We’ve just uploaded mypy 1.3 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes.
Source: Mypy 1.3 Released an article by Wesley Collin Wright.
I don’t like Bash. It’s just too confusing. Do I need to use double brackets for this? Do I need to quote this? Am I still writing Bash or am I sprinkling in some bits of sh? I can never remember.
Source: Writing shell scripts in Nushell, an article by Jiri Pospisil.
Emacs 29 introduces tree-sitter support, a powerful parsing library that enhances its understanding of source code. With this integration, Emacs gains features like precise syntax highlighting, accurate indentation and easier extensibility. Here's how you install and configure Emacs with tree-sitter support.
Source: How to Get Started with Tree-Sitter, an article by Mickey Petersen.
On our way to the shopping mall in Naaldwijk I spotted a duck. When I walked into the duck's direction I noticed that she had six small ducklings, so I took the photo below.
I like using Makefiles. They work great both as simple task runners as well as build systems for medium-size projects.
Source: Makefile tricks for Python projects, an article by Ricardo Ander-Egg Aguilar.
This is a story about the journey we’ve been on at HUMAN Security to find the best project structure for Go, what decisions we’ve made based on our exploration, and the conclusions we’ve drawn. We’ve created an open-source template repository for the final structure, and a branch containing a tiny example project alongside. To use this template, fork the repository or use it as a template.
Source: Finding The Best Go Project Structure - Part 1, an article by Aviv Carmi.
John Wick uncovers a path to defeating The High Table. But before he can earn his freedom, Wick must face off against a new enemy with powerful alliances across the globe and forces that turn old friends into foes.
In the evening I watched John Wick: Chapter 4. At first, Esme was watching as well. But she was very tired so she fell asleep a few times during the movie. Alice was making "Hello, Kitty" cookies and also watched parts.
The movie was a lot, and I mean a lot, of killing. At times it looked (probably on purpose) like a computer game. I didn't like the movie much and give it a 6 out of 10. Of the recent carnage movies I liked Sisu more.
Like M. Fielder's and M. Hunter's 1986 book, one can find many instances in books, on the World Wide Web, in tutorials, and even on manual pages, of abusing su for dropping superuser privileges and running programs with ordinary user privileges — in
cronjobs,/etc/rcscripts,init.dscripts, and even from/etc/inittab. They are all wrong.Don't abuse
sufor this purpose. It has never in fact been the function ofsu, and for the past two decades people have been triggering errors with this abusage. Over the past decade or so, as of 2014, this error has gradually become more and more blatant, going from a few ignorable warning messages in obscure log files to systems that fail to function, but it has in fact been there all of this time.
Source: Don't abuse su for dropping user privileges, an article by Jonathan de Boyne Pollard.
In March, IPinfo began offering a free, file-based country-level dataset download for IPv4 and IPv6 addresses. This file is the result of over 900 TB of data on BigQuery being synthesized down into a file a few MB in size. The downloads are refreshed daily so changes in IPv4 locations and ownership can be seen with 24-hour granularity.
In this blog post, I'll walk through downloading this dataset as well as looking at some interesting IP address space analysis that it can be used for.
Source: IPinfo's Free IP Address Location Database, an article by Mark Litwintschik.
Today, as part of that long term effort to secure the Python ecosystem, we are announcing that every account that maintains any project or organization on PyPI will be required to enable 2FA on their account by the end of 2023.
Source: Securing PyPI accounts via Two-Factor Authentication, an article by Donald Stufft.
Renfield, Dracula's henchman and inmate at the lunatic asylum for decades, longs for a life away from the Count, his various demands, and all of the bloodshed that comes with them.
In the evening Alice, Adam, and I watched Renfield. I liked the movie and give it a 7 out of 10.
I previously wrote about starting a Go project in 2018. A lot has changed since I wrote that and I had been wanting to write an updated version. What follows should be enough for anyone new to Go to get started and ideally start them being productive.
Source: How to start a Go project in 2023, an article by Ben E. C. Boyter.
In this article, you will learn how to add a backdoor to the SSH Public Key. The backdoor will execute whenever the user logs in. The backdoor hides as an unreadable long hex-string inside
~/.ssh/authorized_keysor~/.ssh/id_*.pub.
Popovers are everywhere on the web. You can see them in menus, toggletips, and dialogs, which could manifest as account settings, disclosure widgets, and product card previews. Despite how prevalent these components are, building them in browsers is still surprisingly cumbersome. You need to add scripting to manage focus, open and close states, accessible hooks into the components, keyboard bindings to enter and exit the experience, and that’s all even before you start building the useful, unique, core functionality of your popover.
To resolve this, a new set of declarative HTML APIs for building popovers is coming to browsers, starting with the
popoverAPI in Chromium 114.
Source: Introducing the popover API, an article by Una Kravets.
In the evening I found out that when saving an encrypted text file
from Aquamacs that the program became unresponsive until I pressed
C-g. After some Googling I learned that downgrading GNU Privacy
Guard to version 2.4.0 fixed this issue. I wrote about how to do
this with Mac Ports.
A month ago I blogged about ways to reduce strenuous key presses in my Emacs use. I analyzed my runs of chords in Emacs, then speculated on the merits of exclusive vs mixed editing. Since then I wrote an Emacs mode called god-mode. It’s a mode that you toggle in and out of, and when you’re in it, all keys are implicitly prefixed with
C-(among other helpful shortcuts). Over all, it’s been a resounding success. A couple other people, including the author of multiple mark mode, contributed some patches. I’ve been using it for a month and have been very satisfied.
Source: God-mode for Emacs, an article by Chris Done.
Then Brad Westfall reminded me of a Sass feature that, while small, is probably the one I miss the most every single time I write vanilla CSS: single line
//comments.
Source: Single Line Comments in CSS, an article by Jim Nielsen.
Before you can process your data with Pandas, you need to load it (from disk or remote storage). There are plenty of data formats supported by Pandas, from CSV, to JSON, to Parquet, and many others as well.
Which should you use?
- You don’t want loading the data to be slow, or use lots of memory: that’s pure overhead. Ideally you’d want a file format that’s fast, efficient, small, and broadly supported.
- You also want to make sure the loaded data has all the right types: numeric types, datetimes, and so on. Some data formats do a better job at this than others.
While there is no one true answer that works for everyone, this article will try to help you narrow down the field and make an informed decision.
Source: Choosing a good file format for Pandas, an article by Itamar Turner-Trauring.
If you are someone who is currently uploading signatures, your package uploads will continue to succeed, but any PGP signatures will be silently ignored. If you are someone who is currently downloading PGP signatures, existing signatures SHOULD continue to be available 1, but no new signatures will be made available. The related API fields such as
has_sighave all been hardcoded to always beFalse.
Source: Removing PGP from PyPI, an article by Donald Stufft.
I have been known for my notorious code reviews within the team, which some people hated, and others hated even more. In the end, it’s a joy to see the people who despised my reviews coming back and thanking me for a great time we both spent improving. Undoubtedly, my reviewing skills have a long way to go, but the positive feedback I’ve received over time motivated me to write this article. I would like to explore what made people love and hate my reviews, and how you can learn from that to become a better reviewer in your team.
Source: The Art of Code Review, an article by Artem Zakharchenko.
Historically, tooling hasn’t been the strongest aspect of the Haskell ecosystem. However, it has come a long way. A major contribution from the last few years is the Haskell Language Server (HLS). I wanted to learn more about GHC internals, and the general compilation pipeline. What better way to learn about these than to work on HLS, helping further improve Haskell tooling in the meanwhile?
Source: A Semester of HLS: An Internship Report, an article by Berk Özkütük.
If you’ve ever argued with your team about the way your JSON responses should be formatted, JSON:API can help you stop the bikeshedding and focus on what matters: your application.
By following shared conventions, you can increase productivity, take advantage of generalized tooling and best practices. Clients built around JSON:API are able to take advantage of its features around efficiently caching responses, sometimes eliminating network requests entirely.
Source: JSON:API — A specification for building APIs in JSON.
The
dtpseudo device driver is connected to/dev/dt, which is used to interact with the device throughioctlcalls.dtstand for "dynamic tracer", similar todtraceandbpftrace. It's a device that lets you interact with probes on various parts of the system.
Source: Dynamic Tracing on OpenBSD 7.3, an article by Dante Catalfamo.
Welcome to this series of blog posts where we will be exploring how to build a web server from scratch using the Rust programming language. We will be taking a hands-on approach, maximizing our learning experience by using as few dependencies as possible and implementing as much logic as we can. This will enable us to understand the inner workings of a web server and the underlying protocols that it uses.
Source: Build a web server with Rust and tokio, an article by Geoffrey Copin.