/dev/zine

# The beauty of CGI and simple design

I see people making the same mistake with tools like Kubernetes. Many, if not most stacks, simply don’t need it… and those that do pay the price for all the overhead and brittleness.

# Better structured concurrency for Go

conc is your toolbelt for structured concurrency in go, making common tasks easier and safer.

Nice package from Sourcegraph.

# SQLite 2022 Recap

New features

-> and ->> operators on JSON

RIGHT and FULL OUTER JOIN

Compiling to WASM

The sqlite3_error_offset() C-language interface for better error reporting

The recovery extension

IS DISTINCT FROM and IS NOT DISTINCT FROM operators.

unixepoch() and format() SQL functions

# Color Formats in CSS

Nice introduction into CSS color formats by Joshua Comeau. I learned about the upcoming lch():

LCH is a color format that aims to be perceptually uniform to humans. Two colors with an equivalent “lightness” value should feel equally light!

Looks great!

Also, TIL about that rgb(r g b / a) thing I’ve seen a few times:

For most of CSS’ existence, we specified RGB colors using a slightly different syntax.

This changed in CSS Colors level 4, which introduces a standardized notation used across newer color formats. rgba() isn’t explicitly deprecated, but it’s recommended to use the newer format (fortunately, browser support is excellent).

# ReDoS ”vulnerabilities“ and misaligned incentives

TL;DR: ReDoS “vulnerabilities” are, overwhelmingly, indistinguishable from malicious noise:

1. They exist primarily because of misaligned incentives in the security reporting and vulnerability reporting ecosystems (and industries);

2. The risk they pose is extremely context sensitive and does not align with their ridiculous “severity” scores;

3. They produce security fatigue in the very engineers they’re meant to help, and effectively represent their own denial of service against timely resolution of actual vulnerabilities.

I agree with this.

While it would be nice to switch everything to non-backtracking regular expressions, most cases of ReDOS don’t cause major security issues.

This is also a problem with the industry in general, as various vulnerability scanners are full of useless noise.

# 2022 was the year of Linux on the Desktop

Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.

Based on 2022 StackOverflow developer survey, of course.

# How I still use Flash in 2022

When Adobe killed Flash Player in 2020, I didn’t want my Flash games to disappear forever.
[…]
The way forward was obvious; I’d have to make my own Flash player.

A fairly detailed description of how a game developer converted Flash games to run natively.

Love this bit:

Although I developed the game mostly on my Mac, during development Apple invented this thing called “Notarization” where if you run any app on a new version of MacOS, it’ll make a network request to Apple to ask if the app’s developer pays Apple a yearly fee.

# Canvas Confetti

A fun library for making confetti blasts with JavaScript.

# Pixel Accurate Atkinson Dithering for Images in HTML

I have [al]ways liked the look of images processed with Atkinson Dithering, the algorithm used in the original Apple Macintosh.

Looks very nice, indeed. The author provides a custom HTML element implementing it.

# Zig TLS 1.3 stack

Andrew Kelley:

Next, this branch introduces TLS 1.3 support to the Zig standard library. So far, this implementation does not heap allocate under any conditions and it is my goal to keep it that way.

Nice!