472 subscribers
6 photos
1 video
2 files
550 links
python, go, code quality, security, magic

Website and RSS:
https://itgram.orsinium.dev

Source:
https://github.com/orsinium/itgram

Author:
@orsinium
https://orsinium.dev/
Download Telegram
Debugging Go in prod using eBPF is a fun article about inserting a breakpoint into a working binary on Go (on any language, actually) and tracking value in a function. It helps debug on production, like in Elixir or Nodejs. It wouldn't help much if you want to track a bit more than one value in one place but it's a good start.

The post is a kind of pre-announce of Pixie. This is going to be a tool that will allow you to track values and debug on production. In particular, they are targeted on k8s, for whatever reason. Their scripting language PxL is... Well, it is Python.
Wikipedia is getting a new look for the first time in 10 years. They did user research and found that most of the new users confused and overwhelmed by the left side bar:

<blockquote>
+ Too much information: readers found the contents of the page overwhelming, in particular noting the lack of “segregated information”, which made it difficult for them to find what they were looking for

+ Main menu/sidebar: readers were unable to understand the purpose of the Menu on the left hand side of the site, noting in particular that they did not understand the items in the menu (e.g. Related changes, Special Pages). They felt that it was not relevant for them.

+ Article tools: readers did not understand the terminology and concept of most of the article tools (e.g. Talk, Contributions).
</blockquote>

Web is changing, friends. I personally miss sidebars when everything you need was there at hand and wasn't buried under menus inside menus. Looks like I'm just getting old.
Let's talk about the channel language. As the poll shows, for most of the subscribers there is not much difference between Russian and English content. However, there are still many people who would prefer Russian. The results are biased because it always was Russian channel targeted to Russian-speaking audience. So, there is the deal:

+ The channel will be switched to English as the primary language.

+ If I encounter an amazing Russian article, I'll still share it with 🇷🇺 label.

+ For Russian-only speakers there is not much help from short Russian descriptions for English articles and tools (how it was before). So, for you, I'll try to start a Russian-speaking podcast with short summary of tools and articles I posted over the week.

I hope it will help to share more amazing content with more people without leaving anyone behind. Stay tuned!
I made an online playground for FlakeHell.

Try: flakehell.orsinium.dev
Source: github.com/life4/flakehell-online

So, you can try right from browser different Python linters, like wemake-python-styleguide, pylint, my beloved deal, and so on.

The fun thing is how it works. I run Python linter (and a few helper scripts) on top of pyodide (it is patched CPython compiled into WASM), which is managed through JS-bindings from Go application compiled into WASM and using GWeb library. 🤯 We need to go deeper!
Tomorrow starts Hacktoberfest. This is yearly online event: you make 4 PRs on GitHub in any repositories and DigitalOcean sends you a nice T-shirt (and a few sticker). This year, you can choose to plant a tree instead of another one swag.

PRs in your own repositories count but you get more karma and love helping projects you use. Have fun!
ITGram
Tomorrow starts Hacktoberfest. This is yearly online event: you make 4 PRs on GitHub in any repositories and DigitalOcean sends you a nice T-shirt (and a few sticker). This year, you can choose to plant a tree instead of another one swag. PRs in your own…
There are hot discussions that in this year Hacktoberfest goes not so well:

+ https://blog.domenic.me/hacktoberfest/
+ https://news.ycombinator.com/item?id=24643894
+ https://www.reddit.com/r/programming/comments/j2ux69/digitaloceans_hacktoberfest_is_hurting_open_source/?sort=top

People are doing spammy meaningless PRs. It didn't happen 2 years ago before because there were "Make your first PR here" meaningless repositories where you can commit your name in a long txt file and get your kinda free T-shirt. Next year, Hacktoberfest organizers targeted "quality over quantity" and decided to ban such repositories, forcing people to do something significant. And here we are.

The fun thing that you can create your own repo, do 4 dummy PRs in it, and you're done. However, the target audience doesn't know about it. So, Hacktoberfest team decided to take fast actions and communicate this workaround to all participants:
https://hacktoberfest.digitalocean.com/hacktoberfest-update

This is one more "rule that massively backfired". Read in this thread more such stories:
https://twitter.com/TrungTPhan/status/1311300651645767682

This is why we can't have nice things.
Kontra OWASP Top 10 is a collection of free interactive tutorials about most popular vulnerabilities and some recent security incidents. Beautiful, clickable, illustrative.
The Zen of Go — 10 good ideas from Dave Cheney on how to write better Go code. Short and useful.

#golang
mtproto — full pure Go implementation of MTProto protocol. That means, you can automate anything in Telegram for your account (not bots).

We need more pure Go libraries because Go is amazing. Using wrappers around C libs means much heavier introspection, benchmarking, and cross-compilation and slower interoperation.

I nominate this repository for "most insane README of the year".

#golang
YAML Multiline — a quick cheat sheet on multiline strings in YAML because it's not that simple. I guess I use this site too often for such a trivial task >.<

#yaml
no-color.org is a small initiative to motivate software to use one standartized way to disable colored output. In particular, it says "Please, disable color when NO_COLOR env var is set". So, please, when you'll make a new CLI tool, add support for NO_COLOR. And I promise to do the same.

#cli
The Go compiler needs to be smarter — a short article why Go compiler sucks. Well, things not so bad, don't listen to me. Go is fast and cool, every release brings a lot of performance improvements, especially for garbage collector. However, there are still many things to do, especially if compare to old big compilers like gcc or clang. For instance, PGO and JIT are hard to implement but can give an amazing speed improvement, and there are no such things in Go yet. Well, there is gccgo compiler for go but it is slower than gc.

#golang
Simple techniques to optimise Go programs — a few tricks on how to allocate less memory. Good stuff.

#golang
High Performance Go — materials from Dave Cheney's workshop on how to measure performance in Go and write a faster code. So hardcore.

#golang
Numbers that aren't numbers is a great article about things that are named "numbers" but cannot be correctly represented as integers. Yeah, I know, the real world is so messy and should be adjusted to let us write a beautiful simple software. Humans spoil everything.
🔧 esbuild is a fast JS/TS bundler and minifier, kind of webpack alternative. No, it's really fast, like 10-100 times faster than webpack. It is a new project and supports not all JS (frontenders name it ECMAScript) features, so it can be used not for all projects. But give it a try! Oh, and it is written on our lovely golang.

#js #golang
📄 Write code that is easy to delete, not easy to extend is a guide (an essay?) on when it's good to copy-paste a code and when it's not, when it's good to split a code by pieces and when it's better to keep all things together. These are hard questions but we should think and talk about it.
📄 penglab — Google Colab notebook with a few hash cracking tools in case you need it on a CTF.

📄 colabcat — Google Colab notebook with hashcat only but syncing with Google Drive.

And of course, remeber about our best friend, SecLists. It is a collection of common credentials, filenames, urls, and so on. Maybe, not big enough to crack something serious but good enough for CTFs and Hack The Box.
🎥 Clean Code lectures from Uncle Bob ("Coding Better World Together") are amazing. It's a great walkthrough on writing maintainable code, ethics of programming, testing, refactoring, automating things, keeping balance between "fast" and "good". Examples are on Java but ideas in all other languages are pretty much the same. Definitely must-watch.