu)

Development privacy browser Gecko engine alpha release

In the AI Era, Adaptable Tools Will Win

2025-08-27

In the age of AI, success hinges not on adapting to tools, but on tools adapting to you. The article contrasts Linear, a rigid tool, with Fibery, a flexible one, illustrating their diverging fates. Linear's inflexibility limits AI integration, while Fibery leverages LLMs to transform complex setups into simple prompts. LLMs shift the focus from solution design to problem definition; users describe needs in natural language, and AI handles the implementation. This highlights the power of malleable software, where configuration becomes fast and easy, allowing users to adapt to evolving needs, while rigid tools fall behind. The article predicts that malleable software will gradually replace rigid counterparts in the coming years, becoming the dominant paradigm.

(www.mdubakov.me)

Development Malleable Software

Elegant Retry Loops: Avoiding Redundancy and Unexpected Sleeps

2025-08-27

The author explores writing an elegant retry loop that clearly bounds the number of retries, avoids spurious sleep after the last attempt, reports the original error if retrying fails, and avoids code duplication. Several approaches are compared, ultimately settling on a `try while` loop with an upper bound to guarantee termination, addressing boundary issues and potential runaway loops in previous solutions. While the final solution isn't perfect, it represents a significant improvement in brevity and robustness over previous attempts.

(matklad.github.io)

Development

Async: AI-Powered Collaborative Coding Workflow

2025-08-27

Async is an open-source developer tool that combines AI coding, task management, and code review into one streamlined workflow. Integrating Claude Code, Linear, and GitHub PRs, it automatically researches coding tasks, executes code changes in the cloud, and breaks work into reviewable subtasks, handling the entire workflow from GitHub issue to merged PR. Async excels with mature codebases, enforcing upfront planning, eliminating context switching, simplifying task tracking, and providing built-in code review. Built with FastAPI, Claude Code, and Google Cloud Platform, it supports desktop and mobile.

(github.com)

Development

LiteLLM: Hiring Founding Full-Stack Engineer

2025-08-27

LiteLLM, an open-source LLM gateway with 27K+ GitHub stars used by companies like NASA and Adobe, is rapidly expanding and seeking a founding full-stack engineer. The role focuses on unifying the format for calling 100+ LLM APIs (OpenAI, Azure, Bedrock, etc.) using the OpenAI spec, improving platform performance and reliability. The tech stack includes Python, FastAPI, JS/TS, Redis, Postgres, and more. Candidates should have 1-2 years of backend or full-stack experience, be comfortable maintaining high-performance infrastructure, and passionate about open-source.

(www.ycombinator.com)

Development

spaCy 3.8 Released: Powering Up Industrial-Strength NLP

2025-08-27

spaCy 3.8 is out! This advanced Natural Language Processing library for Python and Cython is built on cutting-edge research and designed for real-world applications. Supporting tokenization and training for 70+ languages, it boasts state-of-the-art speed and neural network models for tasks like NER, text classification, and more. It features multi-task learning with pretrained transformers like BERT, a production-ready training system, and easy model packaging, deployment, and workflow management. Check the release notes for details on improvements.

(github.com)

Development

Regolith: A Linear-Time Regex Library Preventing ReDoS Attacks

2025-08-27

Regolith is a server-side TypeScript and JavaScript library built with Rust to prevent Regular Expression Denial of Service (ReDoS) attacks using a linear regex engine. Unlike the default RegExp in TypeScript and JavaScript (which has exponential worst-case time complexity), Regolith boasts linear worst-case complexity, effectively mitigating ReDoS vulnerabilities. Designed as a drop-in replacement for RegExp, it minimizes migration effort, allowing developers to easily build ReDoS-resistant software. Still early in development, Regolith welcomes community contributions.

(github.com)

Development Regular Expression

rv: A Revolutionary Ruby Language Manager

2025-08-27

After a decade of working on Bundler, the author has finally created rv, a new kind of Ruby management tool. rv not only manages gem dependencies but also Ruby versions, installing pre-compiled Rubies to eliminate lengthy compilation times. More importantly, rv makes running any Ruby script or tool trivial, even if it requires a different Ruby version. Inspired by uv (a similar tool for Python), cargo, and npm, rv boasts speed, reliability, and innovative features like `rv tool run` and `rv tool install`, simplifying Ruby environment management and dramatically boosting developer productivity.

(andre.arko.net)

Development

Artanis: A Guile-based Web Framework Born from a Hackathon

2025-08-27

Artanis is a web framework written in GNU Guile. Its creation stemmed from an internal GNU discussion about website development languages. The author proposed using Guile, and received approval from RMS. Later, during a Guile community hackathon, Artanis was officially launched and developed.

(artanis.dev)

Development

20x Faster PostgreSQL Hash Partitioning: Bypassing Catalog Lookups

2025-08-27

PostgreSQL's hash partitioning incurs catalog lookup overhead in high-throughput applications. This article presents an optimization technique that bypasses PostgreSQL's catalog lookups by pre-calculating partition indices in the application layer. Using the Ruby gem `pg_hash_func` or directly calling PostgreSQL's hash functions can speed up queries by more than 20 times, significantly reducing latency. This approach is suitable for performance-critical scenarios and offers more choices in balancing simplicity and performance.

(www.shayon.dev)

Development Hash Partitioning

Reverse Engineering Apple's M1 GPU: Open-Source Drivers Make Linux Gaming Soar

2025-08-27

Beginning in 2020, Hector Martin, a University of Toronto computer science student, launched the Asahi Linux project to bring Linux to Apple's M1 chip. Collaborating with an engineer at Collabora, he reverse-engineered the M1's GPU, gradually achieving graphics acceleration and ultimately achieving full support for OpenGL 4.6, Vulkan 1.4, and OpenCL 3.0, enabling Proton gaming. This not only debunked the myth that Vulkan is unsuitable for Apple hardware but also contributed a high-quality driver to the open-source community, dramatically improving the Linux gaming experience on the M1 chip.

(rosenzweig.io)

Development Open Source Driver

Uncomfortable Truths About Google's Android Developer Verification

2025-08-27

This blog post raises serious concerns about Google's upcoming Android developer verification program. Using the example of the ICEBlock app developer, who faced threats after revealing their identity, the post argues the program could harm developers needing anonymity. Five key questions are posed: How will legitimate needs for developer anonymity be addressed? Which civil society organizations were consulted, and what were the results? How should Google's privacy policy regarding sharing personal information be interpreted? How will the program handle debug keystores and duplicate package names commonly used in app development? What are the implications for those learning Android development? The post urges Google to engage in discussions and provides a feedback form.

(commonsware.com)

Development

arXivLabs: Community Collaboration on arXiv Feature Development

2025-08-26

arXivLabs is a new collaborative framework enabling developers to build and share new arXiv features directly on the arXiv website. Individuals and organizations participating in arXivLabs embrace arXiv's values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners who share them. Got an idea for a project that will benefit the arXiv community? Learn more about arXivLabs!

(arxiv.org)

Development

TTY Demystified: A Deep Dive into the Linux Console

2025-08-26

This article provides a comprehensive explanation of the Linux TTY subsystem. Tracing its history from 19th-century stock tickers to modern virtual terminals, it details the roles of UART drivers, line disciplines, TTY drivers, and signal handling. The article also covers process states, job and session management, flow control, and blocking I/O, using clear diagrams and examples. It unravels the complexities of the Linux console, offering deep insights for developers and advanced users.

(www.linusakesson.net)

Development Console

The John McPhee Method: A Deep Dive into Nonfiction Writing

2025-08-26

This article details the writing process of renowned author John McPhee, emphasizing a meticulous, multi-stage approach. He begins by accumulating extensive notes from research and interviews, meticulously organizing them into thematic buckets. Structure is then carefully crafted before any actual writing commences. This avoids writer's block and allows for a smoother, more efficient writing process. The author also shares their adaptation of the McPhee method, using Emacs' org-mode for streamlined note management.

(jsomers.net)

Development Note Organization

The Death of SSL Certificate Management (as We Know It)

2025-08-26

Managing SSL certificates is becoming a nightmare. What was once a quarterly task is now a weekly struggle, driven by increasingly stringent validation requirements and drastically shortened certificate lifespans—down to a mere 47 days by 2029! This escalating burden is pushing organizations towards platform-integrated certificate management or free alternatives like Let's Encrypt, potentially disrupting the traditional CA market. The author questions whether these changes genuinely enhance security or simply add unnecessary overhead for already strained IT teams.

(www.chrislockard.net)

Development certificate management

Linear Scan Register Allocation: Handling Lifetime Holes

2025-08-26

This post details improvements to the linear scan register allocation algorithm to handle lifetime holes. The author explains how lifetime holes arise from reducing the control flow graph to a linear instruction sequence, creating discontinuities in virtual register lifetimes. The solution involves modifying the interval data structure to support multiple disjoint ranges, allowing the identification and exploitation of these holes. The linear scan algorithm is then adapted to consider these holes during register assignment, improving register utilization. This enhances the compiler's ability to leverage register resources, ultimately boosting code performance.

(bernsteinbear.com)

Development linear scan algorithm

Aligning Polynomial Features with Data Distribution: The Attention-Alignment Problem in ML

2025-08-26

This post explores aligning polynomial features with data distribution for improved machine learning model performance. Orthogonal bases produce informative features when data is uniformly distributed, but real-world data isn't. Two approaches are presented: a mapping trick, transforming data to a uniform distribution before applying an orthogonal basis; and multiplying by a carefully chosen function to adjust the orthogonal basis's weight function to align with the data distribution. The first is more practical, achievable with Scikit-Learn's QuantileTransformer. The second is more complex, requiring deeper mathematical understanding and fine-tuning. Experiments on the California housing dataset show that near-orthogonal features from the first method outperform traditional min-max scaling in linear regression.

(alexshtf.github.io)

Development polynomial features feature engineering

Dangerous Career Advice: A Sharp Tool for Strong Engineers

2025-08-26

This article argues that effective career advice, like sharp tools, can be immensely helpful or incredibly harmful depending on its use. Much career advice is superficial and lacks practical application. The author encourages engineers to embrace 'dangerous advice,' breaking conventions to achieve high efficiency. While risky, the rewards outweigh the risks for strong engineers. The author cautions that this advice isn't suitable for weaker engineers.

(www.seangoedecke.com)

Development

From Ruby to Python: A Programmer's Evolving Preferences

2025-08-26

A seasoned Ruby programmer shares their journey of evolving programming language preferences. Initially, they cherished Ruby's elegance and conciseness, but over time, Python's improvements, especially the introduction of type hints and pattern matching, shifted their perspective. They found Python's strengths in team collaboration and ultimately chose it as their primary language, highlighting the importance of practicality and team dynamics in a programmer's language choice.

(sgt.hootr.club)

Development

timep: A blazing-fast Bash profiler with built-in flamegraphs

2025-08-26

timep is a state-of-the-art trap-based profiler for bash code. It generates per-command execution time profiles, hierarchically logging command runtimes and metadata based on function and subshell nesting. The latest release (v1.3) is fully self-contained, including a compressed binary and a flamegraph generator. Major refactorings have dramatically improved performance; a test with ~67,000 commands now runs in 5 minutes (down from 20!). timep offers detailed and summarized profiles, plus visually insightful flamegraphs, simplifying the analysis and optimization of Bash code.

(github.com)

Development Bash profiling Flamegraphs Performance optimization

Fenster: A Minimal Cross-Platform 2D Canvas Library

2025-08-26

Fenster is a minimalistic cross-platform 2D canvas library reminiscent of Borland BGI or QBASIC graphics. It offers a single application window, a 24-bit RGB framebuffer, cross-platform keyboard/mouse input, and audio playback—all with minimal code. A simple polling API avoids callbacks or multithreading. It boasts C99, Go, Zig, and Lua bindings, and yes, it can even run Doom!

(github.com)

Development 2D graphics

Category: Development