Original title: Useless Use of Cat
The content discusses common misconceptions and inefficient practices in Unix shell scripting, particularly focusing on the so-called 'Useless Use of Cat' and other command redundancies. It emphasizes that using 'cat' to view a single file is often unnecessary, suggesting alternatives like 'less'. The article critiques the use of backticks in commands, advocating for simpler constructs that avoid potential pitfalls, such as exceeding command line length limits. It also highlights the inefficiency of using 'ls *' in loops, as the shell already expands wildcards. Additionally, it addresses the misuse of 'kill -9', recommending a more graceful approach to terminating processes. The author encourages users to adopt cleaner coding practices and to be mindful of command efficiency.
Original title: My Experience with Gleam: A Type-Safe Language for the Erlang VM
The author shares insights from their experience using Gleam, a type-safe language that runs on the Erlang virtual machine, to build an open-source feed aggregator. They highlight their background in dynamic languages and their appreciation for Rust's type system, which influenced their interest in Gleam. The feed reader's unique feature is sorting posts by reverse frequency rather than chronologically. The author discusses Gleam's design choices, such as its approach to imports and namespaces, and its emphasis on improving developer experience. They also explore error handling in Gleam, noting the challenges they faced and the differences from Erlang. The integration of Erlang/OTP is seen as a significant advantage, although the author notes that the OTP abstractions in Gleam are still evolving. They conclude that while Gleam may not be a general-purpose language, its type system and error handling provide distinct benefits, and they are curious about the balance between type safety and Erlang's fault-tolerant philosophy.
Original title: We use cookies to ensure that we give you the best experience on our website.
The content discusses the importance of cookies for optimal website functionality, highlighting that users may experience issues if their browsers do not support cookies. It emphasizes that cookies are essential for providing the best user experience on the site, as they help in storing user preferences and improving site performance. The message is clear that without cookie support, users may face limitations in accessing certain features or content on the website, which could hinder their overall experience.
Original title: I Tried Sending Packets Using a Transport Protocol That Doesn’t Exist
The article explores the intricacies of network protocols, particularly focusing on a custom transport protocol called HDP. The author conducts experiments to see how different operating systems and network devices handle packets with unconventional protocol numbers. Initially, the author successfully sends HDP packets to their local machine, demonstrating that the OS accepts the custom protocol. However, when attempting to send packets over the internet, the results vary significantly based on the cloud provider and the network's handling of non-standard protocols. The experiments reveal that while some packets are accepted, many are dropped or blocked by the OS or network devices, highlighting the challenges of using custom protocols in real-world scenarios. Ultimately, the author concludes that using established protocols like TCP or UDP is advisable due to their reliability and compatibility across different systems.
Original title: zlib-rs is faster than C
Version 0.4.2 of zlib-rs has been released, claiming to be the fastest API-compatible zlib implementation for decompression, outperforming both zlib-ng and zlib-chromium in key benchmarks. The team has implemented multiversioning to optimize performance based on CPU capabilities, although this requires some unsafe code due to Rust's current limitations. They also introduced DFA optimizations to enhance performance when processing small data chunks. Benchmarks indicate zlib-rs significantly outperforms zlib-ng for most relevant chunk sizes, achieving over 10% speed improvements for 1kb inputs. While compression performance has improved, zlib-rs is still slower than zlib-ng for many levels, although it excels at the default and best compression levels. The implementation can be utilized in both C and Rust projects, with ongoing efforts to enhance compression performance and complete the API for gzip files. The team is seeking €95,000 in funding to support further development.
Original title: Mixing up Public and Private Keys in OpenID Connect deployments
A tool named badkeys was developed to check cryptographic public keys for vulnerabilities, particularly in OpenID Connect setups. OpenID Connect allows users to log in via services like Google or Facebook, utilizing JSON Web Key Sets (JWKS) for authentication. The author discovered that the serialization format for public and private keys is identical, leading to potential confusion and misuse, as private keys can be mistakenly used as public keys. This issue was found in nine hosts, including those belonging to notable companies, which have since been fixed. Additionally, vulnerabilities were identified in RSA keys, with seven hosts using 512-bit keys known to be easily breakable and 45 using 1024-bit keys, which are also considered insecure. The author reported these vulnerabilities, but many remain unaddressed. Recommendations for improvement include enforcing checks for private keys in JWKS and limiting RSA key sizes to enhance security.
Original title: Vinyl Records and Web Frameworks: A Reflection on Simplicity and Utility
Vinyl records symbolize a shift in music distribution, emphasizing simplicity and longevity, much like how old websites still function effectively today. Despite advancements in web technologies, the foundational elements of web development remain intact, with Ruby on Rails providing a straightforward approach to building applications. Rails has been instrumental for many successful companies, offering tools that simplify complex tasks through abstraction. In contrast, Next.js has emerged as a popular framework for startups, enabling dynamic and polished web applications that rival native mobile apps. However, while Next.js offers enhanced capabilities, it also introduces complexity and potential instability due to frequent updates and reliance on third-party services. Rails continues to be relevant, especially for solo developers and small teams, due to its simplicity and effectiveness in managing backend operations. Despite facing challenges with modern AI applications, Rails maintains its utility, reminding users that product functionality often outweighs the intricacies of implementation.
Original title: I Went To SQL Injection Court
In Illinois, a legal battle emerged over whether public bodies can conceal information from Freedom of Information Act (FOIA) requests by keeping it in databases. The case was initiated by civic hacker Matt Chapman, who sought access to the CANVAS database schema from the City of Chicago, which was denied under an exemption claiming it could jeopardize system security. Expert testimony was provided to argue that disclosing the schema would not compromise security, as vulnerabilities are found in application source code, not schemas. The trial court ruled in favor of Chapman, but the city appealed, leading to a complex legal discussion about the interpretation of FOIA exemptions. Ultimately, the Illinois Supreme Court ruled that database schemas could be classified as 'file layouts,' thus exempting them from FOIA disclosure. This decision raises concerns about transparency, as more public data is stored in databases, making it harder for citizens to access information. A proposed bill aims to amend the FOIA statute to require public bodies to provide descriptions of database structures, allowing for more effective information requests.
Original title: Kebab quality near train stations: An informal study
A hypothesis from a French subreddit suggested that kebabs closer to train stations are of lower quality. To investigate this, an informal study was conducted in Paris, utilizing OSMnx for mapping and the Google Places API for data collection. The study identified 400 kebab-serving establishments and analyzed their proximity to train and metro stations. Despite a Pearson's correlation coefficient of 0.091, indicating a weak relationship, further analysis showed no significant evidence to support the hypothesis. Factors such as the subjectivity of Google reviews and potential tourism impacts were acknowledged as limitations. The study concluded that while some outliers suggested a possible trend, the overall correlation was too weak to draw definitive conclusions. The author expressed interest in conducting a follow-up study to explore the topic further, especially considering contrary experiences shared by users in the original subreddit.
Original title: How to Give a Good Talk
Many conference talks fall into two categories: personal project updates and product advertisements, which can be tedious and uninformative. To improve the quality of presentations, the author suggests focusing on distillation, where speakers organize and communicate existing knowledge effectively, as seen in notable examples like Subhadeep Sarkar's LSM tutorial and Mike Acton's talk on data-oriented design. Another approach is adversarial collaboration, where opposing viewpoints work together to conduct experiments and share findings, a method that has seen success in psychology but is rare in software. The importance of replication is highlighted, as many benchmarks in software are often unverifiable, leading to misconceptions. Lastly, discussing failures is crucial, as understanding past mistakes can guide future attempts. By emphasizing these elements, speakers can create more engaging and informative talks, while conference organizers could benefit from dedicating tracks to these themes, potentially leading to a more enriching experience for attendees.
Original title: Reviewing Canadian VPS Providers: A Look at Performance, Pricing, and Features
A user revisits Canadian VPS offerings after a decade, evaluating three providers based in Montreal and Victoria. The first provider offers a 'Ruby' VPS with 3 cores, 12GB RAM, and 275GB SSD for $103.48 CAD/month, praised for its technical marketing and engagement despite some gimmicks. The second, Globo.Tech, provides a more flexible VPS with 4 cores, 6GB RAM, and 150GB SSD for $112.28 CAD/month, noted for its polished appearance and long company history, though it is considered expensive. The third, FullHost, offers an 'Advanced' VM with 4 cores, 16GB RAM, and 160GB NVMe SSD for $89.60 CAD/month, appealing due to its multiple Canadian data centers and solid performance, but criticized for UI bugs and billing issues. Overall, the user finds FullHost the best fit for their needs, citing better performance and cost-effectiveness compared to DigitalOcean, while expressing concerns about the lack of IPv6 support across all providers.
Original title: Version Control for Blogs: Why and How I Built a System
The author reflects on the decision to implement a versioning system for their blog after a friend's inquiry about the frequency of updates. While version control is typically unnecessary for personal blogs, the author recognizes the evolving nature of blog content, which can require updates for accuracy and relevance. Traditional versioning systems like Semantic Versioning (SemVer) and Calendar Versioning (CalVer) do not adequately capture the nuances of blog updates, prompting the author to create a tailored system. This new versioning format includes components such as the year, a sequential update counter, the type of update, and the date of the latest change. The author has also developed a script to automate the tracking of changes, updating the footer version number, and generating changelogs. Although the system is still experimental and may seem excessive for a personal blog, it allows for systematic tracking of the blog's evolution over time, potentially leading to insights about its growth.
Original title: Git Config Settings You Should Probably Enable
The article discusses various Git configuration settings that can enhance user experience and efficiency, suggesting that some should be default options. It highlights settings that improve branch and tag listing, such as sorting by commit date and version numbers, and proposes changing the default branch name to 'main'. The author emphasizes the benefits of using the histogram diff algorithm over the outdated myers algorithm, and recommends settings for better push and fetch behaviors, including automatic upstream setup and pruning of deleted branches. Additionally, it mentions the usefulness of enabling autocorrect prompts, verbose commit messages, and reusing recorded resolutions for conflicts. The article also touches on personal preferences for merge conflict styles and pull behaviors, suggesting that users can customize their configurations based on their workflows. Overall, the piece aims to inform users about lesser-known settings that can significantly improve their Git experience.