week 20, 2023

PGP signatures on PyPI: worse than useless

A large number of PGP signatures on PyPI can’t be correlated to any well-known PGP key and, of the signatures that can be correlated, many are generated from weak keys or malformed certificates. The results suggest widespread misuse of GPG and other PGP implementations by Python packagers, with said misuse being encouraged by the PGP ecosystem’s poor defaults, opaque and user-hostile interfaces, and outright dangerous recommendations.

Source: PGP signatures on PyPI: worse than useless, an article by William Woodruff.

Writing Python like it's Rust

I started programming in Rust several years ago, and it has gradually changed the way I design programs in other programming languages, most notably in Python. Before I started using Rust, I was usually writing Python code in a very dynamic and type-loose way, without type hints, passing and returning dictionaries everywhere, and occasionally falling back to “stringly-typed” interfaces. However, after experiencing the strictness of the Rust type system, and noticing all the problems that it prevents “by construction”, I suddenly became quite anxious whenever I got back to Python and wasn’t provided with the same guarantees.

Source: Writing Python like it’s Rust, an article by Jakub Beránek.

Resilient LL Parsing Tutorial

In this tutorial, I will explain a particular approach to parsing, which gracefully handles syntax errors and is thus suitable for language servers, which, by their nature, have to handle incomplete and invalid code. Explaining the problem and the solution requires somewhat less than a trivial worked example, and I want to share a couple of tricks not directly related to resilience, so the tutorial builds a full, self-contained parser, instead of explaining abstractly just the resilience.

Source: Resilient LL Parsing Tutorial, an article by Alex Kladov.

Faithfully Yours (2022)

Best friends Bodil and Isabel, apparently happily married, sneak off for secret affairs using each other as an alibi. But when Isabel is killed when they were supposed to have been together. Bodil gets caught up in her own web of lies.

In the evening Esme and I watched Faithfully Yours. The movie was OK and I give it a 6 out of 10.

Against LLM maximalism

A lot of people are building truly new things with Large Language Models (LLMs), like wild interactive fiction experiences that weren’t possible before. But if you’re working on the same sort of Natural Language Processing (NLP) problems that businesses have been trying to solve for a long time, what’s the best way to use them?

Source: Against LLM maximalism, an article by Matthew Honnibal.

PEP 684 – A Per-Interpreter GIL

Since Python 1.5 (1997), CPython users can run multiple interpreters in the same process. However, interpreters in the same process have always shared a significant amount of global state. This is a source of bugs, with a growing impact as more and more people use the feature. Furthermore, sufficient isolation would facilitate true multi-core parallelism, where interpreters no longer share the GIL. The changes outlined in this proposal will result in that level of interpreter isolation.

Source: PEP 684 – A Per-Interpreter GIL, an article by Eric Snow.

Nuances of Overloading and Overriding in Java

I’ve been programming in Java for over half a decade, and thought I had mastered all aspects of overloading and overriding. It was only once I started thinking of and writing up the following edge cases, that I realized I didn’t know it nearly as well as I thought.

In an effort to gamify these nuances, I’ve listed them below as a series of puzzles. Kudos if you get them all without peeking at the answers.

Source: Nuances of Overloading and Overriding in Java, an article by Rajiv Prabhakar.

The Case For Bash

Bash is oft-maligned: you hear it sneered at in sentences like "our continuous integration pipeline is just a pile of bash scripts." It is commonly regarded as unintelligible and thus unmaintainable. The pile of bash scripts are the toxic byproduct of an infrastructure team understaffed, pressed for time, unwilling or unable to do it "the right way" in a blessed programming language, such as Ruby, Python, or, uh, ... YAML?

Source: The case for bash, an article by Chris Dickinson.

Understanding database Indexes in PostgreSQL

There are three types of developers: those who know that indexes speed up database queries, those who know that indexes speed up database queries and take additional space and time to write, and those who have a more profound knowledge about indexes, their advantages, disadvantages, different types and much more. Unfortunately, the first and the second group is the most numerous.

This article will help you understand SQL indexes if you fall into the first two groups. If you know a lot about indexes, this article will help you organize your knowledge and remind you about good practices. SQL is a declarative language meaning it tells the database what we want to do but not how to achieve it. The database engine decides how to pull data. We can help the query planner by using indexes.

Source: Understanding database Indexes in PostgreSQL, an article by Paweł Dąbrowski.

Read Every Single Error

You should read every error message that your system produces. Simple but effective. Our team pumps every 5XX into a Slack channel and reviewing each of these is a top priority for the current on-call engineer. There’s a little more to it, but that’s the gist! Commit to this process and your error rates are guaranteed to drop. And I can prove it!

Source: Read Every Single Error, an article by Evan Boyle.

Plane (2023)

A pilot finds himself caught in a war zone after he's forced to land his commercial aircraft during a terrible storm.

In the evening Esme and I watched Plane. I liked the movie and give it an 8 out of 10.

More Memory, More Problems

Sometimes configuring a database at scale can seem like a dark art. While the Postgres documentation is fantastic, there are no hard-and-fast rules for tuning given the diversity of workloads out there and much of what we learned came from sparse references and experimentation. We hope that compiling our findings will help future engineers get ahead of the challenges we faced — if you want to skip the narrative, feel free to jump ahead for a summary of our findings.

Source: More Memory, More Problems, an article by Christopher White.

Sisu (2022)

When an ex-soldier who discovers gold in the Lapland wilderness tries to take the loot into the city, Nazi soldiers led by a brutal SS officer battle him.

In the evening I watched Sisu. I liked the movie and give it a 7 out of 10.

Real Multithreading is Coming to Python

Python is 32 years old language, yet it still doesn't have proper, true parallelism/concurrency. This is going to change soon, thanks to introduction of a "Per-Interpreter GIL" (Global Interpreter Lock) which will land in Python 3.12. While release of Python 3.12 is some months away, the code is already there, so let's take an early peek at how we can use it to write truly concurrent Python code using sub-interpreters API.

Source: Real Multithreading is Coming to Python, an article by Martin Heinz.

ES2023 introduces new array copying methods to JavaScript

The ECMAScript 2023 specification has been recently finalised. It includes some new methods on the Array object that will help make our JavaScript programs more predictable and maintainable. The methods toSorted, toReversed, toSpliced, and with allow you to perform operations on arrays by without changing the data in place, but by making a copy and changing that copy. Read on to learn the difference and how to start using them in your projects.

Source: ES2023 introduces new array copying methods to JavaScript, an article by Phil Nash.

OpenSnitch in Debian ready for prime time

A bit delayed, the interactive application firewall OpenSnitch package in Debian now got the latest fixes ready for Debian Bookworm. Because it depend on a package missing on some architectures, the autopkgtest check of the testing migration script did not understand that the tests were actually working, so the migration was delayed. A bug in the package dependencies is also fixed, so those installing the firewall package (opensnitch) now also get the GUI admin tool (python3-opensnitch-ui) installed by default. I am very grateful to Gustavo Iñiguez Goya for his work on getting the package ready for Debian Bookworm.

Source: OpenSnitch in Debian ready for prime time, an article by Petter Reinholdtsen.

Using ox-hugo To Build Websites with Emacs

This article explains in detail the process of setting up a bare-bones website using Hugo and Org mode. My goal in writing this is to provide readers with a superior understanding of the fundamentals of this workflow. It is by no means an exhaustive explanation of Org mode or Emacs, but should give readers of any skill level a strong foundation to apply their own knowledge and techniques to the Emacs-Hugo toolchain.

Source: Using ox-hugo To Build Websites with Emacs, an article by Ken Grimes.

How Does a TLS Handshake Work?

A TLS handshake is the process that kicks off a communication session that uses TLS. During a TLS handshake, the two communicating machines (generally client and server) exchange messages to acknowledge each other, verify each other, establish the cryptographic algorithms they will use, and agree on session keys.

Source: How Does a TLS Handshake Work?, an article by Scott Carter.