Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Category: Development

WASM Program Bypasses node:wasi Filesystem Sandbox

2024-12-15

This project demonstrates a proof-of-concept showcasing how a WASM program can bypass the preopens directory restriction in node:wasi to access files outside the sandbox. Normally, WASM programs are limited to accessing pre-opened directories. However, by cleverly using symbolic links to replace files at a precise moment and running an external process, this limitation can be circumvented. This is not a practical security vulnerability in node:wasi, but rather a potential edge case. The project highlights that one shouldn't rely on node:wasi to completely prevent malicious code from accessing external files.

(github.com)
Development

MacOS GPU Optimization: Wasting Resources for Speed

2024-12-15

Anukari's developer encountered a bottleneck while optimizing GPU performance on MacOS. Due to limited system control over GPU performance, Apple's GPU performance regulation mechanism performed poorly in Anukari's use case, resulting in audio glitches. The developer implemented a workaround: dedicating a GPU threadgroup warp to useless computation to 'trick' the system into increasing GPU clock speed, significantly reducing audio latency and improving performance. While crude, this method proved effective in resolving MacOS performance issues. However, performance improvements varied significantly between different DAWs (Ableton and GarageBand), requiring further optimization.

(anukari.com)
Development GPU optimization performance bottleneck

Will Large Language Models End Programming?

2024-12-15

Recent advancements in large language models (LLMs) have sparked debate about the obsolescence of programming. This article argues against this overly optimistic view. Focusing on the computational complexity of program synthesis, the author demonstrates that generating correct code is a PSPACE-complete problem, meaning even moderately sized inputs could require exponential time. While LLMs can assist programmers and boost efficiency, their inherent limitations prevent them from completely replacing human programmers. The core of programming remains problem-solving and system design, requiring human ingenuity and creativity.

(cacm.acm.org)
Development program synthesis future of programming

Optimistic Computing: A Path Towards Better Software

2024-12-15

This essay explores the concept of "Optimistic Computing," not as blind optimism, but as a convergence of several powerful ideas: simplicity and ease of use ("boot to kill"), local-first principles, and user empowerment. The author argues that by limiting dependencies, simplifying workflows, creating a seamless "just works" experience, and giving users more control, we can build more reliable, secure, and long-lasting software. This philosophy applies to both individual users and enterprise software development, ultimately aiming for a digital world that respects user privacy and data ownership.

(www.deobald.ca)
Development optimistic computing local-first

Spark vs. DuckDB vs. Polars: Benchmarking Performance for Small to Medium Workloads

2024-12-15

This article benchmarks Spark, DuckDB, and Polars, comparing their performance, cost, and development ease on 10GB and 100GB datasets. Results show that for large datasets and ETL tasks, Spark remains dominant due to its distributed computing capabilities and mature ecosystem. DuckDB and Polars excel at interactive querying and data exploration on smaller datasets. The author recommends a strategic mix-and-match approach, using Spark for ETL, DuckDB for interactive queries, and Polars for niche scenarios, tailoring engine choice to specific needs.

(milescole.dev)
Development data processing engines benchmark

Fast LLM Inference Engine Built From Scratch

2024-12-15

This article details the author's journey in building an LLM inference engine from scratch using C++ and CUDA, without relying on any libraries. The process provided a deep dive into the full stack of LLM inference, from CUDA kernels to model architecture, showcasing how optimizations impact inference speed. The goal was to create a program capable of loading weights from common open-source models and performing single-batch inference on a single CPU+GPU server, iteratively improving token throughput to surpass llama.cpp. The article meticulously outlines the optimization steps on both CPU and GPU, including multithreading, weight quantization, SIMD, kernel fusion, and KV cache quantization, while analyzing bottlenecks and challenges. The final result achieves near state-of-the-art performance for local LLM inference.

(andrewkchan.dev)
Development LLM inference

Preferring Throwaway Code Over Design Docs: A More Efficient Software Development Approach

2024-12-15

In software development, the traditional design document and incremental development model isn't always efficient. Author Doug Turnbull proposes a "coding binge" approach: quickly implement a prototype using a temporary PR, get early team feedback, refine the design, and then gradually break it down into deployable PRs. This method encourages rapid iteration, early problem detection, and considers code itself as the best documentation. While design documents still have value in specific situations, the author advocates for "showing, not telling," using code prototypes for rapid validation and iteration to achieve more efficient software development.

(softwaredoug.com)
Development code prototype

The Secret to High-Performing Teams: Transactive Memory Systems

2024-12-15

This article explores the cornerstone of high-performing teams: Transactive Memory Systems (TMS). It's not about individual memory strength, but how teams effectively share and leverage members' knowledge and skills. Three types of team memory are introduced: working, long-term, and transactive memory, with a focus on how TMS enhances team performance. TMS comprises two elements: collaborative patterns and individual expertise. By building a TMS, teams unlock collective intelligence and overcome the impact of member changes. The article recommends methods like the Capability Comb, Team Manual, and deliberate practice to help teams quickly establish and improve their TMS.

(emilywebber.co.uk)
Development knowledge sharing transactive memory system

Isomorphic Web Components: Server-Side Rendering Made Easy

2024-12-15

The long-held belief that server-side rendering of web components is difficult has been challenged. This article demonstrates how to achieve server-side rendering of existing web components by cleverly using Happy DOM to emulate a browser environment. Two methods are detailed: using the `` tag for direct rendering and emulating the DOM to run component code and generate HTML. The author emphasizes the advantages of this approach: compatibility with all web components, robustness in the face of JavaScript failure, and avoidance of framework lock-in. This solves the server-side rendering problem for web components, offering a flexible and resilient solution.

(jakelazaroff.com)
Development Server-Side Rendering Isomorphic

SVC16: The Simplest Virtual Computer Challenges Programmers

2024-12-15

SVC16 is a minimalist 16-bit virtual computer designed for ultimate simplicity. It features no CPU registers, performing all operations within a single memory chunk. The instruction set is extremely streamlined, lacking bells and whistles like sound or variable screen size. Programmers are challenged to write machine code and compilers themselves, creating amazing feats with the simplest of tools. The project provides an emulator to run user-created programs and even games. This is a perfect project for learning low-level computer principles and honing programming skills.

(github.com)
Development virtual computer 16-bit programming challenge

Railgun Labs Unveils High-Performance Unicode Algorithm Library: Unicorn

2024-12-15

Railgun Labs has released Unicorn, a high-velocity Unicode algorithm library known for its speed, embeddability, cross-platform compatibility, and security. Unicorn supports numerous Unicode algorithms, including normalization, case conversion, collation, and segmentation, and provides decoders, encoders, and validators for UTF-8, UTF-16, and UTF-32 encodings. The library is fully customizable and extensively tested for accuracy and reliability. It's MISRA C:2012 compliant and largely thread-safe.

(railgunlabs.com)
Development Unicode algorithms software library high-performance

Home Assistant's Internet Accessibility Security Flaw

2024-12-15

Frederik Braun attempted to use Home Assistant for remote smart home control but discovered a significant security vulnerability. While Home Assistant offers username/password and two-factor authentication, its inability to handle URLs with embedded credentials and its requirement for root path deployment prevent additional security layers like web server authentication or obfuscated paths. This leaves Home Assistant's security solely reliant on its internal mechanisms, creating a security risk. The author calls on the Home Assistant community to improve its security configuration flexibility.

(frederikbraun.de)
Development Remote Access

XFCE 4.20 Released: Experimental Wayland Support and Numerous Improvements

2024-12-15

After nearly two years of development, XFCE 4.20 has been officially released! This version focuses on preparing the codebase for Wayland, now offering experimental Wayland support for most components, though it's still in its early stages and recommended for advanced users. XFCE 4.20 also boasts numerous new features, bug fixes, and improvements, including improved icon scaling, a performance-enhanced icon view, and an upgraded Thunar file manager. Importantly, Wayland support is incomplete, with some components and features yet to be ported.

(alexxcons.github.io)
Development Desktop Environment

Building a Simple Object System from Scratch in Ruby

2024-12-15

This blog post details building a basic object system in Ruby without using classes. The author cleverly uses anonymous functions and hash tables to implement core OOP concepts like method lookup, prototypal inheritance, mixins, and metaprogramming. Starting with a constructor function, the post demonstrates simulating private variables and public interfaces, effectively recreating class-like behavior and inheritance. Through clear code examples, readers learn to create objects, define methods, implement inheritance and mixins, and even build a rudimentary `attr_accessor`-like metaprogramming feature. It's a practical guide to understanding object system fundamentals.

(metacircu1ar.github.io)
Development Object-Oriented Programming Metaprogramming

JP Camara's RubyConf 2024 Talk Now on YouTube

2024-12-15

JP Camara's presentation on Ruby concurrency from RubyConf 2024 is now available on YouTube. The talk summarizes his past year's research and writing, and features animated slides. The video is also available on RubyVideo.

(jpcamara.com)
Development

TeaVM 0.11.0 Released: New WebAssembly Backend

2024-12-15

TeaVM 0.11.0 has been released, featuring a brand new WebAssembly backend. The old WebAssembly backend, while functional, lacked adoption due to insignificant performance gains and a poor developer experience. The new backend, leveraging the WebAssembly GC proposal, addresses these issues, improving interaction with browser JS APIs and reducing binary file size. While currently slightly less feature-rich than the JS backend, it already supports JSO (Java-to-JS interaction API), aiming for parity in the next release. This release also includes bug fixes in BitSet implementation and adds support for various JS APIs, such as file reading, touch events, the Popover API, and Navigator.sendBeacon.

(teavm.org)
Development

Farewell to Endless Meetings: A New Approach to High-Velocity Software Development

2024-12-15

Tired of endless meetings and lengthy planning? This article introduces a high-efficiency software development method: code-centric, rapid iteration. The author uses baking as an example to illustrate the concept of achieving the optimal solution through rapid experimentation, frequent testing, and continuous improvement. This method emphasizes reducing documentation, expressing ideas directly in code, using mock data and hot-reloading tools to speed up development, and improving code readability through concise code style and naming conventions. The author advocates breaking down projects into independently executable files, minimizing restart time, and using default language tools for debugging. Although this method may seem like a "chaotic lab," it can efficiently complete projects and avoid the redundancy and inefficiency of traditional methods.

(mihaiolteanu.me)
Development agile development efficient programming

Vim: A Programming Language Beyond an Editor

2024-12-15

Vim is more than just a text editor; it's a language for interacting with your computer. Its concise and efficient command structure is easy to learn and remember, and also easy for a computer to interpret. While Vim itself is powerful, its core strength lies in the fact that its mode has been integrated into almost every mainstream code editor, allowing developers to flexibly choose their preferred editor interface while retaining Vim's efficient command language. Therefore, NeoVim, as the most complete and consistent implementation of the Vim language, is valuable for providing this efficient editing language, not just the editor itself.

(blog.jonas.foo)
Development editor

Programming Languages: Balancing Safety and Power

2024-12-15

This article explores the trade-off between safety and power in programming languages. The traditional view is that powerful languages, like C with its manual memory management, are inherently unsafe. However, the author argues this is outdated. Modern language research shows that greater expressiveness allows for both safety and power. The evolution of macros in Lisp, Scheme, and Racket exemplifies this, demonstrating how improved design can enhance macro capabilities while maintaining safety. Racket's macro system is presented as a best practice, combining hygienic code with powerful manipulation capabilities. The article concludes that safe and reliable systems build more capable and reliable software, and recommends resources for further learning about Racket macros.

(lambdaland.org)
Development programming languages safety macros

Python Dependency Management: A Raging Inferno

2024-12-15

This article delves into the complexities of Python dependency management, likening it to building a bonfire in a dry forest. The author argues that Python dependencies aren't simply a matter of `pip install`; they encompass project packages, system packages, the operating system, hardware, and the environment itself. Good dependency management is crucial for reproducibility—ensuring consistent results across different environments. The article details version control, environment isolation, definition files, lock files, and other key concepts. It then provides a comprehensive comparison of numerous tools, including pip, venv, virtualenv, pip-tools, Pipenv, Poetry, PDM, pyenv, pipx, uv, Conda, Mamba, conda-lock, and Pixi, analyzing their strengths, weaknesses, and use cases. Finally, the author offers tool recommendations based on different scenarios (administrative privileges, dependency types, operating systems, etc.) and looks ahead to future trends in Python dependency management.

(nielscautaerts.xyz)
Development Python dependency management reproducibility Python tools

LLVM C Library Speeds Up GPUs: Running C Code on GPUs

2024-12-14

The LLVM project has released an exciting GPU C library enabling developers to run libc and libm functions directly on the GPU within C/C++ code. The library supports two main modes: as a supplementary library for offloading languages like OpenMP, CUDA, or HIP; and by directly compiling C/C++ code for the GPU. The article details how to use both modes, including compilation options, linking, and specific builds for AMD and NVIDIA GPUs. This library allows developers to leverage the parallel processing power of GPUs, significantly improving performance without needing deep knowledge of complex GPU programming models.

(libc.llvm.org)
Development GPU programming C library

Buzee: Open-Source Full-Text Search App Released

2024-12-14

Buzee is a cross-platform, full-text search application built with Rust and Svelte. It allows for fast searching of local files, folders, browser history, and more, even extracting text from PDFs and images using OCR. Developed over two years, this project showcases a robust architecture using Tauri for performance, SQLite and Tantivy for indexing, and a clean Svelte frontend. While feature-rich, it still has some areas for future development, and the author is releasing it open-source for others to contribute.

(github.com)
Development full-text search

Tailscale Subnet Routers: A Simple Solution for Complex Network Connections

2024-12-14

Tailscale typically requires installing a client on every device, but this isn't always feasible for embedded devices or existing VPCs. That's where subnet routers come in. They enable devices to communicate using Tailscale's powerful NAT traversal technology, regardless of whether they're running Tailscale. This article explains how Tailscale subnet routers work, including installation and configuration on Windows and Linux. For large network migrations or connecting AWS VPCs, subnet routers offer a fast and easy way to get started. Personal use is free and doesn't count against device limits.

(tailscale.com)
Development Subnet Router NAT Traversal

Ultralytics Suffers Supply Chain Attack: A PyPI Security Incident Analysis

2024-12-14

The Python project Ultralytics recently suffered a supply chain attack. Attackers compromised the project's GitHub Actions workflows and stole a PyPI API token, resulting in tainted versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46. The attack didn't exploit a PyPI vulnerability but targeted the GitHub Actions cache. PyPI, leveraging Trusted Publishing and Sigstore transparency logs, quickly identified and removed the malicious software. The incident highlighted shortcomings in API token and GitHub environment configurations. The article stresses securing software forges and build/publish workflows, providing developers with security recommendations: using Trusted Publishers, locking dependencies, avoiding insecure patterns, and enabling multi-factor authentication.

(blog.pypi.org)
Development supply chain attack PyPI security software security

Asynchronous Rust on Cortex-M Microcontrollers: A Deep Dive

2024-12-14

This article delves into the world of asynchronous Rust programming on Cortex-M microcontrollers. It explains the mechanics of Futures, cooperative scheduling, and asynchronous Rust executors, showcasing their efficiency in resource management. The innovative Embassy framework, designed to empower asynchronous programming on microcontrollers, is introduced. Through practical examples like a Blinky and Button program, the article illustrates the application of asynchronous Rust in embedded systems, comparing its advantages and disadvantages against traditional RTOS approaches. The conclusion highlights the significant benefits of asynchronous Rust in terms of resource utilization and concurrency.

(interrupt.memfault.com)
Development Asynchronous Rust Embedded Systems

Fern, a YC-backed Startup, is Hiring a Senior Frontend Engineer

2024-12-14

Fern, a Y Combinator-backed startup, is seeking a Senior Frontend Engineer with a salary of $168,000-$192,000 plus equity. Located in Williamsburg, Brooklyn, NY, this in-person role requires 4+ years of experience in frontend development, proficiency in JavaScript/TypeScript, React, and Next.js. Responsibilities include streamlining developer experience, managing frontend infrastructure, building user-facing features, and fostering strong customer relationships. Fern simplifies API usage and counts Cohere, ElevenLabs, Webflow, and Merge.dev among its clients.

(www.ycombinator.com)
Development Frontend Engineer

Svader: A Svelte Library for GPU-Rendered Components

2024-12-14

Svader is a library for creating GPU-rendered Svelte components using WebGL and WebGPU fragment shaders. Developers can write programs in fragment shaders to customize pixel colors and control rendering effects through parameter passing. Supporting Svelte 4 and 5, it offers WebGL and WebGPU rendering modes with built-in parameters like resolution, scale, and time. Svader simplifies GPU rendering with easy-to-use components and provides fallback rendering in environments lacking WebGL or WebGPU support.

(github.com)
Development

The Science of Routing Print Orders at Canva

2024-12-14

Canva's engineering team built a configurable rules system for graph traversal to optimize print order routing. Decoupling graph building, traversal, and decision-making ensures high availability and scalability. It uses relational databases for data management and asynchronously generates a cached graph for fast querying. A rules engine and a modified minimum-cost flow algorithm find the optimal route in milliseconds, minimizing transport distance and carbon emissions, enhancing user experience and operational efficiency.

(www.canva.dev)
Development graph traversal rules engine order routing

Go: When to Say No

2024-12-14

A developer, after years of using Go, is switching back to Java. He finds Go lacking in several areas: limited looping options, absence of higher-order functions, cumbersome error handling, overly restrictive coding style leading to verbose and hard-to-maintain code, and an immature package ecosystem. While acknowledging Go's suitability for infrastructure projects, he advises against its use in complex enterprise applications.

(brainbaking.com)
Development development

The PHP Static Typing Debate: Flexibility and Efficiency of Dynamic Languages

2024-12-14

In this article, Tony Marston vehemently criticizes the enforced static type checking changes introduced in PHP 8.1. He argues that this change violates the core design principles of PHP's dynamic typing, clashing with PHP's long-standing flexible approach to data type handling and imposing a significant workload on developers. The article delves into the advantages of PHP's dynamic type system, such as automatic type conversion and flexible data handling, pointing out that the performance benefits of static typing are negligible in modern hardware, while hindering development efficiency. Marston contends that PHP's dynamic type system is better suited for handling HTML frontend and SQL backend data, and that enforcing static type checking is counterproductive, negatively impacting the PHP community.

(www.tonymarston.net)
Development static typing dynamic typing
1 2 3 4 6 8