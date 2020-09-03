Programming: OpenSCAD, Fuzzing in Go, CSS Shapes, Perl
The programmer's CAD: OpenSCAD
OpenSCAD is a GPLv2-licensed 3D computer-aided design (CAD) program best described as a "programmer's CAD"; it is available for Linux, Windows, several flavors of BSD, and macOS. Unlike the majority of 3D-modeling software packages which are point-and-click, the OpenSCAD website describes the project as "something like a 3D compiler", where models are generated using a scripting language. It is a unique way of approaching CAD and has many real-world applications that may be of interest.
Like the FreeCAD project we have previously looked at, OpenSCAD can be used to build 3D-models suitable for everything from 3D-printing to CNC machining. Unlike FreeCAD, however, the solitary way to create models is by programming them using the OpenSCAD scripting language. Once programmed, models produced by OpenSCAD can be exported in a variety of formats, including notably STL, SVG, and PNG.
The Qt-based interface provided by OpenSCAD is fairly simple; on one side a code editor is provided to write scripts, while the other provides a view of the generated model and a console for messages. Making a model starts with coding modules that generate primitives like cylinders and cubes, then those primitives are manipulated and combined in code to build more complicated objects. Notably, OpenSCAD is a unit-less CAD program; it leaves the units to be decided once the model is exported.
Fuzzing in Go
Fuzzing is a testing technique with randomized inputs that is used to find problematic edge cases or security problems in code that accepts user input. Go package developers can use Dmitry Vyukov's popular go-fuzz tool for fuzz testing their code; it has found hundreds of obscure bugs in the Go standard library as well as in third-party packages. However, this tool is not built in, and is not as simple to use as it could be; to address this, Go team member Katie Hockman recently published a draft design that proposes adding fuzz testing as a first-class feature of the standard go test command.
[...]
AFL is an excellent tool, but it only works for programs written in C, C++, or Objective C, which need to be compiled with GCC or Clang. Vyukov's go-fuzz tool operates in a similar way to AFL, but is written specifically for Go. In order to add coverage recording to a Go program, a developer first runs the go-fuzz-build command (instead of go build), which uses the built-in ast package to add instrumentation to each block in the source code, and sends the result through the regular Go compiler. Once the instrumented binary has been built, the go-fuzz command runs it over and over on multiple CPU cores with randomly mutating inputs, recording any crashes (along with their stack traces and the inputs that caused them) as it goes.
Damian Gryski has written a tutorial showing how to use the go-fuzz tool in more detail. As mentioned, the go-fuzz README lists the many bugs it has found, however, there are almost certainly many more in third-party packages that have not been listed there; I personally used go-fuzz on GoAWK and it found several "crashers".
Flowing Text Around Images
Traditionally this type of layout was limited to print because text that can re-flow as the medium changes sizes made it infeasible to manually add line breaks to shape the text around images.
With CSS Shapes, it’s not difficult to achieve text wrapping around an image by using the shape-outside: url() property. This directive will cause the browser to take the image’s outline and use it as the shape around which text will flow. Fortunately, shape-outside is well-supported in modern browsers and the fallback for unsupported browsers is to use a rectangle around the image as the shape, as if the image were simply floated off to the side (which it is!).
Sum of Individuals Gives Meaning - CY's Take on PWC#076
Mozilla's Rust and Encryption (for Passwords) Primer
Proprietary Software and Monopolies
C++20 Draft Approved As Major Update To C++ Programming Language
On Saturday the ISO/IEC 14882:2020 standards draft was approved as the latest major update to the C++ programming language. The C++20 approval was unanimous and is a very significant update over C++17, coming a few months later than originally anticipated. C++20 adds to the language concepts, modules, the "spaceship operator" for three-way comparisons, coroutines, designated initializers, new standard attributes, and much more. The C++20 library standard also adds ranges, feature test macros, bit operations, and more. C++20 changes in full can be found via the likes of cppreference.com, open-std.org, Wikipedia.
Ben Armstrong: Dronefly relicensed under copyleft licenses
To ensure Dronefly always remains free, the Dronefly project has been relicensed under two copyleft licenses. Read the license change and learn more about copyleft at these links. I was prompted to make this change after a recent incident in the Red DiscordBot development community that made me reconsider my prior position that the liberal MIT license was best for our project. While on the face of it, making your license as liberal as possible might seem like the most generous and hassle-free way to license any project, I was shocked into the realization that its liberality was also its fatal flaw: all is well and good so long as everyone is being cooperative, but it does not afford any protection to developers or users should things suddenly go sideways in how a project is run. A copyleft license is the best way to avoid such issues. In this incident – a sad story of conflict between developers I respect on both sides of the rift, and owe a debt to for what they’ve taught me – three cogs we had come to depend on suddenly stopped being viable for us to use due to changes to the license & the code. Effectively, those cogs became unsupported and unsupportable. To avoid any such future disaster with the Dronefly project, I started shopping for a new license that would protect developers and users alike from similarly losing support, or losing control of their contributions. I am grateful to one particular team member who is skilled in licensing issues and went with their choices. We ran the new licenses by each contributor and arrived at this consensus: the AGPL is best suited for our server-based code, and CC-BY-SA is best suited for our documentation. The relicensing was made official this morning.
