week 07, 2023

One Does Not Simply 'pip install'

So, you’ve got your brand new pristine machine and you’re keen to kick off a new Python project. You know you want to use packages that others have written and focus only on the code you need to write. So you head off to github, find your favourite package and turn to the readme to get it installed - it seems dead simple just a ‘pip install’ away. Nothing could possibly go wrong. Right?

Source: One Does Not Simply 'pip install', an article by Ian Wootten.

Introduction to Ido Mode

There are many ways of improving your productivity when you use Emacs, and Ido (or “Interactively DO things”) is one of those packages that you enable and then never, ever turn off again. Although it’s got a lot of competition today, it’s still a useful package because it hand crafts the completion experience for files and buffers. That’s something most modern completion frameworks don’t do.

Source: Introduction to Ido Mode, an article by Mickey Petersen.

Angel Has Fallen (2019)

Mike Banning is framed for the attempted assassination of the President and must evade his own agency and the FBI as he tries to uncover the real threat.

In the evening Esme and I watched Angel Has Fallen. I liked the movie and give it a 7 out of 10.

Python’s multiprocessing performance problem

Because Python has limited parallelism when using threads, using worker processes is a common way to take advantage of multiple CPU cores. The multiprocessing module is built-in to the standard library, so it’s frequently used for this purpose.

But while multiple processes let you take advantage of multiple CPUs, moving data between processes can be very slow. And that can reduce some of the performance benefits of using worker processes.

Let’s see:

  • Why processes can have performance problems that threads don’t.
  • A number of ways to work around or deal with this performance overhead.
  • A bad solution you don’t want to us.

Source: Python’s multiprocessing performance problem, an article by Itamar Turner-Trauring.

All your comparable types

On February 1 we released our latest Go version, 1.20, which included a few language changes. Here we’ll discuss one of those changes: the predeclared comparable type constraint is now satisfied by all comparable types. Surprisingly, before Go 1.20, some comparable types did not satisfy comparable!

Source: All your comparable types, an article by Robert Griesemer.

Along Came a Spider (2001)

When a senator's daughter under Secret Service protection is kidnapped from a private school, detective Alex Cross investigates the case even though he's recovering from the loss of his partner.

In the evening Alice wanted to watch a detective movie, so we settled on Along Came a Spider. I liked the movie and give it a 7 out of 10.

Writing Javascript without a build system

Hello! I’ve been writing some Javascript this week, and as always when I start a new frontend project, I was faced with the question: should I use a build system?

I want to talk about what’s appealing to me about build systems, why I (usually) still don’t use them, and why I find it frustrating that some frontend Javascript libraries require that you use a build system.

I’m writing this because most of the writing I see about JS assumes that you’re using a build system, and it can be hard to navigate for folks like me who write very simple small Javascript projects that don’t require a build system.

Source: Writing Javascript without a build system, an article by Julia Evans.

Would Rust secure cURL?

Is this true? Are the majority of cURL’s security vulnerabilities logic mistakes?

It’s easy to find out. The cURL authors have a great list of (known) cURL security vulnerabilities. If you skim it it becomes immediately obvious that no, cURL has plenty of memory safety bugs. Since there’s a nice list with great descriptions of each bug it seems like a nice opportunity to measure how many bugs Rust would have prevented.

Source: Would Rust secure cURL?, an article by Tim Hutt.

Try out CSS Nesting today

Back in December, we wrote an article detailing three different options for CSS Nesting. In it, we explained the differences between Option 3, Option 4 and Option 5, demonstrating how each would work through a series of examples. Then we asked a simple question: “Which option is best for the future of CSS?”

Web developers responded to the poll with great clarity. Option 3 won in a landslide.

And so now, both Safari and Chrome have implemented Option 3. Two weeks ago, on January 25th, CSS Nesting shipped in Safari Technology Preview 162, on by default. If you have a Mac, simply download and open Safari Technology Preview, write some nested CSS, and experience how it works!

Source: Try out CSS Nesting today, an article by Jen Simmons.

Postgres WAL Files and Sequence Numbers

Recently in working with one of Crunchy Data's customers, I came across a situation where understanding the names and sequence numbers was important. In working with several of my colleauges that commit to the Postgres project, I collected notes on some of the details inside WAL. The goal today to look at the LSN and naming convention for WAL to help users understand WAL files a little better.

Source: Postgres WAL Files and Sequence Numbers, an article by Brian Pace.

Structured logging in Go with slog

A few months ago, a proposal was introduced for adding a structured logging library in Go. At present, Go has a minimal and bare-bones log package which works all right for basic use cases. However, the current library has a few shortcomings that this proposal aims to solve:

  • Emitting logs with different severity/levels
  • Structured output: Makes parsing of logs harder
  • Logging a set of common fields/attributes
  • Difficult to have a log object inside libraries as each service could have its log implementation.

Source: Structured logging in Go with slog, an article by Karan Sharma.

When Rust hurts

This article details on how frustrating Rust can be if you approach it with a functional programming mindset and why Rust has no choice but to frustrate you.

Source: When Rust hurts, an article by Roman Kashitsyn.

The Myers diff algorithm: part 1

In this series of articles, I’d like to walk you through the default diff algorithm used by Git. It was developed by Eugene W. Myers, and the original paper is available online. While the paper is quite short, it is quite mathematically dense and is focussed on proving that it works. The explanations here will be less rigorous, but will hopefully be more intuitive, giving a detailed walk-through of what the algorithm actually does and how it works.

Source: The Myers diff algorithm: part 1, an article by James Coglan.

Separate data and behavior with table-driven testing

How can I easily run the same tests on different data without duplicating a lot of code? If I follow my usual pattern, I start off with a couple of tests where I write some code then cut-and-paste that a couple of times. I add a few more tests before I realize I have a mess. If I had the foresight to know that I would make a mess (again), I would have started with a table of data and a little bit of code that went through it.

Source: Separate data and behavior with table-driven testing, an article by brian d foy.

cURL audit: How a joke led to significant findings

In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of Bits maker week, which meant that we had more manpower than we usually do, allowing us to take a nonstandard approach to the audit.

While discussing the threat model of the application, one of our team members jokingly asked, “Have we tried curl AAAAAAAAAA… yet”? Although the comment was made in jest, it sparked an idea: we should fuzz cURL’s command-line interface (CLI). Once we did so, the fuzzer quickly uncovered memory corruption bugs, specifically use-after-free issues, double-free issues, and memory leaks. Because the bugs are in libcurl, a cURL development library, they have the potential to affect the many software applications that use libcurl.

Source: cURL audit: How a joke led to significant findings, an article by Maciej Domanski.

Data Classification

But for many years now, dataclasses have been — and currently are — built in to the language. They are increasingly integrated to the toolchain at a deep level that is difficult for application code — or even other specialized tools — to replicate. Everybody knows what they are. Few or none of those reasons apply any longer.

For example, classes defined with @dataclass are now optimized as a C structure might be when you compile them with mypyc, a trick that is extremely useful in some circumstances, which even attrs itself now has trouble keeping up with.

This all raises the question for me: beyond backwards compatibility, is there any point to having non-@dataclass classes any more? Is there any remaining justification for writing them in new code?

Source: Data Classification.

Introducing the new JupyterLab Desktop!

We are pleased to announce a major update to JupyterLab Desktop which adds many new features with main focus on the user experience. JupyterLab Desktop is the cross-platform desktop application for JupyterLab and it is the quickest and easiest way to get started with Jupyter notebooks on your personal computer.

Source: Introducing the new JupyterLab Desktop!, an article by Mehmet Bektas.

Get up to speed with partial clone and shallow clone

Could you get started working in the repository without downloading every version of every file in the entire Git history? Git’s partial clone and shallow clone features are options that can help here, but they come with their own tradeoffs. Each option breaks at least one expectation from the normal distributed nature of Git, and you might not be willing to make those tradeoffs.

Source: Get up to speed with partial clone and shallow clone, an article by Derrick Stolee.