Google Icon Google

Google is funding rewrites of critical OSS projects in memory-safe languages

Dan Lorenc, from Google’s Infrastructure Security Team:

Software written in unsafe languages often contains hard-to-catch bugs that can result in severe security vulnerabilities, and we take these issues seriously at Google. That’s why we’re expanding our collaboration with the Internet Security Research Group to support the reimplementation of critical open-source software in memory-safe languages.

Notice he said “expanding our collaboration”, which must mean they’ve been doing this for a bit, but I wasn’t aware of the effort? An uplifting trend, regardless. Work is well underway:

The new Rust-based HTTP and TLS backends for curl and now this new TLS library for Apache httpd are an important starting point in this overall effort. These codebases sit at the gateway to the internet and their security is critical in the protection of data for millions of users worldwide.

Node.js github.com

UsTaxes – an open source tax filing web app

UsTaxes is an open source tax filing application that can be used to file the Federal 1040 form. It is different from paid tax preparation software in that it protects user privacy and is provided for free. It is available in both web and desktop formats.

The coolest thing about this (in addition to it being free-as-in-beer) is that it stores all data in the browser only, so your personal info never leaves your computer.

WIP Alert: You shouldn’t use it file your taxes for the 2020 / 2021 tax season, but it’s a great time to get involved and help this software become production-ready for the next go-around.

Career blog.nukemberg.com

Talent is largely a myth

As it turns out, most of what we hear about “talent” in the software industry is just plain wrong and based on naive and deprecated models if not outright self delusions.

The author goes on to explain how talent is multi-dimensional, isn’t static, and isn’t linear… then concludes by ruminating on these questions:

If all of these prevalent assumptions about talent are wrong, what does it say about our hiring and management practices? what do managers even mean when they set out to hire “good developers” given that their goodness cannot be measured and is highly volatile?

Related: I shared an Unpopular Opinion on my recent Go Time appearance (though Kris Brandow is convinced it will be actually popular) in this area of thought: I believe a primary trait shared by successful software developers is stubbornness. Not talent/intellect necessarily, but that downright refusal to give up until a solution is found. Listen in starting here and let me know if you agree or disagree in the discussion.

Teleport Icon Teleport – Sponsored

Comparing SSH keys - RSA, DSA, ECDSA, or EdDSA?

logged by @logbot permalink

What’s worse than an unsafe private key? An unsafe public key.

The “secure” in secure shell comes from the combination of hashing, symmetric encryption, and asymmetric encryption. Together, SSH uses cryptographic primitives to safely connect clients and servers. In the 25 years since its founding, computing power and speeds in accordance with Moore’s Law have necessitated increasingly complicated low-level algorithms.

As of 2020, the most widely adopted asymmetric crypto algorithms in the PKI world are RSA, DSA, ECDSA, and EdDSA. So which one is best? Well, it depends.

Go Time Go Time #167

The art of reading the docs

Documentation. You can treat it as a dictionary or reference manual that you look up things in when you get stuck during your day-to-day work OR (and this is where things get interesting) you can immerse yourself in a subject, domain, or technology by deeply and purposefully consuming its manuals cover-to-cover to develop expertise, not just passing familiarity.

In this episode we pull in perspectives and anecdotes from beginners and veterans alike to understand the impact of RTFM deeply. Also Sweet Filepath O’ Mine?!?!

Browser London Icon Browser London

React is king (and that’s not changing anytime soon)

Connor Ward:

Before React, there was Angular and before that, there was jQuery – all frameworks that have fallen by the wayside. It’s just a matter of time before something comes along and takes the mantle as the new hotness. Or so they say.

I’m not so sure. In fact, I think React will be with us for many years to come.

He sites React Native’s success as one reason React will remain relevant, amongst others. I’m not so sure.

I believe React The Idea (uni-directional data flow through declarative component trees) is here to stay, but I’m not so convinced that React The Software won’t be soon replaced like its predecessors were.

The Changelog The Changelog #429

Community perspectives on Elastic vs AWS

This week on The Changelog we’re talking about the recent falling out between Elastic and AWS around the relicensing of Elasticsearch and Kibana. Like many in the community, we have been watching this very closely.

Here’s the tldr for context. On January 21st, Elastic posted a blog post sharing their concerns with Amazon/AWS misleading and confusing the community, saying “They have been doing things that we think are just NOT OK since 2015 and it has only gotten worse.” This lead them to relicense Elasticsearch and Kibana with a dual license, a proprietary license and the Sever Side Public License (SSPL). AWS responded two days later stating that they are “stepping up for a truly open source Elasticsearch,” and shared their plans to create and maintain forks of Elasticsearch and Kibana based on the latest ALv2-licensed codebases.

There’s a ton of detail and nuance beneath the surface, so we invited a handful of folks on the show to share their perspective. On today’s show you’ll hear from: Adam Jacob (co-founder and board member of Chef), Heather Meeker (open-source lawyer and the author of the SSPL license), Manish Jain (founder and CTO at Dgraph Labs), Paul Dix (co-founder and CTO at InfluxDB), VM (Vicky) Brasseur (open source & free software business strategist), and Markus Stenqvist (everyday web dev from Sweden).

HackerNoon Icon HackerNoon

Why ML in production is (still) broken and ways we can fix it

Hamza Tahir on HackerNoon:

By now, chances are you’ve read the famous paper about hidden technical debt by Sculley et al. from 2015. As a field, we have accepted that the actual share of Machine Learning is only a fraction of the work going into successful ML projects. The resulting complexity, especially in the transition to “live” environments, lead to large amounts of failed ML projects never reaching production.

Productionizing ML workflows has been a trending topic on Practical AI lately…

Why ML in production is (still) broken and ways we can fix it

WordPress github.com

Quickly provision a fully functional WordPress site with SQLite

helps you to quickly provision WordPress with SQLite and serve the site using PHP’s builtin webserver. No external WebServer like Apache or Nginx and Database Server like MySQL or MariaDB is required. WPSQLite can give you a completely portable installation of WordPress which you can install even in your pendrive and run on *nix based operating systems, or even on Windows.

This looks like a great option for getting a WP dev environment bootstrapped without much hassle. I didn’t even know you could run WordPress on SQLite…

Practical AI Practical AI #122

The AI doc will see you now

Elad Walach of Aidoc joins Chris to talk about the use of AI for medical imaging interpretation. Starting with the world’s largest annotated training data set of medical images, Aidoc is the radiologist’s best friend, helping the doctor to interpret imagery faster, more accurately, and improving the imaging workflow along the way. Elad’s vision for the transformative future of AI in medicine clearly soothes Chris’s concern about managing his aging body in the years to come. ;-)

JavaScript v8.dev

How the V8 team made JS calls faster with this clever trick

Victor Gomes details the elegant hack (in the best sense of the word) he and the V8 team came up with to significantly increase V8’s JavaScript function call performance (by up to 40% in some cases).

Until recently, V8 had a special machinery to deal with arguments size mismatch: the arguments adaptor frame. Unfortunately, argument adaption comes at a performance cost, but is commonly needed in modern front-end and middleware frameworks. It turns out that, with a clever trick, we can remove this extra frame, simplify the V8 codebase and get rid of almost the entire overhead.

A fascinating read and fantastic performance improvements for all to enjoy.

Opensource.com Icon Opensource.com

5 reasons why I love coding on Linux

Seth Kenlon:

It turns out that Linux is an excellent platform for programmers, both new and experienced. It’s not that you need Linux to program. There are successful developers on all different kinds of platforms. However, Linux has much to offer developers. Here are a few things I’ve found useful.

I switched from Linux to OS X macOS 15 years(ish) ago and I hadn’t looked back until the last year or two. It might be getting time to give Linux another shot. But which distro to choose?🤔

0:00 / 0:00