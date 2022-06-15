today's leftovers "Critical" projects and volunteer maintainers [LWN.net] Over the last five decades or so, free and open-source software (FOSS) has gone from an almost unknown quantity available to only the most technically savvy to underpinning much of the infrastructure we rely on today. Much like software itself, FOSS is "eating the world". But that has changed—is changing—the role of the maintainers of all of that code; when "critical" infrastructure uses code from a FOSS project, suddenly, and perhaps without warning, that code itself becomes critical. But many maintainers of that software are volunteers who did not set out to become beholden to the needs of large companies and organizations when they released their code, they were just scratching their itch—now lots of others are clamoring for theirs to be scratched as well. The supply-chain security problem is clearly a serious one that needs to be addressed. The Log4j incident provides a recent example of how a security vulnerability in a fairly small component can ripple out across the internet by way of dependency chains. Some projects depended directly on Log4j, but many others became vulnerable because they were using some other library or package that depended on Log4j—directly or indirectly. Some of the places where dependency chains are often lengthy, and thus more vulnerable to the intentional injection of malware, are various language-specific repositories of packages. Sites like the Python Package Index (PyPI) provide a huge palette of components that can be used by applications or other libraries. The pip tool that comes with Python will happily install PyPI packages along with all of their dependencies, recursively. Many other languages have similar repositories and tooling.

Anti-Interdiction on The Librem 5 USA – Purism One of the most unique security features we offer at Purism is our anti-interdiction service. This is a premium add-on service that aims to help you detect attempts to tamper with your hardware in shipment, so you can have peace of mind that the hardware you receive is the same as when it left our custody. While we mostly have discussed anti-interdiction in the context of laptops (and you can read more about anti-interdiction options for the Librem 14 here) many people don’t realize that we also offer anti-interdiction for our Librem 5 and Librem 5 USA phones.

New Steam Games with Native Linux Clients - 2022-07-20 Edition - Boiling Steam Between 2022-07-14 and 2022-07-20 there were 23 New Steam games released with Native Linux clients. For reference, during the same time, there were 251 games released for Windows on Steam, so the Linux versions represent about 9.2 % of total released titles. Here’s a quick pick of the most interesting ones...

Web Development and Game Companies Are Booking In eight testimonials, Cartesi delivers the first proof that it can empower millions of new startups and their developers to use The Blockchain OS, bringing Linux applications to the forefront of the Web3 revolution.

Programming Leftovers unintentional concurrency -- wingolog Good evening, gentle hackfolk. Last time we talked about heuristics for when you might want to compact a heap. Compacting garbage collection is nice and tidy and appeals to our orderly instincts, and it enables heap shrinking and reallocation of pages to large object spaces and it can reduce fragmentation: all very good things. But evacuation is more expensive than just marking objects in place, and so a production garbage collector will usually just mark objects in place, and only compact or evacuate when needed.

I don’t know who uses my code | daniel.haxx.se When I (in spite of knowing better) talk to ordinary people about what I do for a living and the project I work on, one of the details about it that people have the hardest time to comprehend, is the fact that I really and truly don’t know a lot about who uses my code. (Or where. Or what particular features they use.) I work on curl full-time and we ship releases frequently. Users download the curl source code from us, build curl and put it to use. Most of “my” users never tell me or anyone else in the curl project that they use curl or libcurl. This is of course perfectly fine and I probably could not even handle the flood if every user would tell me. This not-knowing is a most common situation for Open Source authors and projects. It is not unique for me. The not knowing your users is otherwise unusual in a world of products and software, and quite frankly, sometimes it is an obstacle for us as well since we lack a good way to communicate with users about plans, changes or ideas. It also makes it really hard to estimate our own success and the always-recurring question: how many users do you have?

1 Billion Flux Downloads Show GitOps Gaining Ground - Container Journal Weaveworks today says container images of its open source Flux version control software have now been downloaded more than one billion times. Flux is at the core of Weaveworks’ GitOps platform. In addition, the company claims that its enterprise customer base doubled in the first half of 2022, which led to a corresponding increase in revenue for the same period. Weaveworks CEO Alexis Richardson says as more organizations deploy fleets of Kubernetes clusters, it’s clear GitOps is emerging as the preferred method for deploying cloud-native applications based on microservices.

Sorting Subroutine Results | Tom Wyant [blogs.perl.org] The Perl sort built-in is mostly (at least by me) called as sort LIST or sort BLOCK LIST. But there is a third way to call it: sort SUBROUTINE LIST, which actually appears first in the documentation. This is not a blog entry about using the sort SUBROUTINE LIST form of sort. It is more about the need to be aware of this form when writing (or trying to write) the sort LIST form. Consider the following situation: you have a subroutine foo() which returns an un-ordered list. You need that list sorted. Perl has a sort built-in, so your (or at least my) first reaction is to write my @sorted = sort foo();, run it, and then wonder why @sorted is empty.

Native Python support for units? [LWN.net] Back in April, there was an interesting discussion on the python-ideas mailing list that started as a query about adding support for custom literals, a la C++, but branched off from there. Custom literals are frequently used for handling units and unit conversion in C++, so the Python discussion fairly quickly focused on that use case. While ideas about a possible feature were batted about, it does not seem like anything that is being pursued in earnest, at least at this point. But some of the facets of the problem are, perhaps surprisingly, more complex than might be guessed.

It's Time to Say Goodbye to These Obsolete Python Libraries | Martin Heinz | Personal Website & Blog With every Python release, there are new modules being added and new and better ways of doing things get introduced.

Data Visualizing with Python Analytical web applications were a task for seasoned developers that required knowledge of multiple programming languages and frameworks. Unfortunately, that’s no longer the case. Nowadays, you can make data visualization interfaces using pure Python. Python provides various libraries that come with different features for data visualization. In addition, all these libraries come with additional features and can support multiple graphs. We will discuss these libraries individually and plot some most commonly used graphs.