Published: 2025-08-27 | Origin: /r/programming

The document discusses a serious security incident involving malicious versions of the nx package and related plugins that were published to npm. These versions contained harmful code that could scan users' file systems, collect credentials, and upload them to GitHub under the users' accounts. The problematic versions were removed from npm at multiple times (10:44 PM EDT and 6:20 AM EDT). The vulnerability originated from an insecure workflow that allowed for the injection of executable code. Although the workflow was reverted shortly after the team

Published: 2025-08-27 | Origin: /r/programming

The content discusses the tendency of people to be overly confident in their opinions and decisions, particularly in the tech industry. It argues that while humility is valuable, it often leads to the frustrating need to say "it depends" when reaching a Senior level in software development. In contrast, higher level positions allow for more confidence in decisions, which is appealing. The author then critiques programming practices that fail to account for uncertainty, using GPS coordinates as an example of imprecise data. They highlight a paper by

Published: 2025-08-27 | Origin: /r/programming

The author is affiliated with the School of Computing at the University of Kent, focusing on programming language implementation, complex concurrent systems, and tooling. Their research aims to enhance interpreter performance, detect and prevent concurrency bugs at runtime, and improve developer tools using modern language runtime systems. Interestingly, while much research seeks to optimize program speed and resource usage, the author discusses the utility of intentionally slowing down programs. This method can be beneficial for uncovering race conditions, simulating performance improvements, and assessing profiler accuracy.

Published: 2025-08-27 | Origin: /r/programming

The author reflects on their long-standing awareness of the programming language Forth, which they first encountered while studying embedded hardware two decades ago. Initially perceiving Forth as a "weird language," the author did not engage with it until June of the current year, when they decided to explore it more deeply and implement two versions of it during their free time. The author distinguishes between two levels of Forth: user-level Forth, comparable to Lisp without macros, and hacker-level Forth,

Published: 2025-08-27 | Origin: Hacker News

Bitrig is an innovative tool that allows users to create native Swift apps directly on their iPhones through AI chat interactions, akin to Lovable for iPhone app development. It utilizes Claude Sonnet 4.0 to generate native Swift code, circumventing the usual need for Xcode by employing a custom Swift interpreter. This setup enables instant app previews and easy sharing via URLs. Users with a paid Apple developer account can compile their apps on Bitrig's server and publish them to App Store Connect for

Published: 2025-08-27 | Origin: /r/programming

The content outlines various features and resources related to OneUptime, a platform aimed at enhancing system reliability and transparency for customers. Key components include: - **Status Pages**: For transparency and reliability visibility. - **Monitoring**: Analyzing uptime and performance of resources. - **Incident Management**: Fast resolution of incidents to protect revenue and improve customer experience. - **On-Call and Alerts**: Timely alerts and on-call scheduling. - **Logs Management**: Rapid log ingestion and

Published: 2025-08-27 | Origin: Hacker News

As of early 2025, the organization is deploying applications using Kamal and Docker as their containerization platform. They moved away from external container registries, such as Dockerhub and Amazon's Elastic Container Registry, during their transition to a more self-hosted solution. After evaluating options, they chose Harbor for its robust feature set and ease of setup within Kubernetes environments. Their initial plan for version 1 of the on-premise registry includes utilizing their Pure FlashBlade storage cluster with S3-compatible

Published: 2025-08-27 | Origin: /r/programming

The author reflects on the nature of tech leadership, emphasizing the importance of removing obstacles to enhance team performance. During a routine bathroom visit, the author experiences a bureaucratic system that prioritizes rigid rules over practicality, leading to frustration and missed opportunities. This situation highlights a conflict between established norms and the need for innovation. Despite recognizing that some rules may be overly cautious, the author ultimately seeks to challenge conventional thinking by questioning the necessity of such limitations. A later discussion with colleagues reveals that while they acknowledge the

Published: 2025-08-27 | Origin: /r/programming

The article discusses the importance of awareness among developers about the Therac-25 incident, which involved serious software engineering failures leading to patient deaths and injuries. The author, noting that many developers are unfamiliar with the case, emphasizes the critical need to understand the consequences of faulty software in medical devices. The article describes a specific incident involving a technician operating the Therac-25 radiotherapy machine, outlining the meticulous procedures necessary for safely administering treatment with powerful electron beams. The commentary highlights the gravitas of adhering to

Published: 2025-08-27 | Origin: Hacker News

The article emphasizes the importance of testing in software development, particularly within frameworks like Agile, TDD, and BDD. It points out a widespread belief among developers that deleting tests is unacceptable, arguing instead that this belief is misguided and can be detrimental. The core purpose of writing tests is to ensure that software functions as expected and to provide confidence during the development process. Without tests, developers risk creating a chaotic situation where changes lead to unintended problems, making it harder to maintain software quality. Ultimately, the

Published: 2025-08-27 | Origin: Hacker News

The content describes a book titled "LISP from Nothing," published by Lulu Press in 2025. It consists of 344 pages with 19 figures and is available in multiple formats, including paperback, hardcover, and PDF, which can be ordered at Lulu.com. This second edition includes new content on the relationship between LISP and Lambda Calculus, quasiquotation in the macros section, as well as various corrections and improvements. The book explores the theme of minimal LISP through implementations ranging from a

Published: 2025-08-27 | Origin: Hacker News

ICEBlock is a crowdsourced platform that enables anonymous reporting of ICE activities with minimal effort. Its developer has faced significant backlash, including threats of prosecution and personal consequences affecting his family, highlighting the risks associated with the lack of anonymity for app developers. This situation raises concerns about Google's proposed developer verification program and its implications for those needing to maintain their anonymity. Questions posed to Google include: 1. What measures will Google implement to accommodate developers who have legitimate reasons for maintaining anonymity, particularly those developing apps similar

Published: 2025-08-27 | Origin: /r/programming

The content is about introducing the Model Context Protocol (MCP) and aims to assist users in starting with it. Additionally, it includes a feedback prompt asking if the page was helpful.

Published: 2025-08-27 | Origin: Hacker News

The content discusses Regolith, a server-side library for TypeScript and JavaScript designed to prevent Regular Expression Denial of Service (ReDoS) attacks. It utilizes Rust and linear Regular Expressions, offering linear worst-case time complexity, unlike the default RegExp in TypeScript and JavaScript, which has exponential worst-case complexity. The library is still in early development and seeks community support for adoption. Regolith aims to be a drop-in replacement for RegExp, requiring minimal changes for integration. Re

Published: 2025-08-27 | Origin: /r/programming

The article discusses the challenges developers face when building APIs that perform well in testing but fail under real-world conditions. It emphasizes that many APIs do not survive due to poor design, but this can be avoided through the application of effective design principles. The author, Hayk, who has previously analyzed popular system design problems, offers insights into creating scalable, reliable, and resilient APIs to prevent them from becoming part of the 90% that fail. An API (Application Programming Interface) acts as a contract between

Published: 2025-08-27 | Origin: Hacker News

In 2020, Apple launched the M1 chip, which featured a custom GPU. This led to the creation of Asahi Linux, initiated by Hector Martin, to enable running Linux on M1 and M2 Macs. A collaborative effort resulted in nearly all hardware working with Linux, including wireless and audio functionalities. The narrative highlights a developer’s journey juggling university and work while reverse-engineering the GPU and developing a shader compiler that ultimately enabled OpenGL capabilities for 3D graphics. After significant progress

Published: 2025-08-27 | Origin: /r/programming

arXivLabs is a collaborative platform that enables users to create and share new features for the arXiv website, while emphasizing values such as openness, community, excellence, and user data privacy. The platform welcomes both individuals and organizations that align with these principles. If you have a project idea that could benefit the arXiv community, you can find more information on arXivLabs. Additionally, users can receive operational status updates via email or Slack.

Published: 2025-08-27 | Origin: /r/programming

The content discusses the concerns surrounding the improper use of AI in code development, particularly in the context of merge requests (MRs) that may not warrant a code review (CR). The author highlights several issues that arise from AI misuse which can negatively impact the team and project outcomes. Key points include: 1. **AI Misuse**: The misuse of AI in coding can lead to situations where unnecessary code is introduced, increasing the burden on reviewers and failing to meet CR goals like "sanity check

Published: 2025-08-26 | Origin: /r/programming

The article discusses the ongoing debate among programmers regarding the merits and drawbacks of Object-Oriented Programming (OOP). The author notices that many junior programmers criticize OOP based on what they've heard rather than personal experience. Instead of discouraging the use of OOP altogether, the author encourages developers to write code that makes sense to them while avoiding known bad practices. The author shares their own perspective on various aspects of OOP, outlining which elements they consider beneficial and which ones they find problematic. They highlight five

Published: 2025-08-26 | Origin: Hacker News

GNU Artanis is a modern web framework for the Scheme programming language, recognized for its robustness, speed, and ease of use in professional web development. It received the "Awesome Project" certification at the 2013 Lisp in Summer projects. GNU Artanis is open-source, dual-licensed under both GPLv3+ and LGPLv3, and can be downloaded from its official website. It allows for dynamic HTML generation and is built using GNU Guile, the official extension language of GNU. The