- The Flatten Maven plugin
-
Create a "consumer" POM for Maven Central with Maven 4 now!
- Kaspersky Lab Closing U.S. Division; Laying Off Workers
-
Having russian software is akin to having Chinese software: the influence of the government on businesses is so powerful you can’t fully trust it. And to be entirely fair, we should remember the US Patriot Act and Cloud Act too!
- pre-commit, a framework for managing and maintaining multi-language pre-commit hooks
-
We built pre-commit to solve our hook issues. It is a multi-language package manager for pre-commit hooks. You specify a list of hooks you want and pre-commit manages the installation and execution of any hook written in any language before every commit. pre-commit is specifically designed to not require root access. If one of your developers doesn’t have node installed but modifies a JavaScript file, pre-commit automatically handles downloading and building node to run eslint without root.
- You Still Retrieve Logs from the Server? Isn’t Setting Up Log Collection More Convenient?
-
A good overview of log collections options, - with an interesting mistake about Prometheus.
- Why German Strings are Everywhere
-
Of course, nothing comes without its challenges: German strings require you to think more deeply about your application: What is the lifetime of my string? Can I get away with a
transientstring, or do I have to copy it? Will my strings be updated often? Am I okay with immutable strings?There’s no such thing as a free lunch. If you want more performance, you need to shed away some layers of abstraction, and reason about concretions.
- Why I Hope Rust Does Not Oxidize Everything
-
Epistemic Status: Confident that Rust isn’t good everywhere, but not confident that people won’t try to use it where it does not fit.
- Panic! at the Job Market
-
A long long rant. It definitely would be funny if it wasn’t so realistic - unfortunately.
- SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
-
Our research into SAP AI Core demonstrates the importance of defense in depth. The main security obstacle we were facing was Istio blocking our traffic from reaching the internal network. Once we were able to bypass that obstacle, we gained access to several internal assets that did not require any additional authentication – meaning the internal network was perceived as trusted. Hardening those internal services could have minimized the impact of this attack and downgraded it from a complete service takeover to a minor security incident.
In line with our previous Kubernetes-related vulnerabilities, this research also demonstrates the tenant isolation pitfalls of using K8s in managed services. The crucial separation between the control plane (service logic) and the data plane (customer compute) is being impacted by the K8s architecture, which allows logical connections between them through APIs, identities, shared compute, and software-segmented networks.
Furthermore, this research demonstrates the unique challenges that the AI R&D process introduces. AI training requires running arbitrary code by definition; therefore, appropriate guardrails should be in place to assure that untrusted code is properly separated from internal assets and other tenants.
- You’ll regret using natural keys
-
The post made me think about what immutability means in the context of databases vs. what it means in real life. An immutable piece of data IRL is only immutable as long as the rules don’t change. The French social security number contains the gender as the first digit. People who designed the number at the time didn’t think one could change gender. I don’t know if you can change your gender legally in France nowadays, but it’s not an unlikely occurence in the future.
The conclusion is that you shouldn’t use natural keys.
- Agile Manifesto co-author blasts failure rates report, talks up 'reimagining' project
-
I’m afraid it matches a lot of people’s experience.
- Automerge is a library of data structures for building collaborative applications
-
My friends the CRDTs are available in JavaScript and Rust.
- DevRel’s Death as Zero Interest Rate Phenomenon
-
On the good side, it cleans up the market a lot; on the bad side, I’ve been cleaned up.
- Data Fetching Patterns in Single-Page Applications
-
Deep analysis of the data-fetching patterns - sadly using React.
Asynchronous State Handler
Wrap asynchronous queries with meta-queries for the state of the query.
Parallel Data Fetching
Run remote data fetches in parallel to minimize wait time
Fallback Markup
Specify fallback displays in the page markup
Code Splitting
Divide code into separate modules and dynamically load them as needed.
Prefetching
Prefetch data before it may be needed to reduce latency if it is.
- Optimizing java base docker images size from 674Mb to 58Mb
-
Among all the posts that try to get the smallest Docker image, this one avoid common pitfalls and does a lot of things correctly.