Language Selection

English French German Italian Portuguese Spanish

Programming News

Filed under
Development
  • Open Source Survey Shows Python Love, Security Pain Points

    ActiveState published results of a survey conducted to examine challenges faced by developers who work with open source runtimes, revealing love for Python and security pain points.

  • Study Finds Lukewarm Corporate Engagement With Open Source

    Companies expect developers to use open source tools at work, but few make substantial contributions in return

    Developers say that nearly three-quarters of their employers expect them to use open source software to do their jobs, but that those same companies’ contribution to the open source world is relatively low, with only 25 percent contributing more than $1,000 (£768) a year to open source projects.

    Only a small number of employers, 18 percent, contribute to open source foundations, and only 34 percent allow developers to use company time to make open source contributions, according to a new study.

    The study follows IBM’s announcement last week that it plans to buy Linux maker Red Hat for $34 billion (£26m) in order to revitalise its growth in the cloud market, an indication of the importance of open source in the booming cloud industry.

    The report by cloud technology provider DigitalOcean, based on responses from more than 4,300 developers around the world, is the company’s fifth quarterly study on developer trends, with this edition focusing entirely on open source.

  • On learning Go and a comparison with Rust

    I spoke at the AKL Rust Meetup last month (slides) about my side project doing data mining in Rust. There were a number of engineers from Movio there who use Go, and I've been keen for a while to learn Go and compare it with Rust and Python for my data mining side projects, so that inspired me to knuckle down and learn Go.

    Go is super simple. I was able to learn the important points in a couple of evenings by reading GoByExample, and I very quickly had an implementation of the FPGrowth algorithm in Go up and running. For reference, I also have implementations of FPGrowth in Rust, Python, Java and C++.

  • anytime 0.3.2

    A new minor release of the anytime package arrived on CRAN this morning. This is the thirteenth release, and the first since July as the package has gotten feature-complete.

    anytime is a very focused package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, … format to either POSIXct or Date objects – and to do so without requiring a format string. See the anytime page, or the GitHub README.md for a few examples.

Warnings Are Your Friend – A Code Quality Primer

  • Warnings Are Your Friend – A Code Quality Primer

    If there’s one thing C is known and (in)famous for, it’s the ease of shooting yourself in the foot with it. And there’s indeed no denying that the freedom C offers comes with the price of making it our own responsibility to tame and keep the language under control. On the bright side, since the language’s flaws are so well known, we have a wide selection of tools available that help us to eliminate the most common problems and blunders that could come back to bite us further down the road. The catch is, we have to really want it ourselves, and actively listen to what the tools have to say.

    We often look at this from a security point of view and focus on exploitable vulnerabilities, which you may not see as valid threat or something you need to worry about in your project. And you are probably right with that, not every flaw in your code will lead to attackers taking over your network or burning down your house, the far more likely consequences are a lot more mundane and boring. But that doesn’t mean you shouldn’t care about them.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

Ditching Out-of-Date Documentation Infrastructure

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out." He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel. Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now. Read more

Mozilla: Rust 1.32.0, Privacy, UX and Firefox Nightly

  • Announcing Rust 1.32.0
    The Rust team is happy to announce a new version of Rust, 1.32.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.
  • Rust 1.32 Released With New Debugger Macro, Jemalloc Disabled By Default
    For fans of Rustlang, it's time to fire up rustup: Rust 1.32 is out today as the latest feature update for this increasingly popular programming language. The Rust 1.32 release brings dbg!() as a new debug macro to print the value of a variable as well as its file/line-number and it works with more than just variables but also commands.
  • Julien Vehent: Maybe don't throw away your VPN just yet...
    At Mozilla, we've long adopted single sign on, first using SAML, nowadays using OpenID Connect (OIDC). Most of our applications, both public facing and internal, require SSO to protect access to privileged resources. We never trust the network and always require strong authentication. And yet, we continue to maintain VPNs to protect our most sensitive admin panels. "How uncool", I hear you object, "and here we thought you were all about DevOps and shit". And you would be correct, but I'm also pragmatic, and I can't count the number of times we've had authentication bugs that let our red team or security auditors bypass authentication. The truth is, even highly experienced programmers and operators make mistakes and will let a bug disable or fail to protect part of that one super sensitive page you never want to leave open to the internet. And I never blame them because SSO/OAuth/OIDC are massively complex protocols that require huge libraries that fail in weird and unexpected ways. I've never reached the point where I fully trust our SSO, because we find one of those auth bypass every other month. Here's the catch: they never lead to major security incidents because we put all our admin panels behind a good old VPN.
  • Reflections on a co-design workshop
    Co-design workshops help designers learn first-hand the language of the people who use their products, in addition to their pain points, workflows, and motivations. With co-design methods [1] participants are no longer passive recipients of products. Rather, they are involved in the envisioning and re-imagination of them. Participants show us what they need and want through sketching and design exercises. The purpose of a co-design workshop is not to have a pixel-perfect design to implement, rather it’s to learn more about the people who use or will use the product, and to involve them in generating ideas about what to design. We ran a co-design workshop at Mozilla to inform our product design, and we’d like to share our experience with you. [...] Our UX team was tasked with improving the Firefox browser extension experience. When people create browser extensions, they use a form to submit their creations. They submit their code and all the metadata about the extension (name, description, icon, etc.). The metadata provided in the submission form is used to populate the extension’s product page on addons.mozilla.org.
  • Firefox Nightly: These Weeks in Firefox: Issue 51

Mesa 18.3.2

Mesa 18.3.2 is now available. In this release candidate we have added more PCI IDs for AMD Vega devices and a number of fixes for the RADV Vulkan drivers. On the Intel side we have a selection ranging from quad swizzles support for ICL to compiler fixes. The nine state tracker has also seen some love as do the Broadcom drivers. To top it all up, we have a healthy mount of build system fixes. Alex Deucher (3): pci_ids: add new vega10 pci ids pci_ids: add new vega20 pci id pci_ids: add new VegaM pci id Alexander von Gluck IV (1): egl/haiku: Fix reference to disp vs dpy Andres Gomez (2): glsl: correct typo in GLSL compilation error message glsl/linker: specify proper direction in location aliasing error Axel Davy (3): st/nine: Fix volumetexture dtor on ctor failure st/nine: Bind src not dst in nine_context_box_upload st/nine: Add src reference to nine_context_range_upload Bas Nieuwenhuizen (5): radv: Do a cache flush if needed before reading predicates. radv: Implement buffer stores with less than 4 components. anv/android: Do not reject storage images. radv: Fix rasterization precision bits. spirv: Fix matrix parameters in function calls. Caio Marcelo de Oliveira Filho (3): nir: properly clear the entry sources in copy_prop_vars nir: properly find the entry to keep in copy_prop_vars nir: remove dead code from copy_prop_vars Dave Airlie (2): radv/xfb: fix counter buffer bounds checks. virgl/vtest: fix front buffer flush with protocol version 0. Dylan Baker (6): meson: Fix ppc64 little endian detection meson: Add support for gnu hurd meson: Add toggle for glx-direct meson: Override C++ standard to gnu++11 when building with altivec on ppc64 meson: Error out if building nouveau and using LLVM without rtti autotools: Remove tegra vdpau driver Emil Velikov (13): docs: add sha256 checksums for 18.3.1 bin/get-pick-list.sh: rework handing of sha nominations bin/get-pick-list.sh: warn when commit lists invalid sha cherry-ignore: meson: libfreedreno depends upon libdrm (for fence support) glx: mandate xf86vidmode only for "drm" dri platforms meson: don't require glx/egl/gbm with gallium drivers pipe-loader: meson: reference correct library TODO: glx: meson: build dri based glx tests, only with -Dglx=dri glx: meson: drop includes from a link-only library glx: meson: wire up the dispatch-index-check test glx/test: meson: assorted include fixes Update version to 18.3.2 docs: add release notes for 18.3.2 Eric Anholt (6): v3d: Fix a leak of the transfer helper on screen destroy. vc4: Fix a leak of the transfer helper on screen destroy. v3d: Fix a leak of the disassembled instruction string during debug dumps. v3d: Make sure that a thrsw doesn't split a multop from its umul24. v3d: Add missing flagging of SYNCB as a TSY op. gallium/ttn: Fix setup of outputs_written. Erik Faye-Lund (2): virgl: wrap vertex element state in a struct virgl: work around bad assumptions in virglrenderer Francisco Jerez (5): intel/fs: Handle source modifiers in lower_integer_multiplication(). intel/fs: Implement quad swizzles on ICL+. intel/fs: Fix bug in lower_simd_width while splitting an instruction which was already split. intel/eu/gen7: Fix brw_MOV() with DF destination and strided source. intel/fs: Respect CHV/BXT regioning restrictions in copy propagation pass. Ian Romanick (2): i965/vec4/dce: Don't narrow the write mask if the flags are used Revert "nir/lower_indirect: Bail early if modes == 0" Jan Vesely (1): clover: Fix build after clang r348827 Jason Ekstrand (6): nir/constant_folding: Fix source bit size logic intel/blorp: Be more conservative about copying clear colors spirv: Handle any bit size in vector_insert/extract anv/apply_pipeline_layout: Set the cursor in lower_res_reindex_intrinsic spirv: Sign-extend array indices intel/peephole_ffma: Fix swizzle propagation Karol Herbst (1): nv50/ir: fix use-after-free in ConstantFolding::visit Kirill Burtsev (1): loader: free error state, when checking the drawable type Lionel Landwerlin (5): anv: don't do partial resolve on layer > 0 i965: include draw_params/derived_draw_params for VF cache workaround i965: add CS stall on VF invalidation workaround anv: explictly specify format for blorp ccs/mcs op anv: flush fast clear colors into compressed surfaces Marek Olšák (1): st/mesa: don't leak pipe_surface if pipe_context is not current Mario Kleiner (1): radeonsi: Fix use of 1- or 2- component GL_DOUBLE vbo's. Nicolai Hähnle (1): meson: link LLVM 'native' component when LLVM is available Rhys Perry (3): radv: don't set surf_index for stencil-only images ac/nir,radv,radeonsi/nir: use correct indices for interpolation intrinsics ac: split 16-bit ssbo loads that may not be dword aligned Rob Clark (2): freedreno/drm: fix memory leak mesa/st/nir: fix missing nir_compact_varyings Samuel Pitoiset (1): radv: switch on EOP when primitive restart is enabled with triangle strips Timothy Arceri (2): tgsi/scan: fix loop exit point in tgsi_scan_tess_ctrl() tgsi/scan: correctly walk instructions in tgsi_scan_tess_ctrl() Vinson Lee (2): meson: Fix typo. meson: Fix libsensors detection. Read more Also: Mesa 18.3.2 Released With Many Fixes As Users Encouraged To Upgrade