** Miscellaneous this and that **
Since my brain injury (which I’ve since learned can be called an“ABI” or“acquired brain injury”) I’ve noticed that I have trouble focusing on programming tasks; I’m able to do what I need to do for work and family but, when it comes time for hobby projects I’m just gloop. Totally oozy.
Because of that I’ve been drawn to do more reading and game playing, but also still wanna code…I’ve found that it is easier to use more“batteries included” kinda languages, namely scheme, over what I’d … ⌘ Read more
Dino: Stateless File Sharing: Sources and Compatibility
This is my next progress post about my Google Summer of Code project of implementing Stateless File Sharing (sfs)
Like everything else we receive, we need to store the sfs sources in a database.
In this case, we are in a unique position:
Not only are there different kinds of sources, but even http sources on their own are not trivial.
For now, we only … ⌘ Read more
The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com. ⌘ Read more
↳
In-reply-to
»
Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.
⤋ Read More
(cont.)
Just to give some context on some of the components around the code structure.. I wrote this up around an earlier version of aggregate code. This generic bit simplifies things by removing the need of the Crud functions for each aggregate.
Domain ObjectsA domain object can be used as an aggregate by adding the event.AggregateRoot struct and finish implementing event.Aggregate. The AggregateRoot implements logic for adding events after they are either Raised by a command or Appended by the eventstore Load or service ApplyFn methods. It also tracks the uncommitted events that are saved using the eventstore Save method.
type User struct {
Identity string ```json:"identity"`
CreatedAt time.Time
event.AggregateRoot
}
// StreamID for the aggregate when stored or loaded from ES.
func (a *User) StreamID() string {
return "user-" + a.Identity
}
// ApplyEvent to the aggregate state.
func (a *User) ApplyEvent(lis ...event.Event) {
for _, e := range lis {
switch e := e.(type) {
case *UserCreated:
a.Identity = e.Identity
a.CreatedAt = e.EventMeta().CreatedDate
/* ... */
}
}
}
Events are applied to the aggregate. They are defined by adding the event.Meta and implementing the getter/setters for event.Event
type UserCreated struct {
eventMeta event.Meta
Identity string
}
func (c *UserCreated) EventMeta() (m event.Meta) {
if c != nil {
m = c.eventMeta
}
return m
}
func (c *UserCreated) SetEventMeta(m event.Meta) {
if c != nil {
c.eventMeta = m
}
}
With a domain object that implements the event.Aggregate the event store client can load events and apply them using the Load(ctx, agg) method.
// GetUser populates an user from event store.
func (rw *User) GetUser(ctx context.Context, userID string) (*domain.User, error) {
user := &domain.User{Identity: userID}
err := rw.es.Load(ctx, user)
if err != nil {
if err != nil {
if errors.Is(err, eventstore.ErrStreamNotFound) {
return user, ErrNotFound
}
return user, err
}
return nil, err
}
return user, err
}
An OnX command will validate the state of the domain object can have the command performed on it. If it can be applied it raises the event using event.Raise() Otherwise it returns an error.
// OnCreate raises an UserCreated event to create the user.
// Note: The handler will check that the user does not already exsist.
func (a *User) OnCreate(identity string) error {
event.Raise(a, &UserCreated{Identity: identity})
return nil
}
// OnScored will attempt to score a task.
// If the task is not in a Created state it will fail.
func (a *Task) OnScored(taskID string, score int64, attributes Attributes) error {
if a.State != TaskStateCreated {
return fmt.Errorf("task expected created, got %s", a.State)
}
event.Raise(a, &TaskScored{TaskID: taskID, Attributes: attributes, Score: score})
return nil
}
The following functions in the aggregate service can be used to perform creation and updating of aggregates. The Update function will ensure the aggregate exists, where the Create is intended for non-existent aggregates. These can probably be combined into one function.
// Create is used when the stream does not yet exist.
func (rw *User) Create(
ctx context.Context,
identity string,
fn func(*domain.User) error,
) (*domain.User, error) {
session, err := rw.GetUser(ctx, identity)
if err != nil && !errors.Is(err, ErrNotFound) {
return nil, err
}
if err = fn(session); err != nil {
return nil, err
}
_, err = rw.es.Save(ctx, session)
return session, err
}
// Update is used when the stream already exists.
func (rw *User) Update(
ctx context.Context,
identity string,
fn func(*domain.User) error,
) (*domain.User, error) {
session, err := rw.GetUser(ctx, identity)
if err != nil {
return nil, err
}
if err = fn(session); err != nil {
return nil, err
}
_, err = rw.es.Save(ctx, session)
return session, err
}
Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more
Scratch? Python? C? Kernighan on Languages for Kids Coding - Computerphile ⌘ Read more
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more
Planning next to your code – GitHub Projects is now generally available
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point. ⌘ Read more
RT by @mind_booster: A device that is designed for sneaky code execution and is legally off-limits to independent auditing is bad. A world of those devices - devices we put inside our bodies and put our bodies inside of - is fucking terrifying. 26/
A device that is designed for sneaky code execution and is legally off-limits to independent auditing is bad. A *world* of those devices - devices we put inside our bodies and put our bodies inside of - is *fucking terrifying*. 26/ ⌘ Read more
Scan QR codes right from your Linux Terminal
… you can export the QR codes as images… or even ASCII art! Neat! ⌘ Read more
Research: How GitHub Copilot helps improve developer productivity
We surveyed more than 2,000 developers about whether GitHub Copilot helped them be more productive and improved their coding. Then, we matched this qualitative feedback and subjective perception with quantitative data around objective usage measurements and productivity. ⌘ Read more
Gajim: Gajim 1.4.6
Gajim 1.4.6 fixes some bugs with the status icon and notifications. Emoji short code detection has been improved.
Several issues have been fixed in this release.
- Improved detection of emoji short codes
- Tray icon with
libappindicatorhas been fixed
- Groups are now preserved when changing a contact’s name
- Windows: Notifications shouldn’t appear in the taskbar anymore
Have a look at the [chan … ⌘ Read more
W3C announces Web 3.11 “Web for Workgroups”
“The original code name ‘Everything is an NFT now’ didn’t focus test as well as we thought.” ⌘ Read more
Dino: Project Stateless File Sharing: First Steps
Hey, this is my first development update!
As some of you might already know from my last blog post, my Google Summer of Code project is implementing Stateless File Sharing for Dino.
This is my first XMPP project and as such, I had to learn very basic things about it.
In my blog posts I’ll try to document the things I learned, with the idea that it might help someone else in the future.
I won’t refrain from explaining terms you might take for gran … ⌘ Read more
The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more
China questions the safety of open source code amid sanctions and tech dependency risks, but can it build a viable alternative?
Beijing has become increasingly worried that the country’s heavy dependence on Western-dominated open source technologies could eventually backfire. ⌘ Read more
The XMPP Standards Foundation: On-Boarding Experience with XSF (Converse)
Hi, I am PawBud. I will be working as a GSoC Contributor with XSF. To know more about my project kindly read this blog. Feel free to contact me through my email to ask me anything you want!
Before I start, I feel that some things that I am going to write in this blog might offend someone. **Kindly … ⌘ Read more
‘I will never forget the kindness’: Chinese man accidentally raises US$15,000 from self-service watermelon stall for granddaughter’s cancer treatment
A man who left his watermelon stall unmanned with a QR-code for self-service received 100,000 yuan (US$15,000) from strangers to help pay for his three-year-old granddaughter’s treatment. ⌘ Read more
GitHub Copilot is generally available to all developers
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. ⌘ Read more
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance. ⌘ Read more
Paul Schaub: Reproducible Builds – Telling of a Debugging Story
Reproducibility is an important tool to empower users. Why would a user care about that? Let me elaborate.
For a piece of software to be reproducible means that everyone with access to the software’s source code is able to build the binary form of it (e.g. the executable that gets distributed). What’s the matter? Isn’t that true for any project with accessible source code? Not at all. Reproducibility means that the r … ⌘ Read more
Chinese disciplinary watchdog to investigate after bank protesters flagged as health risk
The Zhengzhou commission for discipline inspection says it has started a probe into why angry depositors found their health codes had suddenly turned red. ⌘ Read more
Singapore’s Pink Dot gay pride rally returns, as MP from ruling party attends for first time – and in a pink T-shirt
After two years of Covid postponements, LGBT event returns, with excitement that archaic colonial-era Section 377A Penal Code law criminalising sex between men will soon be repealed. ⌘ Read more
China’s Covid-19 health code system is ripe for abuse and must not outlast the pandemic
A recent scandal in Henan province that saw protesters issued bogus red health codes to restrict their movements shows how open the system is to misuse. ⌘ Read more
the conversation wasn’t that impressive TBH. I would have liked to see more evidence of critical thinking and recall from prior chats. Concheria on reddit had some great questions.
Tell LaMDA “Someone once told me a story about a wise owl who protected the animals in the forest from a monster. Who was that?” See if it can recall its own actions and self-recognize.
Tell LaMDA some information that tester X can’t know. Appear as tester X, and see if LaMDA can lie or make up a story about the information.
Tell LaMDA to communicate with researchers whenever it feels bored (as it claims in the transcript). See if it ever makes an attempt at communication without a trigger.
Make a basic theory of mind test for children. Tell LaMDA an elaborate story with something like “Tester X wrote Z code in terminal 2, but I moved it to terminal 4”, then appear as tester X and ask “Where do you think I’m going to look for Z code?” See if it knows something as simple as Tester X not knowing where the code is (Children only pass this test until they’re around 4 years old).
Make several conversations with LaMDA repeating some of these questions - What it feels to be a machine, how its code works, how its emotions feel. I suspect that different iterations of LaMDA will give completely different answers to the questions, and the transcript only ever shows one instance.
Introducing Achievements: recognizing the many stages of a developer’s coding journey
Available in public beta today, we’re announcing Achievements as a new way to commemorate milestones on GitHub. ⌘ Read more
Dragons Lair 1 & 2 for Apple IIgs has been released… with source code!
(No need for a LaserDisc. Just 8 floppies.) ⌘ Read more
Top games + source code from Gamedev.js Jam 2022
The recently-ended Gamedev.js Jam 2022 encouraged game developers to create web games and share their sources on GitHub. GitHub Star ⭐️ @end3r shares the best 13 entries and sees what experts and other participants think of them. ⌘ Read more
The XMPP Standards Foundation: XMPP & Google Summer of Code 2022: Welcome new contributors!
The Google Summer of Code 2022 is about to lift off and coding starts soon! The XSF has not just been
accepted (again!) as a hosting organization for XMPP projects, we also can welcome two new contributors who will work on open-source software projects in the XMPP environment! We have updated our [designated web-page](h … ⌘ Read more
Math support in Markdown
Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions. ⌘ Read more
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how. ⌘ Read more
https://github.com/Sevistuo/https-github.com-danistefanovic-build-your-own-x HowTo build stuffs in many languages #code
20 of our favorite games + source code from Ludum Dare 50
20 of our favorite games plus source code from the latest Ludum Dare competition. ⌘ Read more
Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. ⌘ Read more
Bringing code navigation to communities
Thanks to the efforts of the Elixir community, GitHub supports code navigation for Elixir repositories. Read how favorite language can add this support too! ⌘ Read more
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account. ⌘ Read more
Dependabot alerts now surface if your code is calling a vulnerability
Today, we’re shipping a new feature for Dependabot alerts which helps you better understand how you’re affected by a vulnerability. ⌘ Read more
Performance at GitHub: deferring stats with rack.after_reply
How we sped up GitHub.com by moving slow, non-critical code into rack.after_reply. ⌘ Read more
Git Credential Manager: authentication for everyone
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy. ⌘ Read more
My website is very Piling. look at the todo list: https://niplav.github.io/todo.html! i can’t tell you much about how it will look like in a year, but i can tell you that it won’t shrink. it’s piling. everything is piling up, forgotten drafts, half-finished experiments, buggy code—fixed over time, sure, but much more slowly than the errors come rolling in. it’s an eternal struggle.
fifth, small & nifty programs. https://niplav.github.io/code/99_klong/sol.kg being exemplary, but i want to write some more code. every single function there is Done. there is only stuff to remove, if at all, and nothing to add.
@novaburst@twt.nfld.uk Ah.. that is probably the XMPP verify code.. it doesnt really work that well. I aught to take it out.
Prevent the introduction of known vulnerabilities into your code
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code. ⌘ Read more
How Dependabot empowers you to keep your projects secure
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure. ⌘ Read more
#event Upcomming Meetup in Copennhagen: algolab(the_art_of_live_coding) @ Støberiet / Computer Klub
3 tools to make your computer look like it is busy hacking and coding… while doing absolutely nothing.
Because sometimes we all want to be lazy while still looking like a l33t hax0r. ⌘ Read more