The Hardest Program I’ve Ever Written

At first, I thought hard splits weren’t needed. Any place a mandatory newline appears (like between two statements) is a place where you could just break the list of chunks in two and line split each half independently. From the line splitter’s perspective, there would be no hard splits.

Which would work… except for line comments.

The 28 AI tools I wish existed

A paint-by-number filmmaking app. I want to be able to brainstorm an idea for a short film in the app, have the model create a detailed storyboard, and then I just need to use my phone to film each of the storyboarded shots. Kind of like training wheels for making movies.

UV is the best thing to happen to the Python ecosystem in a decade

instead of: source .venv/bin/activate; python myscript.py

you can just do: uv run myscript.py

For single-file Python scripts, which 99% of mine seem to be, you can simplify your life immensely by just putting this at the top of the script

  #!/usr/bin/env -S uv run --script
  # /// script
  # requires-python = “>=3.11”
  # dependencies = [ “modules”, “here” ]
  # ///

I Tried the First Humanoid Home Robot. It Got Weird.

<video>

Why “alias” is my last resort for aliases

In my home directory, I have a folder of scripts called bin. For example, here’s a simplified version of ~/bin/g:

#!/usr/bin/env bash
exec git “$@”

A Decade of Dotfiles

Running is sugar on top of ps aux | grep $PROCESS, which I find a little hard to read sometimes.

Don’t Forget These Tags to Make HTML Work Like You Expect

<!doctype html>
<html lang=”en”>
<meta charset=”utf-8”>
<meta name=”viewport” content=”width=device-width,initial-scale=1.0”>

I used to work at Valve

I suspect that the CS:GO team finally decided to do something about it and chose this. If the team is anything like I left it, they probably modeled this extensively (we had data on nearly every game ever played in CS:GO and complete Marketplace data), and discussed the change with the TF2 and DOTA teams, who also have to deal with this, and decided that the short-term fury of a small fraction of the playerbase was worth it. I wonder if TF2 and DOTA are having similar problems and, if so, whether this change will be rolled out for those games, too.

Hacking Formula 1: Accessing Max Verstappen’s passport and PII through FIA bugs

Based on the JavaScript, there were a number of different roles on the website that were intended to be used by drivers, FIA staff, and site administrators. The most interesting one was obviously admin, so we guessed the correct HTTP PUT request format to try and update our roles

The best way to write secure and reliable applications

No code is the best way to write secure and reliable applications. Write nothing; deploy nowhere.

Days Since Last Rust Minecraft Server

It has been 175 days since the last release of a Minecraft server software written in Rust.

Walkachusetts

I found I was taking fewer photos. Like my thoughts, the desire to capture my surroundings dwindled in the second half of the day. The number of photos was also notably inversely proportional to the discomfort of my blister and the weariness of my feet.

ripgrep is faster than grep, ag, git grep, ucg, pt, sift

For both searching single files and huge directories of files, no other tool obviously stands above ripgrep in either performance or correctness. ripgrep is the only tool with proper Unicode support that doesn’t make you pay dearly for it. Tools that search many files at once are generally slower if they use memory maps, not faster.

fd

It is a simple, fast and user-friendly alternative to find. While it does not aim to support all of find’s powerful functionality, it provides sensible (opinionated) defaults for a majority of use cases.

What I self host

Ideally, I would like to have a 100% “infrastructure as code” approach, but hey, who has time for that!

21 Facts About Throwing Good Parties

Throughout the party, prioritize introducing people to each other and hosting the people who are new or shy, even at the cost of getting less time hanging out with your best friends yourself. Parties are a public service.

Pixnapping Attack

Pixnapping exploits Android APIs and a hardware side channel that affects nearly all modern Android devices. We have demonstrated Pixnapping attacks on Google and Samsung phones and end-to-end recovery of sensitive data from websites including Gmail and Google Accounts and apps including Signal, Google Authenticator, Venmo, and Google Maps. Notably, our attack against Google Authenticator allows any malicious app to steal 2FA codes in under 30 seconds while hiding the attack from the user.