week 21, 2023

Mypy 1.3 Released

We’ve just uploaded mypy 1.3 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes.

Source: Mypy 1.3 Released an article by Wesley Collin Wright.

How to Get Started with Tree-Sitter

Emacs 29 introduces tree-sitter support, a powerful parsing library that enhances its understanding of source code. With this integration, Emacs gains features like precise syntax highlighting, accurate indentation and easier extensibility. Here's how you install and configure Emacs with tree-sitter support.

Source: How to Get Started with Tree-Sitter, an article by Mickey Petersen.

Six Ducklings

On our way to the shopping mall in Naaldwijk I spotted a duck. When I walked into the duck's direction I noticed that she had six small ducklings, so I took the photo below.

Six ducklings
Six ducklings.

Finding The Best Go Project Structure

This is a story about the journey we’ve been on at HUMAN Security to find the best project structure for Go, what decisions we’ve made based on our exploration, and the conclusions we’ve drawn. We’ve created an open-source template repository for the final structure, and a branch containing a tiny example project alongside. To use this template, fork the repository or use it as a template.

Source: Finding The Best Go Project Structure - Part 1, an article by Aviv Carmi.

John Wick: Chapter 4 (2023)

John Wick uncovers a path to defeating The High Table. But before he can earn his freedom, Wick must face off against a new enemy with powerful alliances across the globe and forces that turn old friends into foes.

In the evening I watched John Wick: Chapter 4. At first, Esme was watching as well. But she was very tired so she fell asleep a few times during the movie. Alice was making "Hello, Kitty" cookies and also watched parts.

The movie was a lot, and I mean a lot, of killing. At times it looked (probably on purpose) like a computer game. I didn't like the movie much and give it a 6 out of 10. Of the recent carnage movies I liked Sisu more.

Don't abuse su for dropping user privileges

Like M. Fielder's and M. Hunter's 1986 book, one can find many instances in books, on the World Wide Web, in tutorials, and even on manual pages, of abusing su for dropping superuser privileges and running programs with ordinary user privileges — in cron jobs, /etc/rc scripts, init.d scripts, and even from /etc/inittab. They are all wrong.

Don't abuse su for this purpose. It has never in fact been the function of su, and for the past two decades people have been triggering errors with this abusage. Over the past decade or so, as of 2014, this error has gradually become more and more blatant, going from a few ignorable warning messages in obscure log files to systems that fail to function, but it has in fact been there all of this time.

Source: Don't abuse su for dropping user privileges, an article by Jonathan de Boyne Pollard.

IPinfo's Free IP Address Location Database

In March, IPinfo began offering a free, file-based country-level dataset download for IPv4 and IPv6 addresses. This file is the result of over 900 TB of data on BigQuery being synthesized down into a file a few MB in size. The downloads are refreshed daily so changes in IPv4 locations and ownership can be seen with 24-hour granularity.

In this blog post, I'll walk through downloading this dataset as well as looking at some interesting IP address space analysis that it can be used for.

Source: IPinfo's Free IP Address Location Database, an article by Mark Litwintschik.

Renfield (2023)

Renfield, Dracula's henchman and inmate at the lunatic asylum for decades, longs for a life away from the Count, his various demands, and all of the bloodshed that comes with them.

In the evening Alice, Adam, and I watched Renfield. I liked the movie and give it a 7 out of 10.

Introducing the popover API

Popovers are everywhere on the web. You can see them in menus, toggletips, and dialogs, which could manifest as account settings, disclosure widgets, and product card previews. Despite how prevalent these components are, building them in browsers is still surprisingly cumbersome. You need to add scripting to manage focus, open and close states, accessible hooks into the components, keyboard bindings to enter and exit the experience, and that’s all even before you start building the useful, unique, core functionality of your popover.

To resolve this, a new set of declarative HTML APIs for building popovers is coming to browsers, starting with the popover API in Chromium 114.

Source: Introducing the popover API, an article by Una Kravets.

God-mode for Emacs

A month ago I blogged about ways to reduce strenuous key presses in my Emacs use. I analyzed my runs of chords in Emacs, then speculated on the merits of exclusive vs mixed editing. Since then I wrote an Emacs mode called god-mode. It’s a mode that you toggle in and out of, and when you’re in it, all keys are implicitly prefixed with C- (among other helpful shortcuts). Over all, it’s been a resounding success. A couple other people, including the author of multiple mark mode, contributed some patches. I’ve been using it for a month and have been very satisfied.

Source: God-mode for Emacs, an article by Chris Done.

Choosing a good file format for Pandas

Before you can process your data with Pandas, you need to load it (from disk or remote storage). There are plenty of data formats supported by Pandas, from CSV, to JSON, to Parquet, and many others as well.

Which should you use?

  • You don’t want loading the data to be slow, or use lots of memory: that’s pure overhead. Ideally you’d want a file format that’s fast, efficient, small, and broadly supported.
  • You also want to make sure the loaded data has all the right types: numeric types, datetimes, and so on. Some data formats do a better job at this than others.

While there is no one true answer that works for everyone, this article will try to help you narrow down the field and make an informed decision.

Source: Choosing a good file format for Pandas, an article by Itamar Turner-Trauring.

Removing PGP from PyPI

If you are someone who is currently uploading signatures, your package uploads will continue to succeed, but any PGP signatures will be silently ignored. If you are someone who is currently downloading PGP signatures, existing signatures SHOULD continue to be available 1, but no new signatures will be made available. The related API fields such as has_sig have all been hardcoded to always be False.

Source: Removing PGP from PyPI, an article by Donald Stufft.

The Art of Code Review

I have been known for my notorious code reviews within the team, which some people hated, and others hated even more. In the end, it’s a joy to see the people who despised my reviews coming back and thanking me for a great time we both spent improving. Undoubtedly, my reviewing skills have a long way to go, but the positive feedback I’ve received over time motivated me to write this article. I would like to explore what made people love and hate my reviews, and how you can learn from that to become a better reviewer in your team.

Source: The Art of Code Review, an article by Artem Zakharchenko.

A Semester of HLS: An Internship Report

Historically, tooling hasn’t been the strongest aspect of the Haskell ecosystem. However, it has come a long way. A major contribution from the last few years is the Haskell Language Server (HLS). I wanted to learn more about GHC internals, and the general compilation pipeline. What better way to learn about these than to work on HLS, helping further improve Haskell tooling in the meanwhile?

Source: A Semester of HLS: An Internship Report, an article by Berk Özkütük.


If you’ve ever argued with your team about the way your JSON responses should be formatted, JSON:API can help you stop the bikeshedding and focus on what matters: your application.

By following shared conventions, you can increase productivity, take advantage of generalized tooling and best practices. Clients built around JSON:API are able to take advantage of its features around efficiently caching responses, sometimes eliminating network requests entirely.

Source: JSON:API — A specification for building APIs in JSON.

Build a web server with Rust and tokio

Welcome to this series of blog posts where we will be exploring how to build a web server from scratch using the Rust programming language. We will be taking a hands-on approach, maximizing our learning experience by using as few dependencies as possible and implementing as much logic as we can. This will enable us to understand the inner workings of a web server and the underlying protocols that it uses.

Source: Build a web server with Rust and tokio, an article by Geoffrey Copin.