I'm slowly making my way through a 8 thousand line python addition to #inkscape's #python library for parsing text and font elements in #svg properly. It's important and useful, but it's also a lot.
I'm not sure how to say "please run pylint over your code because my eyes hurt trying to read this". without sounding like an ungrateful jerk. 😅
=== applies much more reasonable behavior for operands of different types, mainly by not coercing them together like == does.
A lot of developers will tell you to learn the rules of coercion and use it when appropriate, however I disagree for one key reason. Consider this example:
if (foo == bar) {
doSomething();
}
Question: Did the developer mean to use ==? Is the coercion intended or a typo?
It's incredibly difficult to know with any amount of certainty as this depends on the types and semantics of foo and bar.
If I was writing this intentionally, I would feel compelled to write a several line comment about how coercion behavior applies here in a desirable way. And if you need to write that much explanation, it would be much less confusing to actually codify the desired behavior with === and explicit type checks so devs don't have to understand that coercion.
#FOSS offers companies a good deal: Great, cheap software that can be used in all sorts of products and projects. But of course you can't just outsource the responsibility because it's maintained by some random person in Nebraska.
So I have a question for software #developers working in small and medium sized companies (big companies can pay themselves AND leave money for maintainers):
Would your company be interested in crowd-funded #codereviews of the FOSS projects you are using?
I just realized, before I know it, we'll be hitting 20 years of @reviewboard Man, do I feel old.
It's hard to imagine it now, but #codereview wasn't really a thing when we built this. There were a couple expensive enterprise tools, but #GitHub? Pull requests? They didn't exist.
We had to solve a lot of problems that didn't have readily-made solutions, like:
💡 Tip: Use Review Board's image and document review to review the other parts of your project. We'll even show you diffs of your #PDF documents and presentations!
EdgeVPN.io is an evolution of the IP-over-P2P (IPOP) project. IPOP started as an IP-based peer-to-peer overlay targeting personal devices, and over time the architecture evolved to adopt various standards, support centralized user/group management, and incorporate software-defined networking, culminating in the current architecture, tailored for research and development in nascent edge computing applications.
...
EdgeVPNio is a research project to build networking for the fog, spanning the network continuum from the cloud to its edge. It builds networking cyber-infrastructure which supports emerging IoT era applications.
Looks like this one might be a bit of fun for #p2p people, or i suppose #DistributedSystems people generally. No prior experience reviewing for JOSS is required, experience with Python is required, and some experience with the topic area is preferred. Don't be shy! If you've never done open review before, JOSS is a great place to start. It's a really good way to learn by teaching (or learn by reading!) in a collaborative context. You can reply here or on the pre-review issue to volunteer :)
edit: would love to have some infosec people on this one! even and especially if you are not in academia :)
Petit changement dans le programme : suite à l'indisponibilité d'une conférencière, nous avons proposé à un autre binôme de présenter un sujet sur la Revue de code !
Merci à Lydie FROMONT et Florent Torregrosa d'avoir accepté ce petit changement 😘
You'll be working with another reviewer to read and run the code, make sure it fills a basic checklist which usually only takes a few hours, and beyond that whatever youd like to focus on. Both of these are collaborative review processes where the goal is to help these packages be usable, well documented, and maintainable for the overall health of free scientific software.
Its fun, I promise! Happy to answer questions and boosts welcome.
Edit: feel free to volunteer as a reply here, DM me, or commenting on those issues! Anyone is welcome! Some experience with the language required, but other than that I can coach you through the rest.
Anyone up for a little light #CodeReview? Glitch has an option to show boosts in the local TL, which I think is lovely for small instances like ours, it really helps new ppl get oriented in the fedi. The problem is public feeds dont filter duplicate boosts in the same way that home feeds do, so you end up seeing the same boost lots of time.
I wrote a patch to only show the most recent boost in public TLs, but since I am a relative noob with postgres, SQL, and rails, and since it touches core feed functionality id love it if someone took a look before we deploy on our instance (after some field testing we'll pull upstream). I tried to make it as contained as I could so other masto forks could merge it in too, if ya interested.
We discovered a vulnerability in-house allowing users with legitimate access to a server to craft a specific API request to fetch diff content they don't have permission to see.
As we wrap up 2023, let's take a look back at the different topics we covered in our technical #blog this year.
Our #VulnerabilityResearch series expanded with some new writeups and coordinated disclosure advisories. We also provided practical advice and tooling to aid security researchers in effective #CodeReview using #Semgrep. There’s more in store on this topic: stay tuned for the latest updates.
While #AI can be a powerful tool for software development and code review, we believe it must be integrated responsibly, with great care and appreciation for people's data, IP, and #privacy.
We strive to put people first. Future AI features will emphasize:
Full user control and opt-in
Transparency around data use
Enhancing, not replacing, human expertise
Read our AI Ethics Policy to learn more. It's our promise to you.
I feel like I’ve tested everything, so there must be some edge case, I’m not seeing.
It is simple C#, ready to pull and run, with xunit tests in place. My personal input, and the task description is in there as well, so everything is readily available for anyone to pick up and chime in 😊
Did you know that when you view a toot that originated on another server, you don't see all of the toots replies?
You will only see replies that would have, basically, shown up in your federated timeline (posted by someone whom someone on your server follows).
I created a PR on Sep 13 to address this and display an information message that allows you to easily click through to the original server to see all of the replies, much like with profiles etc.
#curl 8.5.0 will ship a fix for a #vulnerability I discovered – this is the 26th vulnerability I’ve found in the project. Yet, I must again emphasize my firm belief that curl is an extremely robust project: none of the issues I’ve found have been high or critical severity ones. Most of the issues have been in the application logic, and logic flaws is one of the last class of vulnerabilities that automation struggles to find. Even #fuzzing struggles, if the impact of the vulnerability isn’t an out of bound memory access (and thus crash), or if the interaction is a complex one. There is no easy way out with logical flaws: Vigilance and manual #codereview are the only remedies that really work. Someday #machinelearning and similar technologies are likely to reach a level that they could perform some of these task – however for now this is one of the very few areas that automation haven't been able to touch.