Today I was referred to: Unicode Utilities: Confusables.
Daily Archives: 2021-11-01 [Monday]
Unicode bidirectional override hack
Interesting: Security advisory for rustc (CVE-2021-42574).
As an example, the following snippet (with {U+NNNN} replaced with the Unicode codepoint NNNN):
if access_level != "user{U+202E} {U+2066}// Check if admin{U+2069} {U+2066}" {
...would be rendered by bidirectional-aware tools as:
if access_level != "user" { // Check if admin
Kevlin Henney
Catching up on my Kevlin Henney:
- Agility ≠ Speed – Kevlin Henney
- Refactoring to Immutability – Kevlin Henney
- Talking Architecture With Kevlin Henney
- ‘Declarative Thinking, Declarative Practice’ – Kevlin Henney [ ACCU 2016 ]
Some reading for later:
Surrogate Key and Natural Key
In Database Design 25 – Surrogate Key and Natural Key the presenter Caleb Curry agrees with my view that if you expose your surrogate keys they become natural keys. See around t=5:00.
Time To First Byte
This was suggested on #lobsters today:
$ curl -o /dev/null -w "Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} \n" https://www.progclub.org/
How To Design A Good API and Why it Matters
Today I watched: How To Design A Good API and Why it Matters. Good talk. Favourite quote:
Inheritance violates encapsulation
Oh, and I followed on with: A Brief, Opinionated History of the API wherein (t=28:14) Bloch says it’s an API if you can answer yes to both of these:
- Does it provide a set of operations defined by their inputs and outputs?
- Does it admit reimplementation without compromising its users?