So, you’ve got your brand new pristine machine and you’re keen to
kick off a new Python project. You know you want to use packages
that others have written and focus only on the code you need to
write. So you head off to github, find your favourite package and
turn to the readme to get it installed - it seems dead simple just a
‘pip install’ away. Nothing could possibly go wrong. Right?
There are many ways of improving your productivity when you use
Emacs, and Ido (or “Interactively DO things”) is one of those
packages that you enable and then never, ever turn off
again. Although it’s got a lot of competition today, it’s still a
useful package because it hand crafts the completion experience for
files and buffers. That’s something most modern completion
frameworks don’t do.
without a build
system” and I
without a build system and bit
rot is never fun. I
would like to offer a few alternatives to Julia’s approach, which I
think already covers the basics.
On February 1 we released our latest Go version, 1.20, which
included a few language changes. Here we’ll discuss one of those
changes: the predeclared comparable type constraint is now
satisfied by all comparable
before Go 1.20, some comparable types did not satisfy comparable!
when I start a new frontend project, I was faced with the question:
should I use a build system?
I want to talk about what’s appealing to me about build systems, why
I (usually) still don’t use them, and why I find it frustrating that
I’m writing this because most of the writing I see about JS assumes
that you’re using a build system, and it can be hard to navigate for
don’t require a build system.
Is this true? Are the majority of cURL’s security vulnerabilities
It’s easy to find out. The cURL authors have a great list of
(known) cURL security
vulnerabilities. If you
skim it it becomes immediately obvious that no, cURL has plenty of
memory safety bugs. Since there’s a nice list with great
descriptions of each bug it seems like a nice opportunity to measure
how many bugs Rust would have prevented.
Back in December, we wrote an article detailing three different
for CSS Nesting. In it, we explained the differences between Option
3, Option 4 and Option 5, demonstrating how each would work through
a series of examples. Then we asked a simple question: “Which option
is best for the future of CSS?”
Web developers responded to the poll with great clarity. Option 3
won in a landslide.
Recently in working with one of Crunchy Data's customers, I came
across a situation where understanding the names and sequence
numbers was important. In working with several of my colleauges that
commit to the Postgres project, I collected notes on some of the
details inside WAL. The goal today to look at the LSN and naming
convention for WAL to help users understand WAL files a little
I've recently started exploring WebAssembly, focusing on the
language itself, by writing and testing small snippets of
handwritten WASM text (WAT). This post describes what I've learned
about using indirect calls via function tables.
A few months ago, a proposal was
introduced for adding a
structured logging library in Go. At present, Go has a minimal and
bare-bones log package which works all right for basic use
cases. However, the current library has a few shortcomings that this
proposal aims to solve:
Emitting logs with different severity/levels
Structured output: Makes parsing of logs harder
Logging a set of common fields/attributes
Difficult to have a log object inside libraries as each service
could have its log implementation.
In this series of articles, I’d like to walk you through the default
diff algorithm used by Git. It was developed by Eugene W. Myers, and
the original paper is
available online. While the paper is quite short, it is quite
mathematically dense and is focussed on proving that it works. The
explanations here will be less rigorous, but will hopefully be more
intuitive, giving a detailed walk-through of what the algorithm
actually does and how it works.
How can I easily run the same tests on different data without
duplicating a lot of code? If I follow my usual pattern, I start off
with a couple of tests where I write some code then cut-and-paste
that a couple of times. I add a few more tests before I realize I
have a mess. If I had the foresight to know that I would make a mess
(again), I would have started with a table of data and a little bit
of code that went through it.
In fall 2022, Trail of Bits audited cURL, a widely-used command-line
utility that transfers data between a server and supports various
protocols. The project coincided with a Trail of Bits maker week,
which meant that we had more manpower than we usually do, allowing
us to take a nonstandard approach to the audit.
While discussing the threat model of the application, one of our
team members jokingly asked, “Have we tried curl AAAAAAAAAA… yet”?
Although the comment was made in jest, it sparked an idea: we should
fuzz cURL’s command-line interface (CLI). Once we did so, the fuzzer
quickly uncovered memory corruption bugs, specifically
use-after-free issues, double-free issues, and memory leaks. Because
the bugs are in libcurl, a cURL development library, they have the
potential to affect the many software applications that use libcurl.
But for many years now, dataclasses have been — and currently are —
built in to the language. They
are increasingly integrated to the toolchain at a deep level that is
difficult for application code — or even other specialized tools —
to replicate. Everybody knows what they are. Few or none of those
reasons apply any longer.
Regex always feels like a fun puzzle. The syntax looks alien, but
you could learn it all in an hour. There are a couple of
neattricks, but most
cases aren’t tricky enough to warrant them. When I get asked a regex
question, I get excited.
We are pleased to announce a major update to JupyterLab Desktop
which adds many new features with main focus on the user
experience. JupyterLab Desktop is the cross-platform desktop
application for JupyterLab and it is the quickest and easiest way to
get started with Jupyter notebooks on your personal computer.
Could you get started working in the repository without downloading
every version of every file in the entire Git history? Git’s
partial clone and shallow clone features are options that
can help here, but they come with their own tradeoffs. Each option
breaks at least one expectation from the normal distributed nature
of Git, and you might not be willing to make those tradeoffs.