Original title: My Experience with Gleam: A Type-Safe Language for the Erlang VM
The author shares insights from their experience using Gleam, a type-safe language that runs on the Erlang virtual machine, to build an open-source feed aggregator. They highlight their background in dynamic languages and their appreciation for Rust's type system, which influenced their interest in Gleam. The feed reader's unique feature is sorting posts by reverse frequency rather than chronologically. The author discusses Gleam's design choices, such as its approach to imports and namespaces, and its emphasis on improving developer experience. They also explore error handling in Gleam, noting the challenges they faced and the differences from Erlang. The integration of Erlang/OTP is seen as a significant advantage, although the author notes that the OTP abstractions in Gleam are still evolving. They conclude that while Gleam may not be a general-purpose language, its type system and error handling provide distinct benefits, and they are curious about the balance between type safety and Erlang's fault-tolerant philosophy.
Original title: I Tried Sending Packets Using a Transport Protocol That Doesn’t Exist
The article explores the intricacies of network protocols, particularly focusing on a custom transport protocol called HDP. The author conducts experiments to see how different operating systems and network devices handle packets with unconventional protocol numbers. Initially, the author successfully sends HDP packets to their local machine, demonstrating that the OS accepts the custom protocol. However, when attempting to send packets over the internet, the results vary significantly based on the cloud provider and the network's handling of non-standard protocols. The experiments reveal that while some packets are accepted, many are dropped or blocked by the OS or network devices, highlighting the challenges of using custom protocols in real-world scenarios. Ultimately, the author concludes that using established protocols like TCP or UDP is advisable due to their reliability and compatibility across different systems.
Original title: Mixing up Public and Private Keys in OpenID Connect deployments
A tool named badkeys was developed to check cryptographic public keys for vulnerabilities, particularly in OpenID Connect setups. OpenID Connect allows users to log in via services like Google or Facebook, utilizing JSON Web Key Sets (JWKS) for authentication. The author discovered that the serialization format for public and private keys is identical, leading to potential confusion and misuse, as private keys can be mistakenly used as public keys. This issue was found in nine hosts, including those belonging to notable companies, which have since been fixed. Additionally, vulnerabilities were identified in RSA keys, with seven hosts using 512-bit keys known to be easily breakable and 45 using 1024-bit keys, which are also considered insecure. The author reported these vulnerabilities, but many remain unaddressed. Recommendations for improvement include enforcing checks for private keys in JWKS and limiting RSA key sizes to enhance security.
Original title: zlib-rs is faster than C
Version 0.4.2 of zlib-rs has been released, claiming to be the fastest API-compatible zlib implementation for decompression, outperforming both zlib-ng and zlib-chromium in key benchmarks. The team has implemented multiversioning to optimize performance based on CPU capabilities, although this requires some unsafe code due to Rust's current limitations. They also introduced DFA optimizations to enhance performance when processing small data chunks. Benchmarks indicate zlib-rs significantly outperforms zlib-ng for most relevant chunk sizes, achieving over 10% speed improvements for 1kb inputs. While compression performance has improved, zlib-rs is still slower than zlib-ng for many levels, although it excels at the default and best compression levels. The implementation can be utilized in both C and Rust projects, with ongoing efforts to enhance compression performance and complete the API for gzip files. The team is seeking €95,000 in funding to support further development.
Original title: Kebab quality near train stations: An informal study
A hypothesis from a French subreddit suggested that kebabs closer to train stations are of lower quality. To investigate this, an informal study was conducted in Paris, utilizing OSMnx for mapping and the Google Places API for data collection. The study identified 400 kebab-serving establishments and analyzed their proximity to train and metro stations. Despite a Pearson's correlation coefficient of 0.091, indicating a weak relationship, further analysis showed no significant evidence to support the hypothesis. Factors such as the subjectivity of Google reviews and potential tourism impacts were acknowledged as limitations. The study concluded that while some outliers suggested a possible trend, the overall correlation was too weak to draw definitive conclusions. The author expressed interest in conducting a follow-up study to explore the topic further, especially considering contrary experiences shared by users in the original subreddit.
Original title: How to Give a Good Talk
Many conference talks fall into two categories: personal project updates and product advertisements, which can be tedious and uninformative. To improve the quality of presentations, the author suggests focusing on distillation, where speakers organize and communicate existing knowledge effectively, as seen in notable examples like Subhadeep Sarkar's LSM tutorial and Mike Acton's talk on data-oriented design. Another approach is adversarial collaboration, where opposing viewpoints work together to conduct experiments and share findings, a method that has seen success in psychology but is rare in software. The importance of replication is highlighted, as many benchmarks in software are often unverifiable, leading to misconceptions. Lastly, discussing failures is crucial, as understanding past mistakes can guide future attempts. By emphasizing these elements, speakers can create more engaging and informative talks, while conference organizers could benefit from dedicating tracks to these themes, potentially leading to a more enriching experience for attendees.
Original title: Reviewing Canadian VPS Providers: A Look at Performance, Pricing, and Features
A user revisits Canadian VPS offerings after a decade, evaluating three providers based in Montreal and Victoria. The first provider offers a 'Ruby' VPS with 3 cores, 12GB RAM, and 275GB SSD for $103.48 CAD/month, praised for its technical marketing and engagement despite some gimmicks. The second, Globo.Tech, provides a more flexible VPS with 4 cores, 6GB RAM, and 150GB SSD for $112.28 CAD/month, noted for its polished appearance and long company history, though it is considered expensive. The third, FullHost, offers an 'Advanced' VM with 4 cores, 16GB RAM, and 160GB NVMe SSD for $89.60 CAD/month, appealing due to its multiple Canadian data centers and solid performance, but criticized for UI bugs and billing issues. Overall, the user finds FullHost the best fit for their needs, citing better performance and cost-effectiveness compared to DigitalOcean, while expressing concerns about the lack of IPv6 support across all providers.
Original title: Git Config Settings You Should Probably Enable
The article discusses various Git configuration settings that can enhance user experience and efficiency, suggesting that some should be default options. It highlights settings that improve branch and tag listing, such as sorting by commit date and version numbers, and proposes changing the default branch name to 'main'. The author emphasizes the benefits of using the histogram diff algorithm over the outdated myers algorithm, and recommends settings for better push and fetch behaviors, including automatic upstream setup and pruning of deleted branches. Additionally, it mentions the usefulness of enabling autocorrect prompts, verbose commit messages, and reusing recorded resolutions for conflicts. The article also touches on personal preferences for merge conflict styles and pull behaviors, suggesting that users can customize their configurations based on their workflows. Overall, the piece aims to inform users about lesser-known settings that can significantly improve their Git experience.
Original title: Version Control for Blogs: Why and How I Built a System
The author reflects on the decision to implement a versioning system for their blog after a friend's inquiry about the frequency of updates. While version control is typically unnecessary for personal blogs, the author recognizes the evolving nature of blog content, which can require updates for accuracy and relevance. Traditional versioning systems like Semantic Versioning (SemVer) and Calendar Versioning (CalVer) do not adequately capture the nuances of blog updates, prompting the author to create a tailored system. This new versioning format includes components such as the year, a sequential update counter, the type of update, and the date of the latest change. The author has also developed a script to automate the tracking of changes, updating the footer version number, and generating changelogs. Although the system is still experimental and may seem excessive for a personal blog, it allows for systematic tracking of the blog's evolution over time, potentially leading to insights about its growth.
Original title: Smart Pointers Can't Solve Use-After-Free
Smart pointers in C++ do not guarantee safety against use-after-free errors because they cannot be used universally, particularly in cases involving internal raw pointers in types that are not user-controlled. For instance, when using std::vector, iterators can become invalid if the vector is modified during iteration, leading to dangling pointers. This issue arises when the vector reallocates its storage upon adding new elements, causing existing iterators to point to freed memory. Similar problems occur with std::span and std::lock_guard, where the underlying data can be invalidated while still being referenced. These examples illustrate that while smart pointers like shared_ptr can prevent certain types of dangling pointers, they cannot eliminate all risks associated with raw pointers, highlighting the need for more robust memory management strategies found in languages like Rust.
Original title: The Evolution of APL
The evolution of APL, as recounted in the HOPL I paper by Falkoff and Iverson, highlights the fundamental design principles that shaped its implementation in 1966 and its early uses. Over the past 40 years, numerous APL implementations have emerged, often tied to specific hardware or operating systems, but more recent developments have allowed for greater longevity and portability through the use of C as an implementation language. Initially developed for IBM mainframes, APL has transitioned to various platforms, including PCs, tablets, and smartphones. The evolution of operating systems and software application platforms has significantly altered the landscape in which APL operates, with tools like database systems taking over many tasks originally handled by APL. The first major enhancements to the language occurred shortly after HOPL I, introducing general arrays and new functions that aligned with these data structures. While most implementations followed IBM's APL2 model, others, like J and k, emerged from the SHARP APL lineage. The history of APL spans six decades, and its evolution continues, indicating that its development is far from complete.
Original title: modernc.org/tk9.0: A Go package for Tcl/Tk 9.0 without C dependencies
A new Go package, modernc.org/tk9.0, allows developers to utilize Tcl/Tk 9.0 without relying on C library dependencies. This package includes a full Tcl 9 interpreter, enabling the execution of arbitrary Tcl code. Users can create a binary from a Tcl source file by setting up a Go wrapper, which involves embedding the Tcl code and initializing the necessary extensions and themes. The example provided demonstrates how to set up a Tiny Excel-like app using Go, including commands for initializing the Go module and downloading dependencies. The final binary size is approximately 8.3 MiB for Linux and 8.9 MiB for Windows, with options for cross-compilation available. Additionally, users are advised on building static binaries and the importance of using the appropriate libc for Linux systems.
Original title: Vinyl Records and Web Frameworks: A Reflection on Simplicity and Utility
Vinyl records symbolize a shift in music distribution, emphasizing simplicity and longevity, much like how old websites still function effectively today. Despite advancements in web technologies, the foundational elements of web development remain intact, with Ruby on Rails providing a straightforward approach to building applications. Rails has been instrumental for many successful companies, offering tools that simplify complex tasks through abstraction. In contrast, Next.js has emerged as a popular framework for startups, enabling dynamic and polished web applications that rival native mobile apps. However, while Next.js offers enhanced capabilities, it also introduces complexity and potential instability due to frequent updates and reliance on third-party services. Rails continues to be relevant, especially for solo developers and small teams, due to its simplicity and effectiveness in managing backend operations. Despite facing challenges with modern AI applications, Rails maintains its utility, reminding users that product functionality often outweighs the intricacies of implementation.
Original title: V8's JetStream2 Benchmark Optimization: 2.5x Speedup in async-fs
V8 has made significant strides in enhancing JavaScript performance by optimizing the async-fs benchmark, achieving a 2.5x speedup. The optimization focused on the Math.random function, which previously caused performance bottlenecks due to its reliance on a custom, deterministic implementation that allocated new HeapNumber objects on each call. Profiling revealed that the use of floating-point arithmetic slowed down operations, as the compiler could not fully leverage integer operations. To resolve these issues, V8 introduced mutable heap number slots and improved slot type tracking, allowing the seed variable to be updated in place without new allocations. This change enables the compiler to generate optimized integer instructions, avoiding the overhead associated with floating-point calculations. The result is a notable improvement in the async-fs benchmark, contributing to a 1.6% increase in the overall JetStream2 score, highlighting the impact of targeted optimizations on performance.