Tags: web-review, security, community, rss, type-systems, server, performance, frontend, developer-experience, teaching, power, craftsmanship, communication, cpu, kde, refactoring, tdd, copilot, asynchronous, supply-chain, safety, memory, quality, javascript, machine-learning, git, compiler, python, mathematics, version-control, ai, learning, social-media, privacy, django, foss, design, pairing, management, tests, sustainability, logic, dbus, dns, sqlite, gpt, optimization, mentoring, apple, burnout, databases, llama, ntp, static-analyzer, energy, rust, ssh, programming, processes, organization, web, coaching, complexity, c, tech, system, remote-working, time, scam
Let’s go for my web review for the week 2024-14. I will be vacationing next week, so I might skip next week post. We’ll see.
Tags: tech, foss
Well done LibreOffice! I’d love to see many more announcements like this one.
https://blog.documentfoundation.org/blog/2024/04/04/german-state-moving-30000-pcs-to-libreoffice/
Tags: tech, ssh, security, supply-chain
Good analysis of the backdoor recently discovered in xz. Really a bad situation. Luckily it was probably detected before it could do any real damage. What’s especially striking is the amount of patience it required, it’s really been put in place over a long stretch of time to reduce chances of detection.
https://www.openwall.com/lists/oss-security/2024/03/29/4
Tags: tech, foss, community, security
Excellent post showing unhealthy consumer/maintainer dynamics in FOSS projects. This particular example was instrumental in getting the xz backdoor in place.
Tags: tech, foss, security, burnout
You think the xz vulnerability was a one time event? Think again, this kind of bullying with ulterior motives happen regularly to critical projects.
Tags: tech, foss, sustainability, quality, security
Definitely a good idea, we’d need several such institutes across the world. Would governments be willing to try this?
https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI
Tags: tech, apple, privacy
Can we let the myth of Apple being a proper steward with data privacy to rest please? I don’t know why people took their claims for granted to start… with so much opacity, it’s not a claim you could trust.
https://www.aalto.fi/en/news/keeping-your-data-from-apple-is-harder-than-expected
Tags: tech, ai, machine-learning, gpt, scam
AI supercharged scam. I guess we’ll see more of those.
https://www.404media.co/a-law-firm-of-ai-generated-lawyers-is-sending-fake-threats-as-an-seo-scam/
Tags: tech, ai, machine-learning, copilot, gpt, security, supply-chain
You should be mindful of the dependencies you add. Even more so when the name of the dependency has been proposed by a coding assistant.
https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/
Tags: tech, ai, machine-learning, power, energy
Smaller models with smarter architectures and low-bit quantized models are two venues for more efficient use. I’m really curious how far they’ll go. This article focuses on low-bit quantized models and the prospects are interesting.
https://mobiusml.github.io/1bit_blog/
Tags: tech, ai, machine-learning, gpt, llama, optimization, performance, cpu
Excellent work to improve Llama execution speed on CPU. It probably has all the tricks of the trade to accelerate this compute kernel.
Tags: tech, rss, social-media
More people turning to RSS as a substitute for social media. There’s hope.
https://tudorr.ro/blog/zoomer-tries-rss/
Tags: tech, processes, dbus, kde, security
Interesting article, shows quite well the complexities of D-Bus and Polkit. Unsurprisingly such complexity easily leads to mistakes which can compromise security. This then hints to interesting things to keep in mind when you have to deal with D-Bus and Polkit.
https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html
Tags: tech, ntp, dns, time
Fascinating article which explores the behavior of the NTP Pool. If you wondered how it gives you an NTP server to query, you’ll know the answer. It also covers the consequences of its restrictive approach. This even raises security concerns. Still even though it’s not perfect this keeps being an essential service mostly run by volunteers.
https://labs.ripe.net/author/giovane_moura/ntp-pool-the-internet-timekeeper/
Tags: tech, rust, performance, refactoring, type-systems, memory
Nice balanced view on some of Rust characteristics. This is much less naive than some of the “Rust is great” posts out there.
https://blog.sdf.com/p/fast-development-in-rust-part-one
Tags: tech, memory, system
This is indeed a more interesting way to perceive garbage collection. This also lead to proper questions to explore on the topic.
https://xorvoid.com/on_garbage_collection.html
Tags: tech, databases, sqlite, server, performance, complexity
With some tuning SQLite can go a long way, even for server type workloads. There are still a few caveats but in some case this can reduce complexity and cost quite a bit.
https://kerkour.com/sqlite-for-servers
Tags: tech, craftsmanship, developer-experience, django, python
Another example of enforcing conventions using automated checks. This time using Python and Django tricks.
https://lukeplant.me.uk/blog/posts/enforcing-conventions-in-django-projects-with-introspection/
Tags: tech, javascript, web, frontend
A proposal for data bindings as first class citizens in JavaScript? This could be a good thing indeed.
https://github.com/proposal-signals/proposal-signals
Tags: tech, git, version-control
Or why a clean commit history can help quite a lot to find how and why a bug was introduced. This shows a few nice tricks around git log to speed up the process.
https://lucasoshiro.github.io/posts-en/2023-02-13-git-debug/
Tags: tech, c, memory, static-analyzer, compiler
Improved static analysis for C straight from GCC. This is definitely welcome.
https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler#
Tags: tech, programming, safety, logic, mathematics
On the importance of invariants and consistent requirements in our trade. Admittedly it’s a long demonstration but it show the point well.
https://www.hansdieterhiep.nl/blog/on-invariance-and-inconsistency/
Tags: tech, tests, tdd, design
This is indeed too often overlooked. Producing a test list and picking the tests in the right order is definitely a crucial skill to practice TDD. It goes hand in hand with software design skills.
https://tidyfirst.substack.com/p/tdds-missing-skill-behavioral-composition
Tags: tech, organization, community, craftsmanship
Lots of good advices of course. It goes a long way to improve the quality of the project and the ease to on-board people. This is quite some initial work though.
https://matklad.github.io/2024/03/22/basic-things.html
Tags: tech, teaching, learning, pairing
Funny experiment. This shows what you can achieve in terms of teaching and learning during pair programming setups. Shadowing someone is a powerful approach.
https://two-wrongs.com/programming-apprenticeships.html
Tags: management, coaching, mentoring
This is a nice way to frame the three activities. They help people progress but in different ways.
https://jacobian.org/2024/apr/1/mentorship-coaching-sponsorship/
Tags: tech, remote-working, asynchronous, communication
When you’re distributed, this is all about asynchronous communication. You can’t walk to a person desk (and you should probably avoid it anyway if colocated).
https://www.yegor256.com/2024/04/01/ping-me-please.html
Bye for now!