A large number of PGP signatures on PyPI can’t be correlated to
any well-known PGP key and, of the signatures that can be
correlated, many are generated from weak keys or malformed
certificates. The results suggest widespread misuse of GPG and
other PGP implementations by Python packagers, with said misuse
being encouraged by the PGP ecosystem’s poor defaults, opaque and
user-hostile interfaces, and outright dangerous
recommendations.
I started programming in Rust several years ago, and it has
gradually changed the way I design programs in other programming
languages, most notably in Python. Before I started using Rust, I
was usually writing Python code in a very dynamic and type-loose
way, without type hints, passing and returning dictionaries
everywhere, and occasionally falling back to
“stringly-typed”
interfaces. However, after experiencing the strictness of the Rust
type system, and noticing all the problems that it prevents “by
construction”, I suddenly became quite anxious whenever I got back
to Python and wasn’t provided with the same guarantees.
In this tutorial, I will explain a particular approach to parsing,
which gracefully handles syntax errors and is thus suitable for
language servers, which, by their nature, have to handle incomplete
and invalid code. Explaining the problem and the solution requires
somewhat less than a trivial worked example, and I want to share a
couple of tricks not directly related to resilience, so the tutorial
builds a full, self-contained parser, instead of explaining
abstractly just the resilience.
Best friends Bodil and Isabel, apparently happily married, sneak off
for secret affairs using each other as an alibi. But when Isabel is
killed when they were supposed to have been together. Bodil gets
caught up in her own web of lies.
In the evening Esme and I watched Faithfully
Yours. The movie was OK and I
give it a 6 out of 10.
As a C++ programmer, you are probably familiar with the following
design question: Should you implement a function as a class member
or as a free function?
Not so sure about the answer? Well, let’s examine.
A lot of people are building truly new things with Large Language
Models (LLMs), like wild interactive fiction experiences that
weren’t possible before. But if you’re working on the same sort of
Natural Language Processing (NLP) problems that businesses have been
trying to solve for a long time, what’s the best way to use them?
Since Python 1.5 (1997), CPython users can run multiple interpreters
in the same process. However, interpreters in the same process have
always shared a significant amount of global state. This is a source
of bugs, with a growing impact as more and more people use the
feature. Furthermore, sufficient isolation would facilitate true
multi-core parallelism, where interpreters no longer share the
GIL. The changes outlined in this proposal will result in that level
of interpreter isolation.
I’ve been programming in Java for over half a decade, and thought I
had mastered all aspects of overloading and overriding. It was only
once I started thinking of and writing up the following edge cases,
that I realized I didn’t know it nearly as well as I thought.
In an effort to gamify these nuances, I’ve listed them below as a
series of puzzles. Kudos if you get them all without peeking at the
answers.
The film continues the story of teenage Billy Batson who, upon
reciting the magic word "SHAZAM!" is transformed into his adult
Super Hero alter ego, Shazam.
Bash is oft-maligned: you hear it sneered at in sentences like "our
continuous integration pipeline is just a pile of bash
scripts."
It is commonly regarded as unintelligible and thus
unmaintainable. The pile of bash scripts are the toxic byproduct of
an infrastructure team understaffed, pressed for time, unwilling or
unable to do it "the right way" in a blessed programming language,
such as Ruby, Python, or, uh, ... YAML?
There are three types of developers: those who know that indexes
speed up database queries, those who know that indexes speed up
database queries and take additional space and time to write, and
those who have a more profound knowledge about indexes, their
advantages, disadvantages, different types and much
more. Unfortunately, the first and the second group is the most
numerous.
This article will help you understand SQL indexes if you fall into
the first two groups. If you know a lot about indexes, this article
will help you organize your knowledge and remind you about good
practices. SQL is a declarative language meaning it tells the
database what we want to do but not how to achieve it. The
database engine decides how to pull data. We can help the query
planner by using indexes.
You should read every error message that your system
produces. Simple but effective. Our team pumps every 5XX into a
Slack channel and reviewing each of these is a top priority for the
current on-call engineer. There’s a little more to it, but that’s
the gist! Commit to this process and your error rates are guaranteed
to drop. And I can prove it!
Sometimes configuring a database at scale can seem like a dark
art. While the Postgres documentation is fantastic, there are no
hard-and-fast rules for tuning given the diversity of workloads out
there and much of what we learned came from sparse references and
experimentation. We hope that compiling our findings will help
future engineers get ahead of the challenges we faced — if you want
to skip the narrative, feel free to jump ahead for a summary of our
findings.
When an ex-soldier who discovers gold in the Lapland wilderness
tries to take the loot into the city, Nazi soldiers led by a brutal
SS officer battle him.
In the evening I watched
Sisu. I liked the movie and
give it a 7 out of 10.
Python is 32 years old language, yet it still doesn't have proper,
true parallelism/concurrency. This is going to change soon, thanks
to introduction of a "Per-Interpreter GIL" (Global Interpreter
Lock) which will land in Python 3.12. While release of Python 3.12
is some months away, the code is already there, so let's take an
early peek at how we can use it to write truly concurrent Python
code using sub-interpreters API.
The ECMAScript 2023 specification has
been recently finalised. It includes some new methods on the Array
object that will help make our JavaScript programs more predictable
and maintainable. The methods toSorted, toReversed, toSpliced,
and with allow you to perform operations on arrays by without
changing the data in place, but by making a copy and changing that
copy. Read on to learn the difference and how to start using them in
your projects.
A bit delayed, the interactive application firewall
OpenSnitch package in
Debian now got the latest fixes ready for Debian Bookworm. Because
it depend on a package missing on some architectures, the
autopkgtest check of the testing migration script did not understand
that the tests were actually working, so the migration was
delayed. A bug in the package dependencies is also fixed, so those
installing the firewall package (opensnitch) now also get the GUI
admin tool (python3-opensnitch-ui) installed by default. I am very
grateful to Gustavo Iñiguez Goya for his work on getting the package
ready for Debian Bookworm.
This article explains in detail the process of setting up a
bare-bones website using Hugo and Org mode. My goal in writing this
is to provide readers with a superior understanding of the
fundamentals of this workflow. It is by no means an exhaustive
explanation of Org mode or Emacs, but should give readers of any
skill level a strong foundation to apply their own knowledge and
techniques to the Emacs-Hugo toolchain.
A TLS handshake is the process that kicks off a communication
session that uses TLS. During a TLS handshake, the two communicating
machines (generally client and server) exchange messages to
acknowledge each other, verify each other, establish the
cryptographic algorithms they will use, and agree on session keys.