Blogs

Let’s go for my web review for the week 2024-14. I will be vacationing next week, so I might skip next week post. We’ll see.


German state moving 30,000 PCs to LibreOffice

Tags: tech, foss

Well done LibreOffice! I’d love to see many more announcements like this one.

https://blog.documentfoundation.org/blog/2024/04/04/german-state-moving-30000-pcs-to-libreoffice/


oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise

Tags: tech, ssh, security, supply-chain

Good analysis of the backdoor recently discovered in xz. Really a bad situation. Luckily it was probably detected before it could do any real damage. What’s especially striking is the amount of patience it required, it’s really been put in place over a long stretch of time to reduce chances of detection.

https://www.openwall.com/lists/oss-security/2024/03/29/4


A Microcosm of the interactions in Open Source projects

Tags: tech, foss, community, security

Excellent post showing unhealthy consumer/maintainer dynamics in FOSS projects. This particular example was instrumental in getting the xz backdoor in place.

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/


Bullying in Open Source Software Is a Massive Security Vulnerability

Tags: tech, foss, security, burnout

You think the xz vulnerability was a one time event? Think again, this kind of bullying with ulterior motives happen regularly to critical projects.

https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/


OSQI

Tags: tech, foss, sustainability, quality, security

Definitely a good idea, we’d need several such institutes across the world. Would governments be willing to try this?

https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI


Keeping your data from Apple is harder than expected | Aalto University

Tags: tech, apple, privacy

Can we let the myth of Apple being a proper steward with data privacy to rest please? I don’t know why people took their claims for granted to start… with so much opacity, it’s not a claim you could trust.

https://www.aalto.fi/en/news/keeping-your-data-from-apple-is-harder-than-expected


A ‘Law Firm’ of AI Generated Lawyers Is Sending Fake Threats as an SEO Scam

Tags: tech, ai, machine-learning, gpt, scam

AI supercharged scam. I guess we’ll see more of those.

https://www.404media.co/a-law-firm-of-ai-generated-lawyers-is-sending-fake-threats-as-an-seo-scam/


AI bots hallucinate software packages and devs download them • The Register

Tags: tech, ai, machine-learning, copilot, gpt, security, supply-chain

You should be mindful of the dependencies you add. Even more so when the name of the dependency has been proposed by a coding assistant.

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/


Towards 1-bit Machine Learning Models

Tags: tech, ai, machine-learning, power, energy

Smaller models with smarter architectures and low-bit quantized models are two venues for more efficient use. I’m really curious how far they’ll go. This article focuses on low-bit quantized models and the prospects are interesting.

https://mobiusml.github.io/1bit_blog/


LLaMA Now Goes Faster on CPUs

Tags: tech, ai, machine-learning, gpt, llama, optimization, performance, cpu

Excellent work to improve Llama execution speed on CPU. It probably has all the tricks of the trade to accelerate this compute kernel.

https://justine.lol/matmul/


Zoomer Tries RSS: In Praise of Yarr - tudor’s website

Tags: tech, rss, social-media

More people turning to RSS as a substitute for social media. There’s hope.

https://tudorr.ro/blog/zoomer-tries-rss/


KDE6 release: D-Bus and Polkit Galore | SUSE Security Team Blog

Tags: tech, processes, dbus, kde, security

Interesting article, shows quite well the complexities of D-Bus and Polkit. Unsurprisingly such complexity easily leads to mistakes which can compromise security. This then hints to interesting things to keep in mind when you have to deal with D-Bus and Polkit.

https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html


NTP Pool - The Internet Timekeeper | RIPE Labs

Tags: tech, ntp, dns, time

Fascinating article which explores the behavior of the NTP Pool. If you wondered how it gives you an NTP server to query, you’ll know the answer. It also covers the consequences of its restrictive approach. This even raises security concerns. Still even though it’s not perfect this keeps being an essential service mostly run by volunteers.

https://labs.ripe.net/author/giovane_moura/ntp-pool-the-internet-timekeeper/


Fast Development In Rust, Part One

Tags: tech, rust, performance, refactoring, type-systems, memory

Nice balanced view on some of Rust characteristics. This is much less naive than some of the “Rust is great” posts out there.

https://blog.sdf.com/p/fast-development-in-rust-part-one


On Garbage Collection

Tags: tech, memory, system

This is indeed a more interesting way to perceive garbage collection. This also lead to proper questions to explore on the topic.

https://xorvoid.com/on_garbage_collection.html


Optimizing SQLite for servers

Tags: tech, databases, sqlite, server, performance, complexity

With some tuning SQLite can go a long way, even for server type workloads. There are still a few caveats but in some case this can reduce complexity and cost quite a bit.

https://kerkour.com/sqlite-for-servers


Enforcing conventions in Django projects with introspection - lukeplant.me.uk

Tags: tech, craftsmanship, developer-experience, django, python

Another example of enforcing conventions using automated checks. This time using Python and Django tricks.

https://lukeplant.me.uk/blog/posts/enforcing-conventions-in-django-projects-with-introspection/


A proposal to add signals to JavaScript.

Tags: tech, javascript, web, frontend

A proposal for data bindings as first class citizens in JavaScript? This could be a good thing indeed.

https://github.com/proposal-signals/proposal-signals


Git as debugging tool - Lucas Seiki Oshiro

Tags: tech, git, version-control

Or why a clean commit history can help quite a lot to find how and why a bug was introduced. This shows a few nice tricks around git log to speed up the process.

https://lucasoshiro.github.io/posts-en/2023-02-13-git-debug/


Improvements to static analysis in the GCC 14 compiler | Red Hat Developer

Tags: tech, c, memory, static-analyzer, compiler

Improved static analysis for C straight from GCC. This is definitely welcome.

https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler#


On Invariance and Inconsistency

Tags: tech, programming, safety, logic, mathematics

On the importance of invariants and consistent requirements in our trade. Admittedly it’s a long demonstration but it show the point well.

https://www.hansdieterhiep.nl/blog/on-invariance-and-inconsistency/


TDD’s Missing Skill: Behavioral Composition - by Kent Beck

Tags: tech, tests, tdd, design

This is indeed too often overlooked. Producing a test list and picking the tests in the right order is definitely a crucial skill to practice TDD. It goes hand in hand with software design skills.

https://tidyfirst.substack.com/p/tdds-missing-skill-behavioral-composition


Basic Things

Tags: tech, organization, community, craftsmanship

Lots of good advices of course. It goes a long way to improve the quality of the project and the ease to on-board people. This is quite some initial work though.

https://matklad.github.io/2024/03/22/basic-things.html


Programming Apprenticeships

Tags: tech, teaching, learning, pairing

Funny experiment. This shows what you can achieve in terms of teaching and learning during pair programming setups. Shadowing someone is a powerful approach.

https://two-wrongs.com/programming-apprenticeships.html


Mentorship, coaching, sponsorship: three different — and equally important — tools for developing talent - Jacob Kaplan-Moss

Tags: management, coaching, mentoring

This is a nice way to frame the three activities. They help people progress but in different ways.

https://jacobian.org/2024/apr/1/mentorship-coaching-sponsorship/


Ping Me, Please!

Tags: tech, remote-working, asynchronous, communication

When you’re distributed, this is all about asynchronous communication. You can’t walk to a person desk (and you should probably avoid it anyway if colocated).

https://www.yegor256.com/2024/04/01/ping-me-please.html



Bye for now!