Sha1-Hulud The Second Comming - Postman, Zapier, PostHog all compromised via NPM
https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/
<!-- SC_OFF -->In September, a self-propagating worm called Sha1-Hulud came into action. A new version is now spreading and it is much much worse! Link: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains The mechanics are basically the same, It infected NPM packages with stolen developer tokens. The malware uses preinstall noscript to run malware on a victim machine, scans for secrets, steals them and publishes them on GitHub in a public repository. It then uses stolen NPM tokens to infect more packages. In September, it never made critical mass... But now it looks like it has. So far, over 28,000 GitHub repositories have been made with the denoscription "Sha1-Hulud: The Second Coming". These repos have the stolen secrets inside them encoded in Base64. https://github.com/search?q=Sha1-Hulud%3A+The+Second+Coming&ref=opensearch&type=repositories We first published about this after our discover at 09:25 CET but it has since got much worse. https://x.com/AikidoSecurity/status/1992872292745888025 At the start, the most significant compromise was Zapier (we still think this is the most likely first seed), but as the propagation started to pick up steam, we quickly saw other big names like PostMan and PostHog also fall. Technical details of the attack The malicious packages execute code in the preinstall lifecycle noscript. Payload names include files like setup_bun.js and bun_environment.js. On infection, the malware: Registers the machine as a “self-hosted runner” named “SHA1HULUD” and injects a GitHub Actions workflow (.github/workflows/discussion.yaml) to allow arbitrary commands via GitHub discussions. Exfiltrates secrets via another workflow (formatter_123456789.yml) that uploads secrets as artifacts, then deletes traces (branch & workflow) to hide. Targets cloud credentials across AWS, Azure, GCP: reads environment variables, metadata services, credentials files; tries privilege escalation (e.g., via Docker container breakout) and persistent access. Impact & Affected Package We are updating our blog as we go, at time of writing this its 425 packages covering 132 million weekly downloads total Compromised Zaiper Packages zapier/ai-actions zapier/ai-actions-react zapier/babel-preset-zapier zapier/browserslist-config-zapier zapier/eslint-plugin-zapier zapier/mcp-integration zapier/secret-scrubber zapier/spectral-api-ruleset zapier/stubtree zapier/zapier-sdk zapier-async-storage zapier-platform-cli zapier-platform-core zapier-platform-legacy-noscripting-runner zapier-platform-schema zapier-noscripts Compromised Postman Packages postman/aether-icons postman/csv-parse postman/final-node-keytar postman/mcp-ui-client postman/node-keytar postman/pm-bin-linux-x64 postman/pm-bin-macos-arm64 postman/pm-bin-macos-x64 postman/pm-bin-windows-x64 postman/postman-collection-fork postman/postman-mcp-cli postman/postman-mcp-server postman/pretty-ms postman/secret-scanner-wasm postman/tunnel-agent postman/wdio-allure-reporter postman/wdio-junit-reporter Compromised Post Hog Packages posthog/agent posthog/ai posthog/automatic-cohorts-plugin posthog/bitbucket-release-tracker posthog/cli posthog/clickhouse posthog/core posthog/currency-normalization-plugin posthog/customerio-plugin posthog/databricks-plugin posthog/drop-events-on-property-plugin posthog/event-sequence-timer-plugin posthog/filter-out-plugin posthog/first-time-event-tracker posthog/geoip-plugin posthog/github-release-tracking-plugin posthog/gitub-star-sync-plugin posthog/heartbeat-plugin posthog/hedgehog-mode posthog/icons posthog/ingestion-alert-plugin posthog/intercom-plugin posthog/kinesis-plugin posthog/laudspeaker-plugin posthog/lemon-ui posthog/maxmind-plugin posthog/migrator3000-plugin posthog/netdata-event-processing posthog/nextjs posthog/nextjs-config posthog/nuxt
https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/
<!-- SC_OFF -->In September, a self-propagating worm called Sha1-Hulud came into action. A new version is now spreading and it is much much worse! Link: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains The mechanics are basically the same, It infected NPM packages with stolen developer tokens. The malware uses preinstall noscript to run malware on a victim machine, scans for secrets, steals them and publishes them on GitHub in a public repository. It then uses stolen NPM tokens to infect more packages. In September, it never made critical mass... But now it looks like it has. So far, over 28,000 GitHub repositories have been made with the denoscription "Sha1-Hulud: The Second Coming". These repos have the stolen secrets inside them encoded in Base64. https://github.com/search?q=Sha1-Hulud%3A+The+Second+Coming&ref=opensearch&type=repositories We first published about this after our discover at 09:25 CET but it has since got much worse. https://x.com/AikidoSecurity/status/1992872292745888025 At the start, the most significant compromise was Zapier (we still think this is the most likely first seed), but as the propagation started to pick up steam, we quickly saw other big names like PostMan and PostHog also fall. Technical details of the attack The malicious packages execute code in the preinstall lifecycle noscript. Payload names include files like setup_bun.js and bun_environment.js. On infection, the malware: Registers the machine as a “self-hosted runner” named “SHA1HULUD” and injects a GitHub Actions workflow (.github/workflows/discussion.yaml) to allow arbitrary commands via GitHub discussions. Exfiltrates secrets via another workflow (formatter_123456789.yml) that uploads secrets as artifacts, then deletes traces (branch & workflow) to hide. Targets cloud credentials across AWS, Azure, GCP: reads environment variables, metadata services, credentials files; tries privilege escalation (e.g., via Docker container breakout) and persistent access. Impact & Affected Package We are updating our blog as we go, at time of writing this its 425 packages covering 132 million weekly downloads total Compromised Zaiper Packages zapier/ai-actions zapier/ai-actions-react zapier/babel-preset-zapier zapier/browserslist-config-zapier zapier/eslint-plugin-zapier zapier/mcp-integration zapier/secret-scrubber zapier/spectral-api-ruleset zapier/stubtree zapier/zapier-sdk zapier-async-storage zapier-platform-cli zapier-platform-core zapier-platform-legacy-noscripting-runner zapier-platform-schema zapier-noscripts Compromised Postman Packages postman/aether-icons postman/csv-parse postman/final-node-keytar postman/mcp-ui-client postman/node-keytar postman/pm-bin-linux-x64 postman/pm-bin-macos-arm64 postman/pm-bin-macos-x64 postman/pm-bin-windows-x64 postman/postman-collection-fork postman/postman-mcp-cli postman/postman-mcp-server postman/pretty-ms postman/secret-scanner-wasm postman/tunnel-agent postman/wdio-allure-reporter postman/wdio-junit-reporter Compromised Post Hog Packages posthog/agent posthog/ai posthog/automatic-cohorts-plugin posthog/bitbucket-release-tracker posthog/cli posthog/clickhouse posthog/core posthog/currency-normalization-plugin posthog/customerio-plugin posthog/databricks-plugin posthog/drop-events-on-property-plugin posthog/event-sequence-timer-plugin posthog/filter-out-plugin posthog/first-time-event-tracker posthog/geoip-plugin posthog/github-release-tracking-plugin posthog/gitub-star-sync-plugin posthog/heartbeat-plugin posthog/hedgehog-mode posthog/icons posthog/ingestion-alert-plugin posthog/intercom-plugin posthog/kinesis-plugin posthog/laudspeaker-plugin posthog/lemon-ui posthog/maxmind-plugin posthog/migrator3000-plugin posthog/netdata-event-processing posthog/nextjs posthog/nextjs-config posthog/nuxt
posthog/pagerduty-plugin posthog/piscina posthog/plugin-contrib posthog/plugin-server posthog/plugin-unduplicates posthog/postgres-plugin posthog/react-rrweb-player posthog/rrdom posthog/rrweb posthog/rrweb-player posthog/rrweb-record posthog/rrweb-replay posthog/rrweb-snapshot posthog/rrweb-utils posthog/sendgrid-plugin posthog/siphash posthog/snowflake-export-plugin posthog/taxonomy-plugin posthog/twilio-plugin posthog/twitter-followers-plugin posthog/url-normalizer-plugin posthog/variance-plugin posthog/web-dev-server posthog/wizard posthog/zendesk-plugin posthog-docusaurus posthog-js posthog-node posthog-plugin-hello-world posthog-react-native posthog-react-native-session-replay What to do if you’re impacted (or want to protect yourself) Search Immediately remove/replace any compromised packages. Clear npm cache (npm cache clean --force), delete node_modules, reinstall clean. (This will prevent reinfection) Rotate all credentials: npm tokens, GitHub PATs, SSH keys, cloud credentials. Enforce MFA (ideally phishing-resistant) for developers + CI/CD accounts. Audit GitHub & CI/CD pipelines: search for new repos with denoscription “Sha1-Hulud: The Second Coming”, look for unauthorized workflows or commits, monitor for unexpected npm publishes. Implement something like Safe-Chain to prevent malicious packages from getting installed https://github.com/AikidoSec/safe-chain Links Blog Post: https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains First Social Posts https://www.linkedin.com/posts/advocatemack_zapier-supply-chain-compromise-alert-in-activity-7398643172815421440-egmk <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) [comments] (https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/)
[link] (https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains) [comments] (https://www.reddit.com/r/programming/comments/1p5i31d/sha1hulud_the_second_comming_postman_zapier/)
Assert in production
https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/
<!-- SC_OFF -->Why your code should crash more <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://dtornow.substack.com/p/assert-in-production) [comments] (https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/)
https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/
<!-- SC_OFF -->Why your code should crash more <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://dtornow.substack.com/p/assert-in-production) [comments] (https://www.reddit.com/r/programming/comments/1p5jdqe/assert_in_production/)
Supply and Demand Are Broken in Programming Education
https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/
submitted by /u/wagslane (https://www.reddit.com/user/wagslane)
[link] (https://blog.boot.dev/jobs/supply-demand-broken-programming-education/) [comments] (https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/)
https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/
submitted by /u/wagslane (https://www.reddit.com/user/wagslane)
[link] (https://blog.boot.dev/jobs/supply-demand-broken-programming-education/) [comments] (https://www.reddit.com/r/programming/comments/1p5k8dl/supply_and_demand_are_broken_in_programming/)
Building Modern Databases with the FDAP Stack • Andrew Lamb & Olimpiu Pop
https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/
submitted by /u/goto-con (https://www.reddit.com/user/goto-con)
[link] (https://youtu.be/Gd-mhbiy8Vo?list=PLEx5khR4g7PJozVmHNpQTVrk1QRC7YaJu) [comments] (https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/)
https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/
submitted by /u/goto-con (https://www.reddit.com/user/goto-con)
[link] (https://youtu.be/Gd-mhbiy8Vo?list=PLEx5khR4g7PJozVmHNpQTVrk1QRC7YaJu) [comments] (https://www.reddit.com/r/programming/comments/1p5lejy/building_modern_databases_with_the_fdap_stack/)
Backend-driven SwiftUI
https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/
submitted by /u/jacobs-tech-tavern (https://www.reddit.com/user/jacobs-tech-tavern)
[link] (https://blog.jacobstechtavern.com/p/backend-driven-swiftui) [comments] (https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/)
https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/
submitted by /u/jacobs-tech-tavern (https://www.reddit.com/user/jacobs-tech-tavern)
[link] (https://blog.jacobstechtavern.com/p/backend-driven-swiftui) [comments] (https://www.reddit.com/r/programming/comments/1p5lfwh/backenddriven_swiftui/)
Why Electronic Voting is a BAD Idea - Why you can't program your way to election integrity
https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/
submitted by /u/grauenwolf (https://www.reddit.com/user/grauenwolf)
[link] (https://www.youtube.com/watch?v=w3_0x6oaDmI) [comments] (https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/)
https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/
submitted by /u/grauenwolf (https://www.reddit.com/user/grauenwolf)
[link] (https://www.youtube.com/watch?v=w3_0x6oaDmI) [comments] (https://www.reddit.com/r/programming/comments/1p5m5n2/why_electronic_voting_is_a_bad_idea_why_you_cant/)
Build a Compiler in Five Projects
https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/
submitted by /u/azhenley (https://www.reddit.com/user/azhenley)
[link] (https://kmicinski.com/functional-programming/2025/11/23/build-a-language/) [comments] (https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/)
https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/
submitted by /u/azhenley (https://www.reddit.com/user/azhenley)
[link] (https://kmicinski.com/functional-programming/2025/11/23/build-a-language/) [comments] (https://www.reddit.com/r/programming/comments/1p5op5t/build_a_compiler_in_five_projects/)
Evolution of Rust compiler errors
https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html) [comments] (https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/)
https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/
submitted by /u/Active-Fuel-49 (https://www.reddit.com/user/Active-Fuel-49)
[link] (https://kobzol.github.io/rust/rustc/2025/05/16/evolution-of-rustc-errors.html) [comments] (https://www.reddit.com/r/programming/comments/1p5swj8/evolution_of_rust_compiler_errors/)
How I resolved the golang struct field name conundrum
https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/
<!-- SC_OFF -->I explain a few methods to retrieve a struct field name, going from a runtime to a code generation solutions.
I wonder, how do you resolve this challenge in your language of choice ? <!-- SC_ON --> submitted by /u/Turbulent_Zone157 (https://www.reddit.com/user/Turbulent_Zone157)
[link] (https://alvarolm.github.io/named) [comments] (https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/)
https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/
<!-- SC_OFF -->I explain a few methods to retrieve a struct field name, going from a runtime to a code generation solutions.
I wonder, how do you resolve this challenge in your language of choice ? <!-- SC_ON --> submitted by /u/Turbulent_Zone157 (https://www.reddit.com/user/Turbulent_Zone157)
[link] (https://alvarolm.github.io/named) [comments] (https://www.reddit.com/r/programming/comments/1p5t024/how_i_resolved_the_golang_struct_field_name/)
Misunderstanding that “Dependency” comic
https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/
submitted by /u/radarvan07 (https://www.reddit.com/user/radarvan07)
[link] (https://bertptrs.nl/2025/11/24/misunderstanding-that-dependency-comic.html) [comments] (https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/)
https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/
submitted by /u/radarvan07 (https://www.reddit.com/user/radarvan07)
[link] (https://bertptrs.nl/2025/11/24/misunderstanding-that-dependency-comic.html) [comments] (https://www.reddit.com/r/programming/comments/1p5u95a/misunderstanding_that_dependency_comic/)
A million ways to die from a data race in Go
https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/
submitted by /u/broken_broken_ (https://www.reddit.com/user/broken_broken_)
[link] (https://gaultier.github.io/blog/a_million_ways_to_data_race_in_go.html) [comments] (https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/)
https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/
submitted by /u/broken_broken_ (https://www.reddit.com/user/broken_broken_)
[link] (https://gaultier.github.io/blog/a_million_ways_to_data_race_in_go.html) [comments] (https://www.reddit.com/r/programming/comments/1p65upq/a_million_ways_to_die_from_a_data_race_in_go/)
Notes from building a B+Tree storage engine in .NET — design trade-offs and unexpected challenges
https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/
<!-- SC_OFF -->I’ve been exploring B+Tree implementations recently and decided to build a small storage engine in .NET as a way to understand the lower-level behavior of on-disk indexing structures. I wanted to share some of the interesting technical challenges I ran into — in case others find the internals fun to think about. Some of the more interesting aspects were: • Page layout decisions
Choosing the right fixed-size page format ended up being more subtle than expected. Even small choices (header size, key encoding, how much space to reserve for split operations) had major downstream effects on fragmentation and insert performance. • Handling node splits efficiently
B+Tree splits are straightforward in memory, but on disk the cost model is very different. Ensuring minimal writes and predictable locality forced me to rethink a few “textbook” algorithms. • Concurrency vs. simplicity
I experimented with optimistic vs. coarse-grained locking. Even implementing a read-optimized path required careful handling of pointer updates during splits. • Crash-safety without a full WAL
One interesting constraint was trying to maintain reasonable crash-safety guarantees without embedding a full write-ahead log. Page write ordering and atomic metadata updates become tricky puzzles. • Benchmarking surprises
Some operations that I expected to be expensive (like sequential inserts) performed far better than random inserts, even after caching. A few caching heuristics ended up mattering much more than raw structure layout. If anyone wants to look deeper into the implementation details (purely from an educational/technical standpoint), the code is available on NuGet:
https://www.nuget.org/packages/BTreePlus
(Sharing only as reference material — not asking for feedback or promoting anything.) Always happy to discuss data-structure internals or hear how others have approached similar problems. <!-- SC_ON --> submitted by /u/Tasty_Oven_779 (https://www.reddit.com/user/Tasty_Oven_779)
[link] (https://www.nuget.org/packages/BTreePlus) [comments] (https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/)
https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/
<!-- SC_OFF -->I’ve been exploring B+Tree implementations recently and decided to build a small storage engine in .NET as a way to understand the lower-level behavior of on-disk indexing structures. I wanted to share some of the interesting technical challenges I ran into — in case others find the internals fun to think about. Some of the more interesting aspects were: • Page layout decisions
Choosing the right fixed-size page format ended up being more subtle than expected. Even small choices (header size, key encoding, how much space to reserve for split operations) had major downstream effects on fragmentation and insert performance. • Handling node splits efficiently
B+Tree splits are straightforward in memory, but on disk the cost model is very different. Ensuring minimal writes and predictable locality forced me to rethink a few “textbook” algorithms. • Concurrency vs. simplicity
I experimented with optimistic vs. coarse-grained locking. Even implementing a read-optimized path required careful handling of pointer updates during splits. • Crash-safety without a full WAL
One interesting constraint was trying to maintain reasonable crash-safety guarantees without embedding a full write-ahead log. Page write ordering and atomic metadata updates become tricky puzzles. • Benchmarking surprises
Some operations that I expected to be expensive (like sequential inserts) performed far better than random inserts, even after caching. A few caching heuristics ended up mattering much more than raw structure layout. If anyone wants to look deeper into the implementation details (purely from an educational/technical standpoint), the code is available on NuGet:
https://www.nuget.org/packages/BTreePlus
(Sharing only as reference material — not asking for feedback or promoting anything.) Always happy to discuss data-structure internals or hear how others have approached similar problems. <!-- SC_ON --> submitted by /u/Tasty_Oven_779 (https://www.reddit.com/user/Tasty_Oven_779)
[link] (https://www.nuget.org/packages/BTreePlus) [comments] (https://www.reddit.com/r/programming/comments/1p6blny/notes_from_building_a_btree_storage_engine_in_net/)
Everything you should know about confidential computing
https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/
submitted by /u/danielrothmann (https://www.reddit.com/user/danielrothmann)
[link] (https://blog.42futures.com/p/confidential-computing) [comments] (https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/)
https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/
submitted by /u/danielrothmann (https://www.reddit.com/user/danielrothmann)
[link] (https://blog.42futures.com/p/confidential-computing) [comments] (https://www.reddit.com/r/programming/comments/1p6bxax/everything_you_should_know_about_confidential/)
MUM-based hash functions
https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/
submitted by /u/compilersarefun (https://www.reddit.com/user/compilersarefun)
[link] (https://vnmakarov.github.io/performance/optimization/2025/11/25/mum-based-hash-functions.html) [comments] (https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/)
https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/
submitted by /u/compilersarefun (https://www.reddit.com/user/compilersarefun)
[link] (https://vnmakarov.github.io/performance/optimization/2025/11/25/mum-based-hash-functions.html) [comments] (https://www.reddit.com/r/programming/comments/1p6c4j6/mumbased_hash_functions/)
How NimbleParsec Works And Why I Would Choose It Again!
https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/
<!-- SC_OFF -->This one is for the elixir devs out there! <!-- SC_ON --> submitted by /u/AltruisticPrimary34 (https://www.reddit.com/user/AltruisticPrimary34)
[link] (https://revelry.co/insights/development/elixir/nimbleparsec/) [comments] (https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/)
https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/
<!-- SC_OFF -->This one is for the elixir devs out there! <!-- SC_ON --> submitted by /u/AltruisticPrimary34 (https://www.reddit.com/user/AltruisticPrimary34)
[link] (https://revelry.co/insights/development/elixir/nimbleparsec/) [comments] (https://www.reddit.com/r/programming/comments/1p6hw26/how_nimbleparsec_works_and_why_i_would_choose_it/)
What Actually Makes You Senior
https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/
submitted by /u/Acceptable-Courage-9 (https://www.reddit.com/user/Acceptable-Courage-9)
[link] (https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/) [comments] (https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/)
https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/
submitted by /u/Acceptable-Courage-9 (https://www.reddit.com/user/Acceptable-Courage-9)
[link] (https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/) [comments] (https://www.reddit.com/r/programming/comments/1p6iql6/what_actually_makes_you_senior/)
System Design Interview: Design Twitter/X Timeline - A Frontend Deep Dive
https://www.reddit.com/r/programming/comments/1p6kt64/system_design_interview_design_twitterx_timeline/
submitted by /u/sdxyz42 (https://www.reddit.com/user/sdxyz42)
[link] (https://newsletter.systemdesign.one/p/system-design-interview-twitter) [comments] (https://www.reddit.com/r/programming/comments/1p6kt64/system_design_interview_design_twitterx_timeline/)
https://www.reddit.com/r/programming/comments/1p6kt64/system_design_interview_design_twitterx_timeline/
submitted by /u/sdxyz42 (https://www.reddit.com/user/sdxyz42)
[link] (https://newsletter.systemdesign.one/p/system-design-interview-twitter) [comments] (https://www.reddit.com/r/programming/comments/1p6kt64/system_design_interview_design_twitterx_timeline/)
VGG19 Transfer Learning Explained for Beginners
https://www.reddit.com/r/programming/comments/1p6lhiz/vgg19_transfer_learning_explained_for_beginners/
<!-- SC_OFF -->For anyone studying transfer learning and VGG19 for image classification, this tutorial walks through a complete example using an aircraft images dataset. It explains why VGG19 is a suitable backbone for this task, how to adapt the final layers for a new set of aircraft classes, and demonstrates the full training and evaluation process step by step. written explanation with code: https://eranfeit.net/vgg19-transfer-learning-explained-for-beginners/ video explanation: https://youtu.be/exaEeDfbFuI?si=C0o88kE-UvtLEhBn This material is for educational purposes only, and thoughtful, constructive feedback is welcome. <!-- SC_ON --> submitted by /u/Feitgemel (https://www.reddit.com/user/Feitgemel)
[link] (https://eranfeit.net/vgg19-transfer-learning-explained-for-beginners/) [comments] (https://www.reddit.com/r/programming/comments/1p6lhiz/vgg19_transfer_learning_explained_for_beginners/)
https://www.reddit.com/r/programming/comments/1p6lhiz/vgg19_transfer_learning_explained_for_beginners/
<!-- SC_OFF -->For anyone studying transfer learning and VGG19 for image classification, this tutorial walks through a complete example using an aircraft images dataset. It explains why VGG19 is a suitable backbone for this task, how to adapt the final layers for a new set of aircraft classes, and demonstrates the full training and evaluation process step by step. written explanation with code: https://eranfeit.net/vgg19-transfer-learning-explained-for-beginners/ video explanation: https://youtu.be/exaEeDfbFuI?si=C0o88kE-UvtLEhBn This material is for educational purposes only, and thoughtful, constructive feedback is welcome. <!-- SC_ON --> submitted by /u/Feitgemel (https://www.reddit.com/user/Feitgemel)
[link] (https://eranfeit.net/vgg19-transfer-learning-explained-for-beginners/) [comments] (https://www.reddit.com/r/programming/comments/1p6lhiz/vgg19_transfer_learning_explained_for_beginners/)
Readonly Character Ranges in Editors Are a Big Deal
https://www.reddit.com/r/programming/comments/1p6ln0s/readonly_character_ranges_in_editors_are_a_big/
submitted by /u/alexeyr (https://www.reddit.com/user/alexeyr)
[link] (https://matklad.github.io/2025/11/10/readonly-characters.html) [comments] (https://www.reddit.com/r/programming/comments/1p6ln0s/readonly_character_ranges_in_editors_are_a_big/)
https://www.reddit.com/r/programming/comments/1p6ln0s/readonly_character_ranges_in_editors_are_a_big/
submitted by /u/alexeyr (https://www.reddit.com/user/alexeyr)
[link] (https://matklad.github.io/2025/11/10/readonly-characters.html) [comments] (https://www.reddit.com/r/programming/comments/1p6ln0s/readonly_character_ranges_in_editors_are_a_big/)
Chimera - an innovative (?) db interface
https://www.reddit.com/r/programming/comments/1p6ln5j/chimera_an_innovative_db_interface/
<!-- SC_OFF -->Today I’m sharing the first architectural preview of Chimera, a project I’ve been building in my free time to both explore system architecture and sharpen my modern C++ skills. Chimera is designed to simplify interaction with heterogeneous databases by offering a single, consistent interface for PostgreSQL, MongoDB, and Oracle. It currently provides: Autogenerated DAO classes from existing DB schemas A speculative in-memory model for each table/collection Multiple synchronization modes (sync, async, real-time) It is aimed to be used in two ways: - Embedded Mode (linked directly into a CSCI) - Hosted Server Mode (exposed via REST API) The goal is to reduce boilerplate, standardize data access, and make multi-DB environments easier to manage — especially in complex, high-reliability systems. I’m sharing the first architecture diagram below ⬇️ and I’d genuinely appreciate feedback, ideas, or constructive criticism. Your insights will help me guide its next steps while continuing to grow as a C++ engineer. Thanks in advance! Ps: At the moment the name is chimera for the Three Adapters, I shall find another mythical animal if I decide to add another one 😂 <!-- SC_ON --> submitted by /u/Altruistic_Pizza_766 (https://www.reddit.com/user/Altruistic_Pizza_766)
[link] (https://www.linkedin.com/posts/marco-pecorella-20b005183_cplusplus-softwarearchitecture-backend-activity-7399115638218240000-vTrn?utm_source=share&utm_medium=member_ios&rcm=ACoAACs_0usBleIFhb1GQ4bxucSy5eHFA94T4aY) [comments] (https://www.reddit.com/r/programming/comments/1p6ln5j/chimera_an_innovative_db_interface/)
https://www.reddit.com/r/programming/comments/1p6ln5j/chimera_an_innovative_db_interface/
<!-- SC_OFF -->Today I’m sharing the first architectural preview of Chimera, a project I’ve been building in my free time to both explore system architecture and sharpen my modern C++ skills. Chimera is designed to simplify interaction with heterogeneous databases by offering a single, consistent interface for PostgreSQL, MongoDB, and Oracle. It currently provides: Autogenerated DAO classes from existing DB schemas A speculative in-memory model for each table/collection Multiple synchronization modes (sync, async, real-time) It is aimed to be used in two ways: - Embedded Mode (linked directly into a CSCI) - Hosted Server Mode (exposed via REST API) The goal is to reduce boilerplate, standardize data access, and make multi-DB environments easier to manage — especially in complex, high-reliability systems. I’m sharing the first architecture diagram below ⬇️ and I’d genuinely appreciate feedback, ideas, or constructive criticism. Your insights will help me guide its next steps while continuing to grow as a C++ engineer. Thanks in advance! Ps: At the moment the name is chimera for the Three Adapters, I shall find another mythical animal if I decide to add another one 😂 <!-- SC_ON --> submitted by /u/Altruistic_Pizza_766 (https://www.reddit.com/user/Altruistic_Pizza_766)
[link] (https://www.linkedin.com/posts/marco-pecorella-20b005183_cplusplus-softwarearchitecture-backend-activity-7399115638218240000-vTrn?utm_source=share&utm_medium=member_ios&rcm=ACoAACs_0usBleIFhb1GQ4bxucSy5eHFA94T4aY) [comments] (https://www.reddit.com/r/programming/comments/1p6ln5j/chimera_an_innovative_db_interface/)