Three-way handshake bypassing Little Snitch

There has been some discussion recently about the bypassing of Little Snitch by the first datagram of a three-way TCP handshake. The facts: When a deny-rule for a domain is set in Little Snitch, and a TCP connection is made to that domain, a TCP SYN data packet is sent to the remote server. Although this packet does not carry any payload, it does include crucial information such as your IP address, as well as the sending and receiving port numbers.

Source: Three-way handshake bypassing Little Snitch.

Modern Image Processing Algorithms Overview & Implementation in C

Image processing plays a crucial role in numerous fields, ranging from computer vision and medical imaging to surveillance systems and photography. The implementation of image processing algorithms in programming languages like C has become increasingly important due to the need for efficient and optimized solutions especially on embedded devices where computing power is still limited.

Source: Modern Image Processing Algorithms Overview & Implementation in C/C++.

ORM - data model vs domain model

There’s been quite a lot of discussion lately about whether or not to use an ORM. As someone who’s been both proponent and opponent of the use of ORM’s over the years, I figured I’d write a blog post about my current opinion on the matter (which may change again a couple of times in the future ;-)).

Source: ORM - data model vs domain model, an article by Gert Goeman.

CSS Nesting

So I almost fell out of my seat yesterday when I caught wind of the announcement that CSS nesting has landed in actual browsers and if you want to play around with them then you can do that in the latest version of Safari Technology Preview. This means it’s half a step away from landing in real browsers very soon.

Source: CSS Nesting, an article by Robin Rendle.

GPT best practices

This guide shares strategies and tactics for getting better results from GPTs. The methods described here can sometimes be deployed in combination for greater effect. We encourage experimentation to find the methods that work best for you.

Source: GPT best practices.

Why You Should Still Love Telnet

Telnet, the protocol and the command line tool, were how system administrators used to log into remote servers. However, due to the fact that there is no encryption all communication, including passwords, are sent in plaintext meant that Telnet was abandoned in favour of SSH almost as soon as SSH was created.

For the purposes of logging into a remote server, you should never, and probably have never considered it. This does not mean that the telnet command is not a very useful tool when used for debugging remote connection problems.

In this guide, we will explore using telnet to answer the all too common question, “Why can’t I ###### connect‽”.

Source: Why You Should Still Love Telnet, an article by Elliot Cooper.

Proposing a struct syntax for Python

I want to introduce the new (soft) keyword struct (the name was chosen by my wife, Andrea, as more understandable than data once you explain struct is short for structure and how it's used in other programming languages). You would be able to follow the keyword with the name of the struct class. The parentheses after the name would contain the positional-or-keyword and/or keyword-only parameters the constructor would accept. Each parameter name would directly map to an attribute name for which the parameter would be saved to. Because of this mapping of parameter name to attribute name, no positional-only parameters are allowed (the only deviation from function declearation syntax).

Source: Proposing a struct syntax for Python, an article by Brett Cannon.

Grown Ups 2 (2013)

After moving his family back to his hometown to be with his friends and their kids, Lenny finds out that between old bullies, new bullies, schizo bus drivers, drunk cops on skis, and four hundred costumed party crashers sometimes crazy follows you.

In the evening Esme and I watched Grown Ups 2. I liked the movie less than the previous one so I give it a 6 out of 10.

Killing Moon

THE HUNT IS ON AND THE POLICE ARE RUNNING OUT OF TIME. Two young women are missing, their only connection a party they both attended, hosted by a notorious real-estate magnate. When one of the women is found murdered, the police discover an unusual signature left by the killer, giving them reason to suspect he will strike again.

THEY'RE FACING A KILLER UNLIKE ANY OTHER. And exposing him calls for a detective like no other. But the legendary Harry Hole is gone—fired from the force, drinking himself to oblivion in Los Angeles. It seems that nothing can entice him back to Oslo. Until the woman who saved Harry's life is put in grave danger, and he has no choice but to return to the city that haunts him and track down the murderer.

CATCHING HIM WILL PUSH HARRY TO THE LIMIT. He'll need to bring together a misfit team of former operatives to accomplish what he can't do alone: stop an unstoppable killer. But as the evidence mounts, it becomes clear that there is more to this case than meets the eye...

In the evening I started in Killing Moon, a Harry Hole Novel (13) by Jo Nesbø.

NixOS for the Impatient

NixOS is a Linux distribution configured using Nix. It is declarative, meaning that the entire system state can be defined in a single .nix file; and reproducible, meaning you can have multiple computers set up identically.

Source: NixOS for the Impatient, an article by Fernando Borretti.

Random testing in Go

Choosing good test cases for our Go programs can be a bit hit-and-miss. Sometimes we get lucky and find an input that causes incorrect behaviour, or even a crash, but in general, picking inputs at random isn’t a good way to find bugs.

Or is it? What if we leaned into that idea a little and used a lot of different inputs? Say, a million, or even a billion. With that many inputs, our chances of finding the one weird value that triggers a problem start to look pretty good.

Source: Random testing in Go, an article by John Arundel.

Grown Ups (2010)

After their high school basketball coach passes away, five good friends and former teammates reunite for a Fourth of July holiday weekend.

In the evening Alice and I watched Grown Ups. I had seen the movie before. I liked it and give it a 7 out of 10.

Transformer Math 101

A lot of basic, important information about transformer language models can be computed quite simply. Unfortunately, the equations for this are not widely known in the NLP community. The purpose of this document is to collect these equations along with related knowledge about where they come from and why they matter.

Source: Transformer Math 101, an article by Quentin Anthony, Stella Biderman, and Hailey Schoelkopf.

Data Compression Drives the Internet. Here’s How It Works.

With more than 9 billion gigabytes of information traveling the internet every day, researchers are constantly looking for new ways to compress data into smaller packages. Cutting-edge techniques focus on lossy approaches, which achieve compression by intentionally “losing” information from a transmission. Google, for instance, recently unveiled a lossy strategy where the sending computer drops details from an image and the receiving computer uses artificial intelligence to guess the missing parts. Even Netflix uses a lossy approach, downgrading video quality whenever the company detects that a user is watching on a low-resolution device.

Very little research, by contrast, is currently being pursued on lossless strategies, where transmissions are made smaller, but no substance is sacrificed. The reason? Lossless approaches are already remarkably efficient. They power everything from the PNG image standard to the ubiquitous software utility PKZip. And it’s all because of a graduate student who was simply looking for a way out of a tough final exam.

Source: How Lossless Data Compression Works, an article by Elliot Lichtman.

The Basics of Python Packaging in Early 2023

You may have heard there are new, modern standards in Python packaging (pyproject.toml!) that have been adopted over the last few years. There are now several popular and shiny modern tools for managing your packaging projects. (Poetry! Hatch! PDM!) However, the documentation is scattered and much of it is specific to these competing tools. What are the recommended best practices when creating a Python package? What is the minimal amount that you need to do in order to follow the best practices?

Source: The Basics of Python Packaging in Early 2023, an article by Jay Qi.

Trial by Fire (2018)

The tragic and controversial story of Cameron Todd Willingham, who was sentenced to death in Texas for killing his three children even after scientific evidence and expert testimony bolstered his claims of innocence.

In the evening I watched Trial by Fire. I liked the movie and give it a 7 out of 10.

What is the Standard Library for?

Overall, there was agreement that the original motivations for a large, “batteries-included” standard library no longer held up to scrutiny. “In the good old days,” Ned Deily reminisced, “We said ‘batteries-included’ because we didn’t have a good story for third-party installation.” But in 2023, installing third-party packages from PyPI is much easier.

Source: The Python Language Summit 2023: What is the Standard Library for?, an article by Alex Waygood.

Media Queries, Responsive Design? Help me!

Media queries are a CSS language feature which allow an author to conditionally apply CSS rules according to characteristics of the device or window in which an application is being viewed. Most commonly, these might be according to the viewport width allowing CSS authors to create components and layouts that are responsive to the size of the window or device that they are being viewed in. But this may also extend to whether a user prefers light or dark mode, or even a user's accessibility preferences, plus many more properties.

Source: Everything You Want To Know About Media Queries and Responsive Design, an article by Nathan Hardy.

Bcrypt at 25: A Retrospective on Password Security

Over the years, I've observed modern password hashing algorithms significantly reduce the effectiveness of brute-force password guessing. However, password stuffing attacks—where attackers use previously leaked credentials to gain unauthorized access—continue to be a persistent threat. On the other hand, the advent of multi-factor authentication (MFA) has shifted the focus to protecting user accounts through additional layers of verification, making passwords less critical to security.

Source: Bcrypt at 25: A Retrospective on Password Security, an article by Niels Provos.

Mypy 1.3 Released

We’ve just uploaded mypy 1.3 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes.

Source: Mypy 1.3 Released an article by Wesley Collin Wright.

How to Get Started with Tree-Sitter

Emacs 29 introduces tree-sitter support, a powerful parsing library that enhances its understanding of source code. With this integration, Emacs gains features like precise syntax highlighting, accurate indentation and easier extensibility. Here's how you install and configure Emacs with tree-sitter support.

Source: How to Get Started with Tree-Sitter, an article by Mickey Petersen.

Six Ducklings

On our way to the shopping mall in Naaldwijk I spotted a duck. When I walked into the duck's direction I noticed that she had six small ducklings, so I took the photo below.

Six ducklings
Six ducklings.

Finding The Best Go Project Structure

This is a story about the journey we’ve been on at HUMAN Security to find the best project structure for Go, what decisions we’ve made based on our exploration, and the conclusions we’ve drawn. We’ve created an open-source template repository for the final structure, and a branch containing a tiny example project alongside. To use this template, fork the repository or use it as a template.

Source: Finding The Best Go Project Structure - Part 1, an article by Aviv Carmi.

John Wick: Chapter 4 (2023)

John Wick uncovers a path to defeating The High Table. But before he can earn his freedom, Wick must face off against a new enemy with powerful alliances across the globe and forces that turn old friends into foes.

In the evening I watched John Wick: Chapter 4. At first, Esme was watching as well. But she was very tired so she fell asleep a few times during the movie. Alice was making "Hello, Kitty" cookies and also watched parts.

The movie was a lot, and I mean a lot, of killing. At times it looked (probably on purpose) like a computer game. I didn't like the movie much and give it a 6 out of 10. Of the recent carnage movies I liked Sisu more.

Don't abuse su for dropping user privileges

Like M. Fielder's and M. Hunter's 1986 book, one can find many instances in books, on the World Wide Web, in tutorials, and even on manual pages, of abusing su for dropping superuser privileges and running programs with ordinary user privileges — in cron jobs, /etc/rc scripts, init.d scripts, and even from /etc/inittab. They are all wrong.

Don't abuse su for this purpose. It has never in fact been the function of su, and for the past two decades people have been triggering errors with this abusage. Over the past decade or so, as of 2014, this error has gradually become more and more blatant, going from a few ignorable warning messages in obscure log files to systems that fail to function, but it has in fact been there all of this time.

Source: Don't abuse su for dropping user privileges, an article by Jonathan de Boyne Pollard.

IPinfo's Free IP Address Location Database

In March, IPinfo began offering a free, file-based country-level dataset download for IPv4 and IPv6 addresses. This file is the result of over 900 TB of data on BigQuery being synthesized down into a file a few MB in size. The downloads are refreshed daily so changes in IPv4 locations and ownership can be seen with 24-hour granularity.

In this blog post, I'll walk through downloading this dataset as well as looking at some interesting IP address space analysis that it can be used for.

Source: IPinfo's Free IP Address Location Database, an article by Mark Litwintschik.

Renfield (2023)

Renfield, Dracula's henchman and inmate at the lunatic asylum for decades, longs for a life away from the Count, his various demands, and all of the bloodshed that comes with them.

In the evening Alice, Adam, and I watched Renfield. I liked the movie and give it a 7 out of 10.

Introducing the popover API

Popovers are everywhere on the web. You can see them in menus, toggletips, and dialogs, which could manifest as account settings, disclosure widgets, and product card previews. Despite how prevalent these components are, building them in browsers is still surprisingly cumbersome. You need to add scripting to manage focus, open and close states, accessible hooks into the components, keyboard bindings to enter and exit the experience, and that’s all even before you start building the useful, unique, core functionality of your popover.

To resolve this, a new set of declarative HTML APIs for building popovers is coming to browsers, starting with the popover API in Chromium 114.

Source: Introducing the popover API, an article by Una Kravets.

God-mode for Emacs

A month ago I blogged about ways to reduce strenuous key presses in my Emacs use. I analyzed my runs of chords in Emacs, then speculated on the merits of exclusive vs mixed editing. Since then I wrote an Emacs mode called god-mode. It’s a mode that you toggle in and out of, and when you’re in it, all keys are implicitly prefixed with C- (among other helpful shortcuts). Over all, it’s been a resounding success. A couple other people, including the author of multiple mark mode, contributed some patches. I’ve been using it for a month and have been very satisfied.

Source: God-mode for Emacs, an article by Chris Done.

Choosing a good file format for Pandas

Before you can process your data with Pandas, you need to load it (from disk or remote storage). There are plenty of data formats supported by Pandas, from CSV, to JSON, to Parquet, and many others as well.

Which should you use?

  • You don’t want loading the data to be slow, or use lots of memory: that’s pure overhead. Ideally you’d want a file format that’s fast, efficient, small, and broadly supported.
  • You also want to make sure the loaded data has all the right types: numeric types, datetimes, and so on. Some data formats do a better job at this than others.

While there is no one true answer that works for everyone, this article will try to help you narrow down the field and make an informed decision.

Source: Choosing a good file format for Pandas, an article by Itamar Turner-Trauring.