Plurrrr

week 21, 2021

A visit to Staelduinse Bos

Today we went to a forest close to where we live: Staelduinse Bos. On our way we saw a mute swan couple with young so I stopped my bike and took a photo.

Female mute swan, Cygnus olor, with young
Female mute swan, Cygnus olor, with young.

Before we entered the forest we had a short break in "De Bosrand" (Literally: Edge of the forest), a restaurant.

Adam drawing a mushroom
Adam drawing a mushroom.

Adam had taken his sketchbook with him and he and his sister drew mushrooms. Adam was looking forward to find actual mushrooms to sketch.

A large snail resting on a tree. Photo taken by Adam
A large snail resting on a tree. Photo taken by Adam.

Once in the forest we spotted large snails resting on trees. Alice and Adam like snails a lot. Alice even keeps a pet snail.

Adam and Alice exploring
Adam and Alice exploring.

While the children kept looking for mushrooms I kept looking for butterflies, hoping to take a few nice photos of those insects.

A large snail on Adam's hand
A large snail on Adam's hand.

After some walking we reached the visitor's center which has a nice garden. We walked the tracks keeping our eyes peeled for butterflies, mushrooms etc. I did spot a large dragonfly but it was too skittish.

Ferns in the garden of the visitor's center
Ferns in the garden of the visitor's center.

After some more relaxing in the garden we walked back to our bikes. We had a reservation for 4pm at the restaurant "De Bosrand" and got there just a bit late. It was a great day with fantastic weather.

A track in the forest
A track in the forest.

See also a blog post on an earlier visit to this forest.

How to Twitter

Believe it or not, Twitter can be a very useful source of information and news. Or, it can waste your time and make you sad. It’s all in how you use it. Here I’ll show you how to make Twitter work for you, instead of against you.

Source: How to Twitter, an article by Lee Phillips.

Intro to The AES-256 Cipher

AES, or “Advanced Encryption Standard”, is an encryption specification that uses the Rijndael cipher as its symmetric key ciphering algorithm. AES encrypts a message with a private key, and no one but the key holder can decrypt the message. A great example of a good use-case for AES-256 is encrypting all the data on the hard drive of a computer when it’s not in use.

Source: Intro to The AES-256 Cipher, an article by Lane Wagner.

How to to_string in Rust

In Rust, there are several ways to turn a value into a string. In this article, we will explore a few different ways and discuss what are the most idiomatic approaches depending on the context you are currently working on.

Source: How to to_string in Rust, an article by Luciano Mammino.

Tag support for tumblelog

In the evening I finished most of the tag support in the Perl version of tumblelog. The tags page uses the same logarithmic scaling method as I used in Google Search Cloud. However, I decided to order the tags alphabetically.

I hope to be able to release this new version, 5.0.0, within a week or two.

How to (not) use Docker to share your password with hackers

Do you use Docker images to run your software? Does running or building your image involve a password or other credential that you really (don’t) want to share with hackers?

Well, you’re in luck, because Docker makes it really easy to share your passwords, cloud credentials, and SSH private keys with the world. Whether it’s runtime secrets, build secrets, or just some random unrelated credentials you had lying around in the wrong place, Docker’s got you covered when it comes to secret leaks.

In this article we’ll cover:

  • Some evidence this actually happens.
  • Leaking build time secrets.
  • Accidental leaks with COPY.
  • Leaking runtime secrets.
  • Some (partially?) missing tooling that would help fix the problem.

Source: How to (not) use Docker to share your password with hackers, an article by Itamar Turner-Trauring.

What's new in Swift 5.5?

WWDC21 being less than two weeks away means the first Swift 5.5 beta is almost here, and it comes with a massive set of improvements – async/await, actors, throwing properties, and many more. For the first time it’s probably easier to ask “what isn’t new in Swift 5.5” because so much is changing.

In this article I’m going to walk through each of the changes with code samples, so you can see how each of them work in practice.

Source: What's new in Swift 5.5?, an article by Paul Hudson.

Liocheles australasiae

Last Monday I ordered a Liocheles australasiae online with Geleedpotigen.com located in Belgium. The Dwarf Wood Scorpion was shipped on Tuesday and arrived today just before noon.

Liocheles australasiae in a vial
Liocheles australasiae in a vial.

The scorpion came well packed: in a vial stored in a Styrofoam box with heatpack and paper to prevent it from bouncing around. The Styrofoam box itself was packed inside a carton box. Also included was a nice card which thanked me for the order. I paid €25,00 for the scorpion and €9,99 for shipping.

Liocheles australasiae on 5mm grid paper
Liocheles australasiae on 5mm grid paper.

The vial had a message which told me that this species loves to play dead (thanatosis). However, this specimen was moving normally when I got it out of the vial onto a piece of 5mm grid paper. After taking photos I put the scorpion in a small cup with the moist paper it came in.

Later I prepared a small terrarium. First, I made very dry coconut coir moist by putting it in a Ziplock bag and adding water. Next I mixed the water and the coir by kneading carefully. I had to keep adding water several times until the coir was quite moist.

Liocheles australasiae in its terrarium
Liocheles australasiae in its terrarium.

I put the coconut coir in a plastic container with small holes drilled in the sides and the lid for ventilation. I placed a piece of cork bark for a hide, and some plastic plants for decoration. When done I added the small scorpion. I also added a small pre-killed mealworm which it might eat in the night.

As this species is well know for being parthenogenetic, i.e. females can give birth without having been in contact with a male. In this case the offspring are all females. I expect a brood somewhere in the summer since all species in the hobby seem to be females.

Functional programming in Go with generics

Functional programming is an increasing popular programming paradigm with many languages building or already supporting it. Go already supports some of these features such as first-class and higher order functions and enabling functional programming.

One key feature that’s been missing from Go is generics. Without this feature, functional Go libraries and applications are forced down one of two paths: type safe + use-case specific or type-unsafe + use-case agnostic. With the upcoming release of Go 1.18 in early 2022, generics are expected to be added to the language which will enable new sorts of functional programming solutions in Go.

Source: Functional programming in Go with generics, an article by Ani Channarasappa.

Why Go Getting Generics Will Not Change Idiomatic Go

After years of overly-acrimonious online discussion, Go is continuing down the chute towards getting generics. I'm already seeing the inevitable "functional" libraries (plural) coming out. I'm going to explain why none of these libraries are going to materially impact what the community considers good style.

They may see some use. I may even use some of them myself on small scales. Some iconoclasts will program with them extensively, and their code will work, in the sense that it will do what it was designed to do regardless of how the code reads. But they are not going to change what generally-good style is considered to be.

Source: Why Go Getting Generics Will Not Change Idiomatic Go, an article by Jeremy Bowers.

Octothorp

If you hover over the above title or any other article title on this blog you might notice an octothorp, also known as hash sign or pound sign, appearing after the title. This is to signal that clicking on the title leads to the permanent link for the blog page with articles. As a blog page can have multiple articles a fragment is used to jump directly to the right article.

I used the following Sass code to achieve the hash sign after the text:

article {
    > [id] > a {
        color: $heading-color;
    }

    > [id] > a:hover::after {
        content: '#';
        padding-left: 4px;
        color: $link-color;
    }
}

The first rule overrides the color of an anchor element inside an element having an id attribute that's a direct descendant of the article element. The second rule puts a hash sign after this element on hover with some additional padding and shows the hash sign using the link color.

To summarise: clicking on a heading makes the title scroll up (if there is space) and sets the address bar contents to the permalink for the clicked article including a fragment.

This all in preparation for the upcoming version 5.0.0 of tumblelog which is going to support tags per article and hence requires this type of linking with fragments.

Tree-Shaking: A Reference Guide

“Tree-shaking” is a must-have performance optimization when bundling JavaScript. In this article, we dive deeper on how exactly it works and how specs and practice intertwine to make bundles leaner and more performant. Plus, you’ll get a tree-shaking checklist to use for your projects.

Source: Tree-Shaking: A Reference Guide, an article by Átila Fassina.

Unravelling async and await

Now when I started to think about this post I was worried it was going to be rather long and arduous to research (although I believe class is going to ultimately win that crown 😜), but then I remembered I had written a blog post about how async and await worked in Python 3.5. As part of that post I went through the history of how Python got to that point of asynchronous programming, which meant I had already dived into the details of how Python evolved earlier syntax to what it has today! Thus this post is going to draw heavily from my async history post to save myself some time, so if you feel I skimmed over details then chances are it's because I covered it in my other post.

Source: Unravelling async and await, an article by Brett Cannon.

Magit 3.0 released

Magit is a text-based Git user interface that puts an unmatched focus on streamlining workflows. Commands are invoked using short mnemonic key sequences that take the cursor’s position in the highly actionable interface into account to provide context-sensitive behavior.

With Magit you can do nearly everything that you can do when using Git on the command-line, but at greater speed and while taking advantage of advanced features that previously seemed too daunting to use on a daily basis. Many users will find that by using Magit they can become more effective Git user.

Source: Magit 3.0 released, an article by Jonas Bernoulli.

How Inevitable Is the Concept of Numbers?

The aliens arrive in a starship. Surely, one might think, to have all that technology they must have the idea of numbers. Or maybe one finds an uncontacted tribe deep in the jungle. Surely they too must have the idea of numbers. To us numbers seem so natural—and “obvious”—that it’s hard to imagine everyone wouldn’t have them. But if one digs a little deeper, it’s not so clear.

Source: How Inevitable Is the Concept of Numbers?, an article by Stephen Wolfram.

Discovering goroutine leaks with Semgrep

While learning how to write multithreaded code in Java or C++ can make computer science students reconsider their career choices, calling a function asynchronously in Go is just a matter of prefixing a function call with the go keyword. However, writing concurrent Go code can also be risky, as vicious concurrency bugs can slowly sneak into your application. Before you know it, there could be thousands of hanging goroutines slowing down your application, ultimately causing it to crash. This blog post provides a Semgrep rule that can be used in a bug-hunting quest and includes a link to a repository of specialized Semgrep rules that we use in our audits. It also explains how to use one of those rules to find a particularly pesky type of bug in Go: goroutine leaks.

Source: Discovering goroutine leaks with Semgrep, an article by Alex Useche.

Parsing in JavaScript: Tools and Libraries

If you need to parse a language, or document, from JavaScript there are fundamentally three ways to solve the problem:

  • use an existing library supporting that specific language: for example a library to parse XML
  • building your own custom parser by hand
  • a tool or library to generate a parser: for example ANTLR, that you can use to build parsers for any language

Source: Parsing in JavaScript: all the tools and libraries you can use, an article by Gabriele Tomassetti.