Tell don’t ask with Sinatra handlers

Ceri Storey wrote “In Bigwig, in order to keep our code neat and well factored, we’ve tried to adhere to the principle of tell, don’t ask as much as we can. However, one place this can be difficult is within a handler for an HTTP request (we’re using Sinatra for that).”

Fudging generics in Go with AST rewriting

Frank Shearar wrote “One possible workaround for a lack of generics is code generation. Let’s look at Go’s AST manipulation to make a Maybe Int out of a Maybe a.”

Going m(on)ad with parser combinators

Frank Shearar wrote “It’s about time someone started talking about Go again around here, so I picked up the old editor, and (painlessly!) installed Go. Maybe 5 minutes later I had the world’s faster compiler, a test framework, a coverage analyzer and a bunch of stuff besides available on my machine. But what to do? Hello World is…”

Zabbix security incidents

David Ireland wrote “Someone discovered a vulnerability in Zabbix recently, and there’s this lovely, detailed description of an exploit based in it on Corelan Team. It’s lovely because it contains all the information I need to tell if my site is vulnerable, and to what extent. There’s also a really useless advisory on Packet Storm Security. Why is…”

CPU cache collisions in the context of performance

jarek wrote “This article discusses some potential performance issues caused by CPU cache collisions. In normal scenarios cache collisions don’t pose a problem, it usually is only in specific, high speed applications that they may incur noticeable performance penalties, and as such, things described here should be considered “the last mile effort”. As an example, I will…”

Why I support the US Government making a cryptography standard weaker

Paul Crowley wrote “Documents leaked by Edward Snowden last month reveal a $250M program by the NSA known as Operation BULLRUN, to insert vulnerabilities into encryption systems and weaken cryptography standards. It now seems nearly certain that the NIST-certified random number generator Dual_EC_DRBG, adopted as the default in RSA Security's BSAFE toolkit, contains a back door usable only by the NSA which allows them to predict the entire future output of the generator given only 32 bytes. So it's not the easiest time for NIST to suggest they should make a cryptography standard weaker than it was originally proposed. Nevertheless, I support them in this and I hope they go ahead with it.”