Webtagr - Technology News Summarizer

Building Your Dev 'Red Team': Avoiding Embarrassing Mistakes

2025-02-06

While most development teams are familiar with cybersecurity 'red teams', this article advocates for a broader 'red team' within every development team. This team should include: someone to check for design flaws (preventing embarrassing visuals like a past GitHub billboard incident); someone using ad blockers (ensuring site functionality despite ad-blockers); and someone using a password manager (to ensure smooth auto-fill for login forms). These seemingly simple roles can prevent embarrassing errors, resulting in a more polished product and better user experience.

(zachholman.com)

Development development team red team

Heap Explorer: A Powerful Glibc Heap Debugger

2025-02-06

`explore_heap` is a glibc heap debugger loaded via `LD_PRELOAD` that allows interactive inspection and manipulation of a program's heap memory. By loading `libheap_explorer.so` and interrupting the program with a SIGINT signal (Ctrl+C), users enter a REPL to allocate, free chunks, and print freelists, tcache, fastbin, and bin lists, aiding in debugging memory-related issues. Currently tested on Arch Linux's glibc 2.41+, adaptation for other modern glibc versions requires adjusting constants.

(github.com)

Development heap debugging memory management

Linux Kernel Maintainers Resist Rust: A Programming Language War

2025-02-06

The integration of Rust into the Linux kernel is proving bumpy. Several kernel maintainers strongly oppose using Rust, citing increased complexity and risk associated with multiple languages. Recent discussions surrounding a Rust driver's use of the DMA API reignited the conflict. Maintainer Christoph Hellwig explicitly rejected Rust code, arguing that maintaining multi-language projects is painful and that Rust developers should handle interfacing with C code themselves. While the Rust for Linux project aims to simplify integration through an abstraction layer, Hellwig maintains this adds maintenance overhead. This controversy highlights differing stances within the Linux community on programming language choices and the challenges of integrating new technologies into existing large systems. A maintainer even resigned because of the situation. The ultimate outcome remains to be seen, but it will have a profound impact on the future direction of Linux.

(www.theregister.com)

Development

Go 1.24 Cryptography Overhaul: Achieving FIPS 140-3 Compliance

2025-02-06

Go 1.24 significantly refactored its cryptography packages to achieve FIPS 140-3 compliance. This is a major step forward, featuring a pure Go (and Go assembly) implementation of a FIPS 140-3 validated cryptographic module, eliminating reliance on cgo or syscalls. Microsoft Go 1.24 also updated, adding macOS preview support and enhanced Azure Linux support, but maintains its use of system libraries for cryptography, diverging from the official Go approach. New environment variables like GODEBUG=fips140=on and GOFIPS140=latest control FIPS mode; the runtime automatically enables it on FIPS-compliant systems (Azure Linux, Windows).

(devblogs.microsoft.com)

Development

Serverless Website Screenshot API: Powering Abbey AI

2025-02-06

Gordon Kamer built a robust web scraping API to support Abbey, an AI platform. This API runs locally, taking a URL as input and returning website data and screenshots. Powered by Playwright and Docker, it executes JavaScript, includes security features like memory limits and process isolation, and returns a multipart response with JSON data, page content, and up to 5 screenshots. Access is controlled via API keys, with customizable memory allocation and screenshot parameters.

(github.com)

Development

Service as a Software Substitute (SaaSS): Another Threat to Your Computing Freedom

2025-02-06

This article explores the concept of "Service as a Software Substitute (SaaSS)", which refers to using someone else's service as a replacement for running your own program. Richard Stallman argues that SaaSS deprives users of control over their computing because the process is handed over to servers controlled by others. This is similar to proprietary software, both presenting security risks such as data leaks and backdoors. The author calls for users to reject SaaSS and choose to use free software and programs running on computers they control to maintain their computing freedom.

(www.gnu.org)

Development computing freedom

SQLite Page Explorer: A GUI for Peeking Inside Your Databases

2025-02-06

A small GUI application, built with redbean, lets you explore your SQLite databases page by page, just as SQLite sees them. It's a single 6.5MB executable running natively on Windows, Linux, macOS, and more, offering insights into how indexes are stored, data compactness, and B-tree structures. While potential virus warnings exist due to the use of a polyglot executable, the project is trustworthy and offers a unique perspective for developers. It's a fun project that may be slow with larger databases.

(github.com)

Development

Migrating a Large-Scale Game Server from Scala 2.13 to Scala 3: A Year-Long Odyssey

2025-02-06

This post details the author's journey migrating a four-year-old, production-ready multiplayer mobile game server from Scala 2.13 to Scala 3. An initial attempt failed due to the removal of key features in Scala 3 (macro annotations, type projections) and the massive code changes required. A year later, a successful migration was achieved through a multi-pronged approach: preemptively applying Scala 3 syntax in the Scala 2 codebase, leveraging IntelliJ's code inspection tools, custom sbt source generators to produce Monocle lenses, and creative workarounds for type projections. Challenges encountered included dependency conflicts and slow compile times, resolved by forking a library, optimizing code using Scala 3's Tuple.Map, and other techniques. Despite the hurdles, the migration highlights the power and value of Scala 3's metaprogramming capabilities.

(blog.pierre-ricadat.com)

Development

A Java JIT Compiler and Runtime in Common Lisp: OpenLDK

2025-02-06

OpenLDK is a Just-In-Time (JIT) compiler and runtime environment for Java, implemented entirely in Common Lisp. It bridges the gap between Java and Common Lisp by incrementally translating Java bytecode into Lisp, then compiling it into native machine code. This unique approach allows seamless mapping of Java classes to Common Lisp Object System (CLOS) classes, enabling effortless integration between Java and Common Lisp codebases. While not designed for high performance, OpenLDK offers a practical solution for integrating Java libraries into a Lisp workflow. Currently, it primarily supports Linux and SBCL, and is a work in progress with many features yet to be implemented, such as support for class files beyond Java 8 and bytecode verification.

(github.com)

Development

GitHub Copilot Gets a Major Upgrade: Agent Mode and GA Copilot Edits

2025-02-06

GitHub Copilot has received a significant update! The new agent mode empowers Copilot with greater autonomy, enabling it to iterate on code, identify and fix errors, and even infer and complete unspecified subtasks. Copilot Edits is now generally available, offering multi-file code editing with a smooth, conversational flow. Furthermore, GitHub teased Project Padawan, an autonomous software engineer agent that will handle GitHub issues, automatically generate and test code, and even assign reviewers. These updates aim to free developers from mundane tasks, allowing them to focus on more creative work.

(github.blog)

Development

Refactoring Pitfalls: When Not to Refactor

2025-02-06

This article explores the pitfalls of code refactoring, highlighting that not all code needs refactoring. The author presents several scenarios where refactoring is inappropriate, such as attempting to fix bugs or adapt to third-party changes through refactoring; introducing unnecessary abstraction leading to code complexity; tackling multiple code smells simultaneously; refactoring untested code; and refactoring unchanging code. The article emphasizes that refactoring should be incremental, behavior-preserving, and involve small, reversible changes with test coverage. It advocates for pausing refactoring when understanding is lacking or new requirements emerge. Refactoring frequently changing and complex code yields the best results.

(thoughtbot.com)

Development best practices

Virtual Pipes: A Simple and Efficient Method for Simulating Water Over Terrain

2025-02-06

This article introduces a simple and efficient method for simulating water flow over terrain in games – the virtual pipes method. Based on shallow water equations and using a staggered grid, this method treats water flow as columns connected by imaginary pipes. Water flow is accelerated based on water level differences, and outflow scaling prevents negative water amounts. The author details the three steps: flow acceleration, outflow scaling, and water column updating, providing code examples. This method is easy to understand, computationally efficient, and suitable for games requiring terrain modification and water simulation, such as city builders. While it has limitations such as lacking inertia and velocity diffusion, it's practical for most game scenarios.

(lisyarus.github.io)

Development water simulation

arXivLabs: Experimenting with Community Collaboration

2025-02-06

arXivLabs is a framework for collaborators to develop and share new arXiv features directly on the website. Individuals and organizations working with arXivLabs embrace our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only partners with those who share them. Got an idea for a project that will benefit the arXiv community? Learn more about arXivLabs.

(arxiv.org)

Development

Par: An Experimental Concurrent Language with Interactive Playground

2025-02-06

Par is an experimental concurrent programming language attempting to bring the expressive power of linear logic to practice. It features unique properties: processes communicate via channels, each channel has at most two endpoints, and deadlocks are impossible. All values are channels, including lists, functions, and infinite streams. While Par currently lacks some features like primitive types and non-determinism, it already expresses rich concurrency. This article details Par's syntax, semantics, and examples, covering channels, signals, recursion, and expression syntax. An interactive playground lets users experience Par's concurrency.

(github.com)

Development linear logic

The Elusive Cross-Platform Timer API: A Journey Through OS APIs

2025-02-06

This article explores the challenges of cross-platform timer APIs in C programming. The author discovers that different Unix systems (including Linux, FreeBSD, NetBSD, etc.) handle timers very differently. The POSIX timer_create function, based on signals, presents numerous problems, such as poor interoperability with other OS primitives and signal mask interference. The article delves into the pros and cons of various solutions, including timerfd_create, kqueue, port_create, and io_uring, ultimately concluding that for cross-platform applications, implementing timers in userspace, as libuv does, is a more efficient and reliable approach. Libuv uses a min-heap data structure to manage timers and uses system calls like poll/epoll/kqueue for multiplexing.

(gaultier.github.io)

Development cross-platform development timers system programming

Memfault is Hiring: Android SDK Engineer ($100k-$180k)

2025-02-06

Memfault, an IoT reliability platform, is seeking an Android (AOSP) SDK Engineer. You'll collaborate with SDK leads (Linux, MCU) and cross-functional teams to shape the future of Android at Memfault. Expect a diverse tech stack spanning microcontroller SDKs, large-scale backend data processing, and complex frontend charting. The company encourages broad contribution across its technology and offers flexible work arrangements with regular team gatherings and annual off-sites.

(jobs.lever.co)

Development

AsciiDoc: A Superior Alternative to Markdown for Documentation

2025-02-06

Tired of Markdown's limitations? AsciiDoc might be the structured, full-featured alternative you need. It excels at handling tables, footnotes, and cross-references, supports document composition and conditional content, and boasts a unified ecosystem. This guide uses a sample application user guide to demonstrate AsciiDoc's features, including metadata, headings, text formatting, lists, tables, attributes, and conditional content. It also introduces adoc Studio, an editor streamlining AsciiDoc export and management, integrating seamlessly with Git for Docs-as-Code workflows. Combining AsciiDoc with Git and adoc Studio makes documentation more efficient and professional.

(www.git-tower.com)

Development

Go Multi-Key Map Library: go-multikeymap

2025-02-06

go-multikeymap is a performant Go library implementing map data structures with multiple keys. It offers two types: MultiKeyMap and BiKeyMap. MultiKeyMap allows one primary key and multiple string secondary keys, while BiKeyMap requires both keys to be unique. Both are available in concurrent and non-concurrent versions, with benchmarks showing near O(1) access times. The library is easy to use, well-documented, and includes benchmark results for performance evaluation.

(github.com)

Development Multi-Key Map Data Structure

From Automated Screencasts to Motion Comics: A Programmer's Creative Journey

2025-02-06

To streamline video content creation for the Web Origami project, a programmer experimented with automating audio and video generation. Facing challenges like tedious macro scripting and cumbersome video editing, he shifted to creating motion comics. He built a system using HTML/CSS and minimal JavaScript animation, generating both audio and video from a screenplay. Origami's features facilitated testing and updates. This approach allowed him to focus on storytelling, increasing efficiency and eliminating the hassle of video updates.

(jan.miksovsky.com)

Development Motion Comics

Alpine Linux Needs Your Help After Equinix Metal Sunset

2025-02-06

Alpine Linux's core infrastructure relies on Equinix Metal, which is being discontinued. This impacts their download mirrors, continuous integration, and development environment. To ensure service continuity, Alpine Linux is seeking community help, including colocation space in the Netherlands, bare-metal servers (for mirrors and CI) or VMs, and financial contributions. They highlight the importance of sustainable funding and encourage donations via Open Collective.

(alpinelinux.org)

Development community support

Marksmith: A GitHub-Style Markdown Editor for Ruby on Rails

2025-02-06

Tired of clunky Markdown editors? Marksmith offers a clean, GitHub-style experience for Ruby on Rails developers. This gem boasts ActiveStorage integration, a preview pane, toolbar, and list continuation—all the features you need for seamless Markdown writing. It even integrates with Avo for easy media library management. Check it out!

(avohq.io)

Development Markdown Editor

OpenWrt 24.10 Stable Release: Over 1970 Devices Supported

2025-02-06

The OpenWrt community proudly announces the stable release of OpenWrt 24.10, a major update from 23.05. Developed over a year and incorporating over 5400 commits, it boasts support for over 1970 devices, adding over 100 new ones, including OpenWrt One. Upgrading from OpenWrt 23.05 is generally supported via sysupgrade, but a configuration backup is highly recommended. However, users of specific devices (like Linksys E8450, Xiaomi AX3200, and Zyxel GS1900 series switches) need to follow special upgrade instructions to avoid bricking their devices.

(openwrt.org)

Development

Vulnerability-Lookup: A Collaborative Vulnerability Management Platform

2025-02-06

Vulnerability-Lookup is a powerful open-source platform for quickly correlating vulnerabilities from various sources, streamlining the Coordinated Vulnerability Disclosure (CVD) process. It supports importing from numerous sources including NIST NVD and CISA, and allows users to add vulnerability sightings, comments, and create bundles. Its API and Python library facilitate integration with other tools, enabling developers to easily build their own sighting tools. Vulnerability-Lookup is licensed under the GNU Affero GPL v3.0 and is developed by CIRCL, Alexandre Dulaunoy, Raphaël Vinot, and Cédric Bonhomme.

(github.com)

Development vulnerability management

6502 Assembly: A Surprisingly Good Starting Point for Learning Assembly?

2025-02-06

Choosing a starting point for learning assembly language can be daunting. This article argues that the 6502 processor is surprisingly well-suited for beginners. While not widely used in modern applications, its simple instruction set (only 56 instructions) and abundance of learning resources make it ideal for grasping fundamental assembly concepts. Its history in classic computers like the Apple II and Commodore 64 provides a wealth of emulators and learning materials. The author recommends Easy 6502 and Visual6502.org as excellent learning resources, comparing it to the complexities of architectures like x86-64 and ARM, further highlighting the 6502's advantages for beginners.

(nemanjatrifunovic.substack.com)

Development

Oracle's JavaScript Trademark Dispute: A Protracted Legal Battle

2025-02-06

A community effort led by Deno Land CEO Ryan Dahl is challenging Oracle's ownership of the "JavaScript" trademark, sparking controversy. Oracle is accused of submitting false materials in its trademark renewal application and attempting to delay legal proceedings. The core of the dispute lies in whether JavaScript has become a generic term and whether Oracle has abandoned the trademark. Oracle counters that it has legitimate grounds and submits additional evidence. This legal battle reflects the strict protection of trademarks by tech giants and the efforts of the open-source community to secure fair use.

(www.theregister.com)

Development trademark dispute

Unofficial Discord Client for Windows 2000 and Beyond

2025-02-06

Discord Messenger is an unofficial Discord client surprisingly compatible with Windows 2000 and later. This open-source project, licensed under MIT, is a beta and carries the risk of violating Discord's ToS. While it boasts core features like messaging, attachment handling, and emoji support, building it requires technical skills. The project supports MinGW and Visual Studio builds and necessitates compiling or acquiring an OpenSSL library.

(github.com)

Development

Construct Your Own Language: A Language Construction Kit

2025-02-06

This guide provides a comprehensive kit for creating artificial languages, perfect for fantasy worlds, alien civilizations, or simply as a hobby. Author Mark Rosenfelder details linguistically sound methods for building naturalistic languages, outlining steps such as deciding on sounds, lexicon, grammar, alphabet, and cursive writing. He uses his own Verdurian language as an example, emphasizing the importance of the construction order to avoid inconsistencies like those found in Hergé's Syldavian. Further resources and print versions are provided for advanced learning.

(www.zompist.com)

Development artificial language worldbuilding

WebRTC P2P SDK: @pulsebeam/peer in Developer Preview

2025-02-05

PulseBeam has released a new WebRTC peer-to-peer communication SDK, @pulsebeam/peer, currently in developer preview. This SDK simplifies real-time application development by handling connection establishment, media and data transmission signaling, and providing infrastructure. It supports audio, video, and data channel transmission, automatic reconnection, and optionally server-relayed communication. Installation is easy via npm, deno, or yarn. See PulseBeam's official documentation for further details, including API keys.

(github.com)

Development

mt32-pi Project Halted Due to Online Abuse

2025-02-05

The mt32-pi project, a baremetal MIDI synthesizer for the Raspberry Pi, has been discontinued due to sustained online harassment of its developer. The developer cited a campaign of abuse, including personal attacks, code theft, and stolen 3D print designs, as reasons for abandoning the project. Despite community support, the negative experiences significantly impacted the developer's mental health. mt32-pi supported various Raspberry Pi models and offered features such as I²S Hi-Fi DAC support and network MIDI.

(github.com)

Development MIDI Synthesizer

Okta Security Incident: Exploiting Bcrypt's Length Limitation

2025-02-05

The Okta security incident stemmed from how its Bcrypt implementation handled input length. Bcrypt's 72-character limit caused truncation, allowing authentication with only partial usernames and cached keys. The article analyzes Bcrypt libraries in Go, Java, JavaScript, Python, and Rust, revealing many lack input length validation, creating security risks. The author advocates for improved API design, explicitly rejecting invalid input to prevent such vulnerabilities.

(n0rdy.foo)

Development API design

Category: Development