Weekly developer news – January 5th 2018

So, welcome to the 14th edition of developer news, and the first one for 2018.

Thanks to everyone who has participated and given feedback on this weekly post. I’m continuing this now in the new year and hope it’s a good summary of key dev news for the week.

1 : CPU Security / Project Zero

So, it’s pretty hard to miss the findings from Google’s Project Zero this week. For those that don’t know they basically found a pretty serious CPU design flaw that allowed system memory data that should have been inaccessible to be leaked.

This is clearly a pretty serious flaw which has people concerned. What also concerns people is that the fix for this security issue could have performance implications, with applications taking a performance hit between 5% and 30% depending on the workload.

There has been lots of coverage, technical detail and fallout from this. Here are the key articles I recommend if you want to learn more

Google summary post – what you need to know

Writeup by the register on Linux & Windows implications.

Press release from Intel regarding fixes for this

2: Fingerprinting text with zero width characters

OK, not strictly dev related, but for a bit of relief from CPU security and performance issues, this second item is an interesting piece that has been pretty popular in dev communities, pointing out how zero width characters can be used to fingerprint pieces of text, with no noticeable impact to the reader.

Something to think about when talking about text encoding!

Checkout the article here.

3 : Clang in browser

Another item that has been shared a lot amongst devs this week is a demo of running Clang in the browser.

If you don’t know what that means, basically it allows compilation of C++ code to WebAssembly, which can then be run in the browser. And it is this compilation step itself that is also running in-browser.

Previously to do something like this, you had to use a tool like Emscripten and compile the C++ code to JS on your machine before running in the browser, so it’s pretty impressive to see this whole process move client-side.

4 : When testing misses the mark

I wanted to finish off this first post of the year highlighting an article illustrating when testing isn’t enough, where it can miss issues.

It’s a detailed breakdown of what caused the developer of ConTabs to ship a new version with the headline feature broken.

For me, I think it’s really great that a developer is willing to share their experience with releasing code that didn’t work as intended. Many developers aren’t willing to do this level of self analysis, often for fear of blame within their organisation, so it’s great to see more developers doing this, and sharing their findings for others to learn from too.

No matter how experienced we are, we never release perfect code all the time. And that’s fine!

Checkout the article here.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Leave a Reply