Webtagr - Technology News Summarizer

PyPI Token Exfiltration via Compromised GitHub Actions

2025-09-20

A recent attack campaign targeted GitHub Actions workflows to steal PyPI publishing tokens. Attackers modified workflows in various repositories, sending PyPI tokens stored as GitHub secrets to external servers. While some tokens were exfiltrated, they weren't used on PyPI. All affected tokens have been invalidated, and impacted maintainers notified. Using GitHub Actions' Trusted Publishers is recommended to mitigate future attacks.

(blog.pypi.org)

Development Security Breach

MapSCII: Explore the World in Your Terminal

2025-09-20

MapSCII is a Node.js-based vector tile renderer that displays maps in Braille and ASCII characters within xterm-compatible terminals. Features include mouse-based drag and zoom, customizable layer styling (Mapbox Styles support), connection to public or private vector tile servers, and offline usage with local VectorTile/MBTiles. Installation is straightforward, supporting various operating systems and terminals. Highly optimized algorithms ensure a smooth experience. It's open-source, free, and uses OpenStreetMap data under the ODbL and CC BY-SA licenses.

(github.com)

Development

Scream Cipher: A Novel Use of Unicode Characters

2025-09-20

This article introduces a fun cryptographic algorithm – the "Scream Cipher" – that leverages the numerous variations of the Unicode character 'A' to encrypt text. A simple dictionary mapping substitutes standard letters with different 'A' characters for encryption and decryption. Python code demonstrates the algorithm's implementation, successfully encrypting and decrypting the sample text "SCREAM CIPHER." This showcases the richness of the Unicode character set, offering a unique, albeit simple, encryption method.

(sethmlarson.dev)

Development

AI Coding Assistants: Code Review is King

2025-09-20

Large language models excel at generating code, but lack the judgment of a seasoned software engineer, often leading to poor design choices. The author uses personal anecdotes to illustrate how AI coding assistants (like Codex and Claude Code), while powerful, require close supervision to prevent them from veering off into architectural dead ends. The author argues that mastering code review, particularly focusing on code structure and identifying opportunities for improvement, is crucial for effective use of these tools. Blind reliance or excessive micromanagement will hinder productivity. Ultimately, the author posits that current AI coding is more akin to 'centaur programming'—a collaboration between human and machine—rather than a complete human replacement.

(www.seangoedecke.com)

Development

XMonad Seeks Wayland Port Developer

2025-09-20

The XMonad development team has been collecting contributions for two years to fund a developer to port XMonad to Wayland. They now have sufficient funds but lack a suitable developer. The existing port is badly rotted, using an outdated and buggy version of wlroots. A key challenge is that Wayland programs lack unique identifiers for window management hooks. The team is seeking help on their Discourse forum, welcoming proposals from interested developers.

(xmonad.org)

Development

RMCP: Revolutionizing Statistical Analysis with Natural Language

2025-09-20

RMCP is a powerful Model Context Protocol (MCP) server offering 40+ statistical analysis tools covering regression, time series analysis, machine learning, and more. Users interact via natural language with AI assistants to seamlessly perform complex statistical modeling and data science tasks. RMCP supports various data import/export formats, includes intelligent error recovery, and simplifies the analysis workflow significantly. Its built-in natural language formula builder converts natural language descriptions into R formulas, providing visualizations. From business analysts and economists to data scientists, RMCP drastically improves efficiency.

(github.com)

Development

arXivLabs: Building New arXiv Features with Community Collaboration

2025-09-20

arXivLabs is a framework enabling developers to collaborate and share new arXiv features directly on the arXiv website. Participants must adhere to arXiv's values of openness, community, excellence, and user data privacy. Got an idea to improve the arXiv community? Learn more about arXivLabs!

(arxiv.org)

Development

Archy: A Programmable Text Editor Inspired by THE

2025-09-20

Archy is a powerful text editor where commands aren't predefined but are user-defined Python scripts. This allows for incredible flexibility; users can craft custom commands to perform actions such as web searches (GOOGLE command) or sending emails (EMAIL command). Unlike THE, Archy's commands exist as documents within the workspace, editable and modifiable on the fly without restarting. Archy also features version control, saving workspace versions for easy rollback. The article demonstrates creating and running custom commands, exploring Archy's design philosophy and its potential applications in modern platforms. The author laments the lack of similar approaches in modern, increasingly locked-down systems.

(arstechnica.com)

Development programmable

Four Ways to Find the Argmin of Floats in Rust (and Their Performance)

2025-09-20

This article explores four methods for quickly finding the index of the minimum value in a large array of floating-point numbers in Rust. The first method uses `min_by` and `total_cmp`, taking 511 microseconds; the second uses `reduce`, taking 489 microseconds; the third uses `partial_cmp`, taking 470 microseconds; and the fourth leverages the bit representation of positive floats, converting them to `u32` for comparison, taking only 370 microseconds – a 30% speedup. The fourth method proves most efficient for arrays containing only positive numbers, cleverly exploiting the internal representation of floats to avoid complex comparisons.

(algorithmiker.github.io)

Development

Compiling with Continuations: A Retrospect and Review

2025-09-20

This review revisits Appel's 1992 book, "Compiling with Continuations." The author delves into the book's detailed explanation of compilation techniques using continuations, covering topics such as the MiniML language, lexing, parsing, the CPS language, closure conversion, register spilling, and the virtual machine. While lacking exercises and showing its age in some aspects, the book offers valuable insights into Standard ML and continuation-passing style, particularly for those studying compiler design and functional programming. However, ambiguities in implementation details and a lack of discussion on modern compiler technology make for a challenging read.

(swatson555.github.io)

Development continuations

C0: A High-Performance Read-Through Cache for Object Storage

2025-09-20

C0 is a high-performance HTTP API designed for caching immutable blobs in object storage. It leverages a hybrid memory and disk cache (powered by foyer) and works with any S3-compatible backend, but uses its own /fetch API requiring a precise Range header. Employing a fixed page size of 16 MiB, C0 maps requested byte ranges to page-aligned lookups, coalesces concurrent requests for the same page, and uses hedged requests to manage object storage tail latency. It can even attempt redundant buckets. C0 offers extensive configuration options, including timeout settings, retry mechanisms, and bucket prioritization, and provides performance monitoring via /stats and /metrics endpoints. Docker images are available.

(github.com)

Development

CRAN's Reverse Dependency Checks: A Unique Approach to Software Maintenance

2025-09-20

A seasoned software engineer initially baffled by R's package manager, CRAN, and its reverse dependency checks, shares their experience. Unlike npm or PyPI, CRAN checks all packages depending on a submitted package before publication. The author recounts how CRAN's approach impacts software maintenance, highlighting its contribution to the stability of the R ecosystem. This experience ultimately shifted the author's perspective on software maintenance, leading to an understanding of the 'monorepo mindset'—developers taking responsibility for all projects relying on their code.

(jtibs.substack.com)

Development

Obsidian's Supply Chain Security: A Cautious Approach

2025-09-20

Obsidian, a note-taking app, employs a rigorous security strategy to mitigate supply chain attacks. This involves minimizing third-party dependencies, strictly version-pinning all dependencies with a lockfile and a thorough upgrade process (including line-by-line changelog reviews and extensive testing), avoiding postinstall scripts, and implementing a significant delay between dependency upgrades and releases to allow time for community and researcher detection of malicious versions. These measures significantly reduce Obsidian's vulnerability to supply chain attacks, ensuring user data security and privacy.

(obsidian.md)

Development

Zedis: A Redis-compatible In-Memory Data Store in Zig

2025-09-19

Zedis is a Redis-compatible in-memory data store written in Zig, designed for learning and experimentation. It implements core Redis protocol and data structures, focusing on simplicity, performance, and thread safety. It supports core Redis commands (GET, SET, INCR, etc.), multiple data types, and disk persistence (RDB), with pub/sub recently added. Zedis is easy to build and use, with a codebase following Zig conventions, featuring type-safe operations, explicit error handling, and comprehensive logging.

(github.com)

Development in-memory database

HDR and Tonemapping in GameMaker Shaders

2025-09-19

This article delves into handling High-Dynamic Range (HDR) colors in GameMaker shaders. GameMaker's default 8-bit unorm color format can lead to color clipping and inaccuracies when dealing with high-brightness scenarios, such as sun shaders. The author demonstrates the issues by comparing 6-bit and floating-point colors and showcases several common tonemapping functions (ACES, Uncharted2, Unreal, and tanh) to mitigate color clamping artifacts. Using the MandelBots project as an example, the article highlights the necessity of using HDR surfaces (surface_rgba16float) in complex lighting systems for improved color precision and blending.

(mini.gmshaders.com)

Development

The Enigma of Time Spent on Error Handling in Software Development

2025-09-19

A software engineer struggles to find research quantifying the time developers spend on error detection and handling code. While it's widely believed this constitutes a significant portion, perhaps exceeding two-thirds of production code, reliable figures are lacking. This contrasts with the precise quantification of various metrics in current AI research, highlighting a gap in understanding fundamental aspects of software engineering.

(third-bit.com)

Development code proportion

RFC: Linux Kernel Gains Multikernel Architecture Support

2025-09-19

Cong Wang submitted an RFC patch series introducing multikernel architecture support to the Linux kernel. This allows multiple independent kernel instances to coexist and communicate on a single physical machine, each running on dedicated CPU cores while sharing hardware resources. This improves fault isolation, enhances security, offers better resource utilization than traditional VMs, and potentially enables zero-downtime kernel updates. The implementation leverages the kexec infrastructure and a dedicated IPI framework for inter-kernel communication. This is a foundational RFC, primarily seeking feedback on the high-level design.

(lwn.net)

Development Multikernel

The Perils of Broken RSS Feeds: A 700+ Subscription Saga

2025-09-19

Maintaining over 700 RSS/Atom feeds, the author details the various ways these crucial information streams can break. From expired SSL certificates and server timeouts to misconfigured firewalls, server outages, changed feed URLs, parsing errors, feed deletion, and website deletion, the post provides a comprehensive list of common issues. Solutions include automated SSL renewal, server performance optimization, firewall rule adjustments, website monitoring, proper URL redirection, and regular feed validation. A passionate plea is made to keep RSS alive.

(notes.abhinavsarkar.net)

Development

The Death of the Curious Developer?

2025-09-19

This article laments a shift in developer culture. Once driven by curiosity and a passion for learning, leading to innovations like Linux and Git, developers now increasingly prioritize metrics, revenue, and scale. This often forces them to use technologies they dislike and build products they don't care about. The author argues this shift stifles innovation and creativity, urging developers to rediscover their curiosity and passion for creation, even if it's just to solve their own problems. The article emphasizes the importance of building for the joy of it, even if the project isn't commercially viable.

(dayvster.com)

Development

EU Data Act Kills Annual Recurring Revenue (ARR) in SaaS

2025-09-19

The EU Data Act, effective September 2025, dramatically alters the SaaS landscape in Europe. It mandates that all SaaS contracts with EU customers become “cancel anytime” subscriptions, requiring only two months' notice. This effectively ends the reliance on Annual Recurring Revenue (ARR) as a predictable metric. SaaS companies must adapt, focusing on pricing models, customer retention strategies, and mitigating involuntary churn due to customer oversight. Success will hinge on robust customer relationship management and operational resilience, not contract terms.

(paid.ai)

Development EU Data Act

Google Tightens Android Developer Verification: Offline Sideloading May Be Restricted

2025-09-19

Google is strengthening its Android developer verification system, requiring developers to register their identities and preventing the installation of unverified apps. While workarounds like ADB exist, recent Android SDK code suggests that even verified apps might be uninstallable offline. This means even safe apps could be blocked from installation without a network connection, potentially inconveniencing some users. The policy rolls out in a year, leaving time to refine details and find solutions.

(www.androidauthority.com)

Development

99 Stunning Physics Demonstrations: An Open-Source Teaching Resource

2025-09-19

This open-source book compiles 99 of the best and most beautiful physics demonstrations from the Dutch "ShowdeFysica" series, incorporating various teaching strategies to make demonstrations both magical and educational. It includes videos and readily runnable Python simulations without needing any software installation. Readers can search for demonstrations by topic and contribute suggestions via the online platform.

(interactivetextbooks.tudelft.nl)

Development physics teaching demonstrations open-source resource

Dynamo AI Hiring Senior Kubernetes Engineer for Enterprise AI Deployments

2025-09-19

Dynamo AI is seeking a Senior Kubernetes Engineer to lead enterprise customers through the entire journey from initial engagement to successful production deployment. This hands-on, customer-facing role involves deploying secure, scalable AI systems using Kubernetes, Helm, and cloud-native tools. The ideal candidate will have extensive Kubernetes and cloud platform experience, excellent communication skills, and US government security clearance or US citizenship. A 2-3 day per week in-office presence in San Francisco or New York is required.

(www.ycombinator.com)

Development

JIT-Compiling a Stack Machine with SLJIT: A Tale of Optimization

2025-09-19

This post details the author's journey in implementing a JIT compiler for their stack-based uxn virtual machine using SLJIT. Initial attempts yielded minimal performance gains due to uxn's frequent dynamic jumps. However, through a series of optimizations—including refined calling conventions, stack caching, and register allocation strategies—a 30-46% speedup was achieved. The article meticulously documents the optimization process, challenges encountered, and debugging techniques, providing valuable insights for those interested in JIT compilation and optimizing stack-based virtual machines.

(bullno1.com)

Development stack machine

Deno Fights Oracle's JavaScript Trademark: A Crucial Discovery Phase

2025-09-19

Deno, a JavaScript runtime, is battling Oracle over the "JavaScript" trademark. After filing a cancellation petition following a widely signed open letter, they've reached the crucial discovery phase. Facing expensive litigation, Deno launched a GoFundMe campaign to fund professional surveys, expert witnesses, and legal filings to prove "JavaScript" is a generic term, not an Oracle brand. The outcome will determine if trademarks can be used to claim ownership of generic terms and impact the future of open-source development.

(deno.com)

Development

iTerm2's Built-in Browser: Terminal Meets Web

2025-09-19

iTerm2 now boasts a built-in web browser, seamlessly integrating web browsing into its existing window, tab, and split-pane architecture. Users can work in the terminal and browse the web simultaneously within the same interface. It supports various keyboard shortcuts, such as Cmd+click to open links in new tabs and Cmd+Shift+click for new vertical split panes. AI chat integration allows for summarizing, analyzing, or questioning the current page. Privacy features include incognito mode, popup blocking, and ad blocking. While not a primary browser replacement, it's a powerful tool for integrated terminal and web workflows.

(iterm2.com)

Development built-in browser

Decoupling Time Allocation from Capacity Allocation: The Key to Improved Team Efficiency

2025-09-19

This article explores the misconceptions surrounding team capacity allocation. Many companies equate time allocation with capacity allocation, overlooking systemic factors affecting team capabilities. The author points out that capacity is not merely the sum of hours worked but encompasses team skills, tools, processes, and more. Focusing solely on time allocation while neglecting system optimization leads to inefficiency. The author recommends distinguishing between 'time allocation' (where the team spends its hours) and 'capacity allocation' (the team's true ability to deliver outcomes), considering various disruptive factors, for improved team efficiency.

(cutlefish.substack.com)

Development capacity allocation

LLaMA-Factory: A Unified Framework for Efficient Fine-tuning of 100+ LLMs

2025-09-19

LLaMA-Factory is an open-source framework that enables efficient fine-tuning of over 100 large language models (LLMs), including LLaMA, LLaVA, and Mistral. It integrates various fine-tuning methods (like LoRA, QLoRA, and OFT), offers scalable resources and advanced algorithms, and covers a wide range of tasks such as multi-turn dialogue and image understanding. LLaMA-Factory also supports various inference acceleration techniques and provides a user-friendly interface and API. Constantly updated with support for the latest models and techniques, LLaMA-Factory aims to provide developers with a convenient and efficient tool for LLM fine-tuning.

(github.com)

Development Open-source Framework

Rust for Linux: New Untrusted Type Bolsters Kernel Security

2025-09-19

The Linux kernel faces security threats from numerous untrusted data sources, including user space, networks, and removable storage. To enhance security, Benno Lossin proposes a new Rust API introducing the `Untrusted` type to flag data originating from untrusted sources. Leveraging Rust's type system, this prevents accidental decisions based on unvalidated user-space data, mitigating potential attacks. The API, now in its fourth revision, includes utility functions and support for common data structures like slices and vectors. Future application in driver `ioctl()` functions promises heightened kernel security, with further discussion expected at the upcoming Kangrejos conference on the Rust for Linux project.

(lwn.net)

Development User Space Data

Remotely Unlocking macOS FileVault via SSH

2025-09-19

With FileVault enabled in macOS, the data volume is locked and inaccessible during and after boot until password authentication. Since OpenSSH configuration files reside on the data volume, standard SSH authentication is unavailable. However, with Remote Login enabled, SSH password authentication can unlock the data volume remotely. After unlocking, macOS briefly disconnects SSH to mount the volume and start dependent services, then SSH resumes fully. This capability appeared in macOS 26 Tahoe.

(keith.github.io)

Development

Category: Development