Plurrrr

week 45, 2019

Recently, various scientific media have been paying attention to a branch of mathematics called “category theory” that has become pretty popular inside the mathematical community in recent years. Some mathematicians are even starting to complain on Twitter that more people are tweeting about category theory than their own specialties. But what is this branch of mathematics, and why is it becoming so fashionable?

Source: Why Is Category Theory a Trending Topic?, an article by John Baez.

Curl to shell isn't so bad

Piping curl to s(hell) claims that using curl example.com/install.sh | sh to install software is a “glaring security vulnerability”. I’ve seen this claim many times in other places as well, with strong terms like “malpractice”.

I don’t get it. you’re not running some random shell script from a random author, you’re running it from a software vendor who you already trust to run software. Are you going to audit all of oh-my-zsh? Probably not. So why give extra gravity to their install script? If you trust oh-my-zsh, then why distrust their install script?

Source: Curl to shell isn't so bad, an article by Martin Tournoij.

Go Turns 10

This weekend we celebrate the 10th anniversary of the Go release, marking the 10th birthday of Go as an open-source programming language and ecosystem for building modern networked software.

Source: Go Turns 10, an article by Russ Cox.

Basic troubleshooting with telnet and netcat

In the early years of computing, telnet was used to connect to the command line on remote systems. SSH has replaced telnet for remote access needs, and these days when you hear about telnet, it is usually when somebody is using the client as a generic network troubleshooting tool.

That’s because, in troubleshooting sessions, sysadmins turn to telnet and netcat to test connectivity to service offerings.

Source: Basic troubleshooting with telnet and netcat, an article by Dustin Minnich.

Coincidentally, today I used nc because macOS Mojave doesn't come with telnet out of the box.

HTTP Security Headers - A Complete Guide

In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting. At the end of the article, I will include sample setups for common applications and web servers.

Source: HTTP Security Headers - A Complete Guide, a guide by Charlie Belmer.

Mozilla Observatory scan summary
Mozilla Observatory scan summary; an A+ for Plurrrr.

Using this guide and Mozilla Observatory I managed to get Plurrrr from an F to an A+.

Note that the guide has syntax errors in the NGINX configuration example. At least, at the time of writing, I had to remove the colon after each header name and had to put some values between double quotes.

Grep from First Principles, in Golang

In this article we'll build a toy version of a string searching program solely for the purposes of education. The intention is not to fully replicate the grep tool (and this post actually explains a different algorithm to the one grep uses). What we'll build will almost certainly be slow and incomplete (but fun!).

Source: Grep from First Principles, in Golang.

Designing a fast Hash Table

This article describes the many design decisions that go into creating a fast, general-purpose hash table. It culminates with a benchmark between my own emilib::HashSet and C++11's std::unordered_set. If you are interested in hash tables and designing one yourself (no matter which language you are programming in), this article might be for you.

Source: Designing a fast Hash Table, an article by Emil Ernerfeldt.

Let's create a floating label input with HTML and CSS only

Floating label input is an element that visually combines an input label and the input itself into a single element. Label switches from placeholder mode to label when input is focused or has content in it. This concept has been first introduced by Matt D. Smith in 2013 and it has become a widespread pattern since then, even becoming a standard element in Google's Material Design.

Source: Let's create a floating label input with HTML and CSS only, an article by Adrian Bece.

Floating label input from Google Material UI docs
Floating label input from Google Material UI docs.

Stop using utcnow and utcfromtimestamp

If you are the kind of developer who prefers to work in UTC, you may have seen Python's datetime.utcnow() and datetime.utcfromtimestamp() methods and thought, "Ah, yes, this is what I should do to work in UTC!" But alas, this is not the best way to work with UTC datetimes. In fact I would say that it is extremely rare that you would want to use either of these functions.

Source: Stop using utcnow and utcfromtimestamp, an article by Paul Ganssle.

Summary of C/C++ integer rules

This is my own collection of hard-earned knowledge about how integers work in C/C++, and how to use them carefully and correctly. In this article, I try to strike a balance between brevity (easing the reader) and completeness (providing absolute correctness and extensive detail)

Source: Summary of C/C++ integer rules, an article by Nayuki.