Shai-Hulud Second Coming: Software Supply Chain Attack Exposing Code and Harvesting Credentials
https://www.reddit.com/r/programming/comments/1p5g2ac/shaihulud_second_coming_software_supply_chain/
<!-- SC_OFF -->The Shai-Hulud attackers are back with a new supply chain attack targeting the npm ecosystem. Multiple popular packages were infected with malicious payload via preinstall noscript. The attack is in progress. Some of the indicators include: Download and installation of bun Executing bun_environment.js using bun Credentials stolen from infected machines and CI/CD are being exposed through GitHub public repositories. https://github.com/search?q=%22Sha1-Hulud%3A%20The%20Second%20Coming%22&type=repositories <!-- SC_ON --> submitted by /u/N1ghtCod3r (https://www.reddit.com/user/N1ghtCod3r)
[link] (https://safedep.io/shai-hulud-second-coming-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1p5g2ac/shaihulud_second_coming_software_supply_chain/)
https://www.reddit.com/r/programming/comments/1p5g2ac/shaihulud_second_coming_software_supply_chain/
<!-- SC_OFF -->The Shai-Hulud attackers are back with a new supply chain attack targeting the npm ecosystem. Multiple popular packages were infected with malicious payload via preinstall noscript. The attack is in progress. Some of the indicators include: Download and installation of bun Executing bun_environment.js using bun Credentials stolen from infected machines and CI/CD are being exposed through GitHub public repositories. https://github.com/search?q=%22Sha1-Hulud%3A%20The%20Second%20Coming%22&type=repositories <!-- SC_ON --> submitted by /u/N1ghtCod3r (https://www.reddit.com/user/N1ghtCod3r)
[link] (https://safedep.io/shai-hulud-second-coming-supply-chain-attack/) [comments] (https://www.reddit.com/r/programming/comments/1p5g2ac/shaihulud_second_coming_software_supply_chain/)
How many HTTP requests/second can a Single Machine handle?
https://www.reddit.com/r/programming/comments/1p5gins/how_many_http_requestssecond_can_a_single_machine/
<!-- SC_OFF -->When designing systems and deciding on the architecture, the use of microservices and other complex solutions is often justified on the basis of predicted performance and scalability needs. Out of curiosity then, I decided to tests the performance limits of an extremely simple approach, the simplest possible one: A single instance of an application, with a single instance of a database, deployed to a single machine. To resemble real-world use cases as much as possible, we have the following: Java 21-based REST API built with Spring Boot 3 and using Virtual Threads PostgreSQL as a database, loaded with over one million rows of data External volume for the database - it does not write to the local file system Realistic load characteristics: tests consist primarily of read requests with approximately 20% of writes. They call our REST API which makes use of the PostgreSQL database with a reasonable amount of data (over one million rows) Single Machine in a few versions: 1 CPU, 2 GB of memory 2 CPUs, 4 GB of memory 4 CPUs, 8 GB of memory Single LoadTest file as a testing tool - running on 4 test machines, in parallel, since we usually have many HTTP clients, not just one Everything built and running in Docker DigitalOcean as the infrastructure provider As we can see the results at the bottom: a single machine, with a single database, can handle a lot - way more than most of us will ever need. Unless we have extreme load and performance needs, microservices serve mostly as an organizational tool, allowing many teams to work in parallel more easily. Performance doesn't justify them. The results: Small machine - 1 CPU, 2 GB of memory Can handle sustained load of 200 - 300 RPS For 15 seconds, it was able to handle 1000 RPS with stats: Min: 0.001s, Max: 0.2s, Mean: 0.013s Percentile 90: 0.026s, Percentile 95: 0.034s Percentile 99: 0.099s Medium machine - 2 CPUs, 4 GB of memory Can handle sustained load of 500 - 1000 RPS For 15 seconds, it was able to handle 1000 RPS with stats: Min: 0.001s, Max: 0.135s, Mean: 0.004s Percentile 90: 0.007s, Percentile 95: 0.01s Percentile 99: 0.023s Large machine - 4 CPUs, 8 GB of memory Can handle sustained load of 2000 - 3000 RPS For 15 seconds, it was able to handle 4000 RPS with stats: Min: 0.0s, (less than 1ms), Max: 1.05s, Mean: 0.058s Percentile 90: 0.124s, Percentile 95: 0.353s Percentile 99: 0.746s Huge machine - 8 CPUs, 16 GB of memory (not tested) Most likely can handle sustained load of 4000 - 6000 RPS <!-- SC_ON --> submitted by /u/BinaryIgor (https://www.reddit.com/user/BinaryIgor)
[link] (https://binaryigor.com/how-many-http-requests-can-a-single-machine-handle.html) [comments] (https://www.reddit.com/r/programming/comments/1p5gins/how_many_http_requestssecond_can_a_single_machine/)
https://www.reddit.com/r/programming/comments/1p5gins/how_many_http_requestssecond_can_a_single_machine/
<!-- SC_OFF -->When designing systems and deciding on the architecture, the use of microservices and other complex solutions is often justified on the basis of predicted performance and scalability needs. Out of curiosity then, I decided to tests the performance limits of an extremely simple approach, the simplest possible one: A single instance of an application, with a single instance of a database, deployed to a single machine. To resemble real-world use cases as much as possible, we have the following: Java 21-based REST API built with Spring Boot 3 and using Virtual Threads PostgreSQL as a database, loaded with over one million rows of data External volume for the database - it does not write to the local file system Realistic load characteristics: tests consist primarily of read requests with approximately 20% of writes. They call our REST API which makes use of the PostgreSQL database with a reasonable amount of data (over one million rows) Single Machine in a few versions: 1 CPU, 2 GB of memory 2 CPUs, 4 GB of memory 4 CPUs, 8 GB of memory Single LoadTest file as a testing tool - running on 4 test machines, in parallel, since we usually have many HTTP clients, not just one Everything built and running in Docker DigitalOcean as the infrastructure provider As we can see the results at the bottom: a single machine, with a single database, can handle a lot - way more than most of us will ever need. Unless we have extreme load and performance needs, microservices serve mostly as an organizational tool, allowing many teams to work in parallel more easily. Performance doesn't justify them. The results: Small machine - 1 CPU, 2 GB of memory Can handle sustained load of 200 - 300 RPS For 15 seconds, it was able to handle 1000 RPS with stats: Min: 0.001s, Max: 0.2s, Mean: 0.013s Percentile 90: 0.026s, Percentile 95: 0.034s Percentile 99: 0.099s Medium machine - 2 CPUs, 4 GB of memory Can handle sustained load of 500 - 1000 RPS For 15 seconds, it was able to handle 1000 RPS with stats: Min: 0.001s, Max: 0.135s, Mean: 0.004s Percentile 90: 0.007s, Percentile 95: 0.01s Percentile 99: 0.023s Large machine - 4 CPUs, 8 GB of memory Can handle sustained load of 2000 - 3000 RPS For 15 seconds, it was able to handle 4000 RPS with stats: Min: 0.0s, (less than 1ms), Max: 1.05s, Mean: 0.058s Percentile 90: 0.124s, Percentile 95: 0.353s Percentile 99: 0.746s Huge machine - 8 CPUs, 16 GB of memory (not tested) Most likely can handle sustained load of 4000 - 6000 RPS <!-- SC_ON --> submitted by /u/BinaryIgor (https://www.reddit.com/user/BinaryIgor)
[link] (https://binaryigor.com/how-many-http-requests-can-a-single-machine-handle.html) [comments] (https://www.reddit.com/r/programming/comments/1p5gins/how_many_http_requestssecond_can_a_single_machine/)
A bug fixing journey when writing a C++ Code Search Engine: std::string is not that simple
https://www.reddit.com/r/programming/comments/1p5h0c4/a_bug_fixing_journey_when_writing_a_c_code_search/
<!-- SC_OFF -->Hi everyone, I built a code search engine called Coogle (inspired by Haskell's Hoogle) to help navigate our massive legacy C/C++ codebase. While building the parser, I ran into a confusing bug where I couldn't find functions returning std::string. It turned out std::string doesn't really exist in the AST—it's a typedef for a template monster. I wrote a blog post about: Why C's char type is tricky (it's a byte, not a character). How std::string works under the hood How std::string_view is so similar to the Linux Kernel's qstr. Link: Back to Basics: From C char to string_view (Notes from building Coogle) (https://thecloudlet.github.io/blog/cpp/cpp-string/) If you are building dev tools or indexers, hopefully, this saves you some debug time. <!-- SC_ON --> submitted by /u/ypaskell (https://www.reddit.com/user/ypaskell)
[link] (https://thecloudlet.github.io/blog/cpp/cpp-string/) [comments] (https://www.reddit.com/r/programming/comments/1p5h0c4/a_bug_fixing_journey_when_writing_a_c_code_search/)
https://www.reddit.com/r/programming/comments/1p5h0c4/a_bug_fixing_journey_when_writing_a_c_code_search/
<!-- SC_OFF -->Hi everyone, I built a code search engine called Coogle (inspired by Haskell's Hoogle) to help navigate our massive legacy C/C++ codebase. While building the parser, I ran into a confusing bug where I couldn't find functions returning std::string. It turned out std::string doesn't really exist in the AST—it's a typedef for a template monster. I wrote a blog post about: Why C's char type is tricky (it's a byte, not a character). How std::string works under the hood How std::string_view is so similar to the Linux Kernel's qstr. Link: Back to Basics: From C char to string_view (Notes from building Coogle) (https://thecloudlet.github.io/blog/cpp/cpp-string/) If you are building dev tools or indexers, hopefully, this saves you some debug time. <!-- SC_ON --> submitted by /u/ypaskell (https://www.reddit.com/user/ypaskell)
[link] (https://thecloudlet.github.io/blog/cpp/cpp-string/) [comments] (https://www.reddit.com/r/programming/comments/1p5h0c4/a_bug_fixing_journey_when_writing_a_c_code_search/)
Shaders
https://www.reddit.com/r/programming/comments/1p5i0o4/shaders/
submitted by /u/DifficultSecretary22 (https://www.reddit.com/user/DifficultSecretary22)
[link] (https://www.makingsoftware.com/chapters/shaders) [comments] (https://www.reddit.com/r/programming/comments/1p5i0o4/shaders/)
https://www.reddit.com/r/programming/comments/1p5i0o4/shaders/
submitted by /u/DifficultSecretary22 (https://www.reddit.com/user/DifficultSecretary22)
[link] (https://www.makingsoftware.com/chapters/shaders) [comments] (https://www.reddit.com/r/programming/comments/1p5i0o4/shaders/)
Sha1-Hulud The Second Comming - Postman, Zapier, PostHog all compromised via NPM
https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/
<!-- SC_OFF -->In September, a self-propagating worm called Sha1-Hulud came into action. A new version is now spreading and it is much much worse! Link: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains The mechanics are basically the same, It infected NPM packages with stolen developer tokens. The malware uses preinstall noscript to run malware on a victim machine, scans for secrets, steals them and publishes them on GitHub in a public repository. It then uses stolen NPM tokens to infect more packages. In September, it never made critical mass... But now it looks like it has. So far, over 28,000 GitHub repositories have been made with the denoscription "Sha1-Hulud: The Second Coming". These repos have the stolen secrets inside them encoded in Base64. https://github.com/search?q=Sha1-Hulud%3A+The+Second+Coming&ref=opensearch&type=repositories We first published about this after our discover at 09:25 CET but it has since got much worse. https://x.com/AikidoSecurity/status/1992872292745888025 At the start, the most significant compromise was Zapier (we still think this is the most likely first seed), but as the propagation started to pick up steam, we quickly saw other big names like PostMan and PostHog also fall. Technical details of the attack The malicious packages execute code in the preinstall lifecycle noscript. Payload names include files like setup_bun.js and bun_environment.js. On infection, the malware: Registers the machine as a “self-hosted runner” named “SHA1HULUD” and injects a GitHub Actions workflow (.github/workflows/discussion.yaml) to allow arbitrary commands via GitHub discussions. Exfiltrates secrets via another workflow (formatter_123456789.yml) that uploads secrets as artifacts, then deletes traces (branch & workflow) to hide. Targets cloud credentials across AWS, Azure, GCP: reads environment variables, metadata services, credentials files; tries privilege escalation (e.g., via Docker container breakout) and persistent access. Impact & Affected Package We are updating our blog as we go, at time of writing this its 425 packages covering 132 million weekly downloads total Compromised Zaiper Packages zapier/ai-actions zapier/ai-actions-react zapier/babel-preset-zapier zapier/browserslist-config-zapier zapier/eslint-plugin-zapier zapier/mcp-integration zapier/secret-scrubber zapier/spectral-api-ruleset zapier/stubtree zapier/zapier-sdk zapier-async-storage zapier-platform-cli zapier-platform-core zapier-platform-legacy-noscripting-runner zapier-platform-schema zapier-noscripts Compromised Postman Packages postman/aether-icons postman/csv-parse postman/final-node-keytar postman/mcp-ui-client postman/node-keytar postman/pm-bin-linux-x64 postman/pm-bin-macos-arm64 postman/pm-bin-macos-x64 postman/pm-bin-windows-x64 postman/postman-collection-fork postman/postman-mcp-cli postman/postman-mcp-server postman/pretty-ms postman/secret-scanner-wasm postman/tunnel-agent postman/wdio-allure-reporter postman/wdio-junit-reporter Compromised Post Hog Packages posthog/agent posthog/ai posthog/automatic-cohorts-plugin posthog/bitbucket-release-tracker posthog/cli posthog/clickhouse posthog/core posthog/currency-normalization-plugin posthog/customerio-plugin posthog/databricks-plugin posthog/drop-events-on-property-plugin posthog/event-sequence-timer-plugin posthog/filter-out-plugin posthog/first-time-event-tracker posthog/geoip-plugin posthog/github-release-tracking-plugin posthog/gitub-star-sync-plugin posthog/heartbeat-plugin posthog/hedgehog-mode posthog/icons posthog/ingestion-alert-plugin posthog/intercom-plugin posthog/kinesis-plugin posthog/laudspeaker-plugin posthog/lemon-ui posthog/maxmind-plugin posthog/migrator3000-plugin posthog/netdata-event-processing posthog/nextjs posthog/nextjs-config posthog/nuxt
https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/
<!-- SC_OFF -->In September, a self-propagating worm called Sha1-Hulud came into action. A new version is now spreading and it is much much worse! Link: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains The mechanics are basically the same, It infected NPM packages with stolen developer tokens. The malware uses preinstall noscript to run malware on a victim machine, scans for secrets, steals them and publishes them on GitHub in a public repository. It then uses stolen NPM tokens to infect more packages. In September, it never made critical mass... But now it looks like it has. So far, over 28,000 GitHub repositories have been made with the denoscription "Sha1-Hulud: The Second Coming". These repos have the stolen secrets inside them encoded in Base64. https://github.com/search?q=Sha1-Hulud%3A+The+Second+Coming&ref=opensearch&type=repositories We first published about this after our discover at 09:25 CET but it has since got much worse. https://x.com/AikidoSecurity/status/1992872292745888025 At the start, the most significant compromise was Zapier (we still think this is the most likely first seed), but as the propagation started to pick up steam, we quickly saw other big names like PostMan and PostHog also fall. Technical details of the attack The malicious packages execute code in the preinstall lifecycle noscript. Payload names include files like setup_bun.js and bun_environment.js. On infection, the malware: Registers the machine as a “self-hosted runner” named “SHA1HULUD” and injects a GitHub Actions workflow (.github/workflows/discussion.yaml) to allow arbitrary commands via GitHub discussions. Exfiltrates secrets via another workflow (formatter_123456789.yml) that uploads secrets as artifacts, then deletes traces (branch & workflow) to hide. Targets cloud credentials across AWS, Azure, GCP: reads environment variables, metadata services, credentials files; tries privilege escalation (e.g., via Docker container breakout) and persistent access. Impact & Affected Package We are updating our blog as we go, at time of writing this its 425 packages covering 132 million weekly downloads total Compromised Zaiper Packages zapier/ai-actions zapier/ai-actions-react zapier/babel-preset-zapier zapier/browserslist-config-zapier zapier/eslint-plugin-zapier zapier/mcp-integration zapier/secret-scrubber zapier/spectral-api-ruleset zapier/stubtree zapier/zapier-sdk zapier-async-storage zapier-platform-cli zapier-platform-core zapier-platform-legacy-noscripting-runner zapier-platform-schema zapier-noscripts Compromised Postman Packages postman/aether-icons postman/csv-parse postman/final-node-keytar postman/mcp-ui-client postman/node-keytar postman/pm-bin-linux-x64 postman/pm-bin-macos-arm64 postman/pm-bin-macos-x64 postman/pm-bin-windows-x64 postman/postman-collection-fork postman/postman-mcp-cli postman/postman-mcp-server postman/pretty-ms postman/secret-scanner-wasm postman/tunnel-agent postman/wdio-allure-reporter postman/wdio-junit-reporter Compromised Post Hog Packages posthog/agent posthog/ai posthog/automatic-cohorts-plugin posthog/bitbucket-release-tracker posthog/cli posthog/clickhouse posthog/core posthog/currency-normalization-plugin posthog/customerio-plugin posthog/databricks-plugin posthog/drop-events-on-property-plugin posthog/event-sequence-timer-plugin posthog/filter-out-plugin posthog/first-time-event-tracker posthog/geoip-plugin posthog/github-release-tracking-plugin posthog/gitub-star-sync-plugin posthog/heartbeat-plugin posthog/hedgehog-mode posthog/icons posthog/ingestion-alert-plugin posthog/intercom-plugin posthog/kinesis-plugin posthog/laudspeaker-plugin posthog/lemon-ui posthog/maxmind-plugin posthog/migrator3000-plugin posthog/netdata-event-processing posthog/nextjs posthog/nextjs-config posthog/nuxt
posthog/pagerduty-plugin posthog/piscina posthog/plugin-contrib posthog/plugin-server posthog/plugin-unduplicates posthog/postgres-plugin posthog/react-rrweb-player posthog/rrdom posthog/rrweb posthog/rrweb-player posthog/rrweb-record posthog/rrweb-replay posthog/rrweb-snapshot posthog/rrweb-utils posthog/sendgrid-plugin posthog/siphash posthog/snowflake-export-plugin posthog/taxonomy-plugin posthog/twilio-plugin posthog/twitter-followers-plugin posthog/url-normalizer-plugin posthog/variance-plugin posthog/web-dev-server posthog/wizard posthog/zendesk-plugin posthog-docusaurus posthog-js posthog-node posthog-plugin-hello-world posthog-react-native posthog-react-native-session-replay What to do if you’re impacted (or want to protect yourself) Search Immediately remove/replace any compromised packages. Clear npm cache (npm cache clean --force), delete node_modules, reinstall clean. (This will prevent reinfection) Rotate all credentials: npm tokens, GitHub PATs, SSH keys, cloud credentials. Enforce MFA (ideally phishing-resistant) for developers + CI/CD accounts. Audit GitHub & CI/CD pipelines: search for new repos with denoscription “Sha1-Hulud: The Second Coming”, look for unauthorized workflows or commits, monitor for unexpected npm publishes. Implement something like Safe-Chain to prevent malicious packages from getting installed https://github.com/AikidoSec/safe-chain Links Blog Post: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains First Social Posts https://www.linkedin.com/posts/advocatemack_zapier-supply-chain-compromise-alert-in-activity-7398643172815421440-egmk <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) [comments] (https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/)
[link] (https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) [comments] (https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/)
Assert in production
https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/
<!-- SC_OFF -->Why your code should crash more <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://dtornow.substack.com/p/assert-in-production) [comments] (https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/)
https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/
<!-- SC_OFF -->Why your code should crash more <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://dtornow.substack.com/p/assert-in-production) [comments] (https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/)
Supply and Demand Are Broken in Programming Education
https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/
submitted by /u/wagslane (https://www.reddit.com/user/wagslane)
[link] (https://blog.boot.dev/jobs/supply-demand-broken-programming-education/) [comments] (https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/)
https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/
submitted by /u/wagslane (https://www.reddit.com/user/wagslane)
[link] (https://blog.boot.dev/jobs/supply-demand-broken-programming-education/) [comments] (https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/)
Building Modern Databases with the FDAP Stack • Andrew Lamb & Olimpiu Pop
https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/
submitted by /u/goto-con (https://www.reddit.com/user/goto-con)
[link] (https://youtu.be/Gd-mhbiy8Vo?list=PLEx5khR4g7PJozVmHNpQTVrk1QRC7YaJu) [comments] (https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/)
https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/
submitted by /u/goto-con (https://www.reddit.com/user/goto-con)
[link] (https://youtu.be/Gd-mhbiy8Vo?list=PLEx5khR4g7PJozVmHNpQTVrk1QRC7YaJu) [comments] (https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/)
Backend-driven SwiftUI
https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/
submitted by /u/jacobs-tech-tavern (https://www.reddit.com/user/jacobs-tech-tavern)
[link] (https://blog.jacobstechtavern.com/p/backend-driven-swiftui) [comments] (https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/)
https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/
submitted by /u/jacobs-tech-tavern (https://www.reddit.com/user/jacobs-tech-tavern)
[link] (https://blog.jacobstechtavern.com/p/backend-driven-swiftui) [comments] (https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/)
Why Electronic Voting is a BAD Idea - Why you can't program your way to election integrity
https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/
submitted by /u/grauenwolf (https://www.reddit.com/user/grauenwolf)
[link] (https://www.youtube.com/watch?v=w3_0x6oaDmI) [comments] (https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/)
https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/
submitted by /u/grauenwolf (https://www.reddit.com/user/grauenwolf)
[link] (https://www.youtube.com/watch?v=w3_0x6oaDmI) [comments] (https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/)
Build a Compiler in Five Projects
https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/
submitted by /u/azhenley (https://www.reddit.com/user/azhenley)
[link] (https://kmicinski.com/functional-programming/2025/11/23/build-a-language/) [comments] (https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/)
https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/
submitted by /u/azhenley (https://www.reddit.com/user/azhenley)
[link] (https://kmicinski.com/functional-programming/2025/11/23/build-a-language/) [comments] (https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/)
Evolution of Rust compiler errors
https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html) [comments] (https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/)
https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html) [comments] (https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/)
How I resolved the golang struct field name conundrum
https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/
<!-- SC_OFF -->I explain a few methods to retrieve a struct field name, going from a runtime to a code generation solutions.
I wonder, how do you resolve this challenge in your language of choice ? <!-- SC_ON --> submitted by /u/Turbulent_Zone157 (https://www.reddit.com/user/Turbulent_Zone157)
[link] (https://alvarolm.github.io/named) [comments] (https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/)
https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/
<!-- SC_OFF -->I explain a few methods to retrieve a struct field name, going from a runtime to a code generation solutions.
I wonder, how do you resolve this challenge in your language of choice ? <!-- SC_ON --> submitted by /u/Turbulent_Zone157 (https://www.reddit.com/user/Turbulent_Zone157)
[link] (https://alvarolm.github.io/named) [comments] (https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/)
Misunderstanding that “Dependency” comic
https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/
submitted by /u/radarvan07 (https://www.reddit.com/user/radarvan07)
[link] (https://bertptrs.nl/2025/11/24/misunderstanding-that-dependency-comic.html) [comments] (https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/)
https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/
submitted by /u/radarvan07 (https://www.reddit.com/user/radarvan07)
[link] (https://bertptrs.nl/2025/11/24/misunderstanding-that-dependency-comic.html) [comments] (https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/)
A million ways to die from a data race in Go
https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/
submitted by /u/broken_broken_ (https://www.reddit.com/user/broken_broken_)
[link] (https://gaultier.github.io/blog/a_million_ways_to_data_race_in_go.html) [comments] (https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/)
https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/
submitted by /u/broken_broken_ (https://www.reddit.com/user/broken_broken_)
[link] (https://gaultier.github.io/blog/a_million_ways_to_data_race_in_go.html) [comments] (https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/)
Notes from building a B+Tree storage engine in .NET — design trade-offs and unexpected challenges
https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/
<!-- SC_OFF -->I’ve been exploring B+Tree implementations recently and decided to build a small storage engine in .NET as a way to understand the lower-level behavior of on-disk indexing structures. I wanted to share some of the interesting technical challenges I ran into — in case others find the internals fun to think about. Some of the more interesting aspects were: • Page layout decisions
Choosing the right fixed-size page format ended up being more subtle than expected. Even small choices (header size, key encoding, how much space to reserve for split operations) had major downstream effects on fragmentation and insert performance. • Handling node splits efficiently
B+Tree splits are straightforward in memory, but on disk the cost model is very different. Ensuring minimal writes and predictable locality forced me to rethink a few “textbook” algorithms. • Concurrency vs. simplicity
I experimented with optimistic vs. coarse-grained locking. Even implementing a read-optimized path required careful handling of pointer updates during splits. • Crash-safety without a full WAL
One interesting constraint was trying to maintain reasonable crash-safety guarantees without embedding a full write-ahead log. Page write ordering and atomic metadata updates become tricky puzzles. • Benchmarking surprises
Some operations that I expected to be expensive (like sequential inserts) performed far better than random inserts, even after caching. A few caching heuristics ended up mattering much more than raw structure layout. If anyone wants to look deeper into the implementation details (purely from an educational/technical standpoint), the code is available on NuGet:
https://www.nuget.org/packages/BTreePlus
(Sharing only as reference material — not asking for feedback or promoting anything.) Always happy to discuss data-structure internals or hear how others have approached similar problems. <!-- SC_ON --> submitted by /u/Tasty_Oven_779 (https://www.reddit.com/user/Tasty_Oven_779)
[link] (https://www.nuget.org/packages/BTreePlus) [comments] (https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/)
https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/
<!-- SC_OFF -->I’ve been exploring B+Tree implementations recently and decided to build a small storage engine in .NET as a way to understand the lower-level behavior of on-disk indexing structures. I wanted to share some of the interesting technical challenges I ran into — in case others find the internals fun to think about. Some of the more interesting aspects were: • Page layout decisions
Choosing the right fixed-size page format ended up being more subtle than expected. Even small choices (header size, key encoding, how much space to reserve for split operations) had major downstream effects on fragmentation and insert performance. • Handling node splits efficiently
B+Tree splits are straightforward in memory, but on disk the cost model is very different. Ensuring minimal writes and predictable locality forced me to rethink a few “textbook” algorithms. • Concurrency vs. simplicity
I experimented with optimistic vs. coarse-grained locking. Even implementing a read-optimized path required careful handling of pointer updates during splits. • Crash-safety without a full WAL
One interesting constraint was trying to maintain reasonable crash-safety guarantees without embedding a full write-ahead log. Page write ordering and atomic metadata updates become tricky puzzles. • Benchmarking surprises
Some operations that I expected to be expensive (like sequential inserts) performed far better than random inserts, even after caching. A few caching heuristics ended up mattering much more than raw structure layout. If anyone wants to look deeper into the implementation details (purely from an educational/technical standpoint), the code is available on NuGet:
https://www.nuget.org/packages/BTreePlus
(Sharing only as reference material — not asking for feedback or promoting anything.) Always happy to discuss data-structure internals or hear how others have approached similar problems. <!-- SC_ON --> submitted by /u/Tasty_Oven_779 (https://www.reddit.com/user/Tasty_Oven_779)
[link] (https://www.nuget.org/packages/BTreePlus) [comments] (https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/)
Everything you should know about confidential computing
https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/
submitted by /u/danielrothmann (https://www.reddit.com/user/danielrothmann)
[link] (https://blog.42futures.com/p/confidential-computing) [comments] (https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/)
https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/
submitted by /u/danielrothmann (https://www.reddit.com/user/danielrothmann)
[link] (https://blog.42futures.com/p/confidential-computing) [comments] (https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/)
MUM-based hash functions
https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/
submitted by /u/compilersarefun (https://www.reddit.com/user/compilersarefun)
[link] (https://vnmakarov.github.io/performance/optimization/2025/11/25/mum-based-hash-functions.html) [comments] (https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/)
https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/
submitted by /u/compilersarefun (https://www.reddit.com/user/compilersarefun)
[link] (https://vnmakarov.github.io/performance/optimization/2025/11/25/mum-based-hash-functions.html) [comments] (https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/)
How NimbleParsec Works And Why I Would Choose It Again!
https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/
<!-- SC_OFF -->This one is for the elixir devs out there! <!-- SC_ON --> submitted by /u/AltruisticPrimary34 (https://www.reddit.com/user/AltruisticPrimary34)
[link] (https://revelry.co/insights/development/elixir/nimbleparsec/) [comments] (https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/)
https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/
<!-- SC_OFF -->This one is for the elixir devs out there! <!-- SC_ON --> submitted by /u/AltruisticPrimary34 (https://www.reddit.com/user/AltruisticPrimary34)
[link] (https://revelry.co/insights/development/elixir/nimbleparsec/) [comments] (https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/)
What Actually Makes You Senior
https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/
submitted by /u/Acceptable-Courage-9 (https://www.reddit.com/user/Acceptable-Courage-9)
[link] (https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/) [comments] (https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/)
https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/
submitted by /u/Acceptable-Courage-9 (https://www.reddit.com/user/Acceptable-Courage-9)
[link] (https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/) [comments] (https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/)