214
I will send you newest post from subreddit /r/programming
Sign-in with Apple is failing intermittently with different flows but Apple is returning 🟢 status for all their services.
https://www.reddit.com/r/programming/comments/1mlhpdn/signin_with_apple_is_failing_intermittently_with/
<!-- SC_OFF -->Hi there! We have noticed that our OIDC integration with Sign-in with Apple started failing. Sometimes it fails in different parts of the user facing flow. But what's very concerning is that it is failing intermittently with 501s on getting JWT keys. Both their endpoints
* https://appleid.apple.com/auth/keys (more frequently it seems)
* https://account.apple.com/auth/keys (less frequently) Apple's services status is here: https://www.apple.com/uk/support/systemstatus/ <!-- SC_ON --> submitted by /u/TemporaryAfter4175 (https://www.reddit.com/user/TemporaryAfter4175)
[link] (https://www.apple.com/uk/support/systemstatus/) [comments] (https://www.reddit.com/r/programming/comments/1mlhpdn/signin_with_apple_is_failing_intermittently_with/)
Learn how to break while loop until limit reach #programming #javascipt
https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/
submitted by /u/Outrageous-Ask-2940 (https://www.reddit.com/user/Outrageous-Ask-2940)
[link] (https://youtube.com/shorts/0RMG0QwrNv8?si=mKuOCewUvBHNZHMI) [comments] (https://www.reddit.com/r/programming/comments/1mlgqhb/learn_how_to_break_while_loop_until_limit_reach/)
Moving Past Agile
https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/
<!-- SC_OFF -->I thinking a lot of us would love to move on from the current way projects are managed. Is borrowing some ideas from the past that Agile discounted a good idea? What would moving past Agile really look like and what would it take. Some thoughts on that (and maybe a surprising conclusion) in the video below. Disclosure: There is no AI content here. This is all just driving traffic to my channel because I want YouTube to believe in me as a person. <!-- SC_ON --> submitted by /u/stumblingtowards (https://www.reddit.com/user/stumblingtowards)
[link] (https://youtu.be/ZYMav7bsPU8) [comments] (https://www.reddit.com/r/programming/comments/1mlcmf7/moving_past_agile/)
Impartial Pipes: a partial functions PHP library for the upcoming pipe operator.
https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/
<!-- SC_OFF -->Hello, I was testing the upcoming pipe operator and it feels great. I only wished that the standard library of PHP was more up to the standard. So, I took the opportunity to fill the gap by creating a small library, probably the first of its kind. Any feedback is welcome. <!-- SC_ON --> submitted by /u/linepogl (https://www.reddit.com/user/linepogl)
[link] (https://github.com/linepogl/impartial-pipes) [comments] (https://www.reddit.com/r/programming/comments/1ml6qi3/impartial_pipes_a_partial_functions_php_library/)
Preventing ZIP parser confusion attacks on Python package installers
https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/) [comments] (https://www.reddit.com/r/programming/comments/1ml17on/preventing_zip_parser_confusion_attacks_on_python/)
Zero-day flaws in authentication, identity, authorization in HashiCorp Vault
https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/) [comments] (https://www.reddit.com/r/programming/comments/1ml15u1/zeroday_flaws_in_authentication_identity/)
More shell tricks: first class lists, jq, and the es shell
https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://alurm.github.io/blog/2025-08-07-first-class-lists-in-shells.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14kp/more_shell_tricks_first_class_lists_jq_and_the_es/)
Understanding not just Clojure's comp function by re-implementing it
https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.evalapply.org/posts/lessons-from-reimplementing-clojure-comp-function/index.html) [comments] (https://www.reddit.com/r/programming/comments/1ml113u/understanding_not_just_clojures_comp_function_by/)
Programming as Extended Cognition
https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://ieeexplore.ieee.org/document/11119124) [comments] (https://www.reddit.com/r/programming/comments/1ml10fe/programming_as_extended_cognition/)
What Is Popover=Hint?
https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://una.im/popover-hint/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zn8/what_is_popoverhint/)
Keep API work local: Why offline-first beats cloud-based tools
https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/
<!-- SC_OFF -->A gist of the article is that cloud-based API tools like Postman can expose your data, and leave you stuck when servers fail or docs lag (both actually happened multiple time in the recent period). Offline-first API workflows, on the other hand, offer much better security, efficiency, and more developer control. This isn’t about swearing off the cloud. You’ll still hit live endpoints for real requests. You'll host a bunch of things, as you should. But secrets and API Keys? You're really let a 3rd party cloud take care of those? I sure don't want to. <!-- SC_ON --> submitted by /u/kiselitza (https://www.reddit.com/user/kiselitza)
[link] (https://voiden.md/blog/offline-vs-cloud-based-api-tools) [comments] (https://www.reddit.com/r/programming/comments/1ml0lcd/keep_api_work_local_why_offlinefirst_beats/)
Matrix AI is a green Matrix-Style sleek desktop AI terminal assistant, launched via hotkey
https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/
<!-- SC_OFF -->Hi everyone, I'm excited to share a project I've been working on called Matrix AI. It's a visually striking terminal chat tool that pays homage to The Matrix while offering powerful features designed to enhance how developers interact with AI. Key Highlights: Immersive UI: A classic green character stream, typewriter-style output, and smooth window animations blend a vintage terminal feel with modern UI. Efficient Workflow: Use a global hotkey (double-tap Ctrl or Shift) to quickly summon the terminal, letting AI serve you without interrupting your flow. Powerful Backend: It supports any OpenAI-compatible API (like DeepSeek, Grok, Mistral, etc.) with asynchronous streaming and multi-turn context memory. This project is for anyone who loves the command line and wants a cooler, more efficient way to work with AI. I've released a Windows executable, so you can try it out directly. Your feedback is welcome! If you like the project, I'd appreciate a ⭐ star on GitHub. Project Link: https://github.com/ai-sns/matrixai <!-- SC_ON --> submitted by /u/Glad-Worldliness71 (https://www.reddit.com/user/Glad-Worldliness71)
[link] (https://github.com/ai-sns/matrixai) [comments] (https://www.reddit.com/r/programming/comments/1mkqxhr/matrix_ai_is_a_green_matrixstyle_sleek_desktop_ai/)
Does AI Actually Boost Developer Productivity? (100k Devs Study) - Yegor Denisov-Blanch, Stanford
https://www.reddit.com/r/programming/comments/1mkp3sn/does_ai_actually_boost_developer_productivity/
submitted by /u/Connect_Tear402 (https://www.reddit.com/user/Connect_Tear402)
[link] (https://www.youtube.com/watch?v=tbDDYKRFjhk) [comments] (https://www.reddit.com/r/programming/comments/1mkp3sn/does_ai_actually_boost_developer_productivity/)
Live coding sucks
https://www.reddit.com/r/programming/comments/1mkoecy/live_coding_sucks/
submitted by /u/Xadartt (https://www.reddit.com/user/Xadartt)
[link] (https://hadid.dev/posts/living-coding/) [comments] (https://www.reddit.com/r/programming/comments/1mkoecy/live_coding_sucks/)
How To Host A Meetup
https://www.reddit.com/r/programming/comments/1mkmy7e/how_to_host_a_meetup/
<!-- SC_OFF -->Since a lot of local programming meetups died during Covid and never came back up, I wrote an article with some tips for hosting your own meetup—hopefully this will inspire someone to start a new meetup group or resuscitate an old one. If you have any tips or suggestions for hosting a meetup, please share in the comments! <!-- SC_ON --> submitted by /u/JohnyTex (https://www.reddit.com/user/JohnyTex)
[link] (https://functionalsoftware.se/posts/how-to-host-a-meetup) [comments] (https://www.reddit.com/r/programming/comments/1mkmy7e/how_to_host_a_meetup/)
Designing AI Applications: Principles from Distributed Systems Applicable in a New AI World
https://www.reddit.com/r/programming/comments/1mlhmq7/designing_ai_applications_principles_from/
<!-- SC_OFF -->I published an article about making AI Applications reliable. What do you think about it? <!-- SC_ON --> submitted by /u/Historical_Wing_9573 (https://www.reddit.com/user/Historical_Wing_9573)
[link] (https://vitaliihonchar.com/insights/designing-ai-applications-principles-of-distributed-systems) [comments] (https://www.reddit.com/r/programming/comments/1mlhmq7/designing_ai_applications_principles_from/)
Run third-party tools inside Docker
https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/
<!-- SC_OFF -->If you are writing a new CLI tool, you should consider shipping it as a standalone binary, and there a long discussion on that last month (https://www.reddit.com/r/programming/comments/1lroey4/ship_tools_as_standalone_static_binaries/). But what if you are trying to use a tool? How should you ensure that the tool is not looking to steal your data from your machine? The risk is not even theoretical as even Amazon's FOSS code has been compromised (https://aws.amazon.com/security/security-bulletins/AWS-2025-015). Here's my suggesion, run third-party tools inside Docker. Ideally, with Internet access disabled. The tool will only access the data that's mounted onto the docker image. And usually, most tools don't need access to files outside the current directory. This drastically reduces the attack surface of third-party tools. <!-- SC_ON --> submitted by /u/ashishb_net (https://www.reddit.com/user/ashishb_net)
[link] (https://ashishb.net/programming/run-tools-inside-docker/) [comments] (https://www.reddit.com/r/programming/comments/1mlduze/run_thirdparty_tools_inside_docker/)
Help with json on website
https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/
<!-- SC_OFF -->It just won’t save…any ideas? I’m unable to post a photo but this is the code… { "@context": "https://schema.org/", "@type": "Product", "name": "{{ product.title }}", "description": "{{ product.description | strip_html | escape }}", "image": "{{ product.featured_image | img_url: 'original' | prepend: 'https:' }}", "url": "{{ shop.url }}{{ product.url }}", "sku": "{{ product.sku }}", "offers": { "@type": "Offer", "priceCurrency": "USD", "price": "{{ product.price | money_without_currency }}", "availability": "{% if product.available %}https://schema.org/InStock{% (https://schema.org/InStock%7B%25) else %}https://schema.org/OutOfStock{% (https://schema.org/OutOfStock%7B%25) endif %}", "itemCondition": "https://schema.org/NewCondition" }, "brand": { "@type": "Brand", "name": "Chloé Duncan" } } {% endschema %} <!-- SC_ON --> submitted by /u/hillsandstreams (https://www.reddit.com/user/hillsandstreams)
[link] (http://chloeduncangallery.com/) [comments] (https://www.reddit.com/r/programming/comments/1ml87f8/help_with_json_on_website/)
The how and why of GitHub to Codeberg
https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.arscyni.cc/file/codeberg.html) [comments] (https://www.reddit.com/r/programming/comments/1ml17py/the_how_and_why_of_github_to_codeberg/)
PEP 802 – Display Syntax for the Empty Set
https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://peps.python.org/pep-0802/) [comments] (https://www.reddit.com/r/programming/comments/1ml17j7/pep_802_display_syntax_for_the_empty_set/)
Writing a storage engine for Postgres: An in-memory table access method
https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://notes.eatonphil.com/2023-11-01-postgres-table-access-methods.html) [comments] (https://www.reddit.com/r/programming/comments/1ml14yy/writing_a_storage_engine_for_postgres_an_inmemory/)
Jepsen: Capela dda5892
https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://jepsen.io/analyses/capela-dda5892) [comments] (https://www.reddit.com/r/programming/comments/1ml114u/jepsen_capela_dda5892/)
Arenas in Rust
https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://russellw.github.io/arenas) [comments] (https://www.reddit.com/r/programming/comments/1ml10gt/arenas_in_rust/)
HTTP is not simple
https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://daniel.haxx.se/blog/2025/08/08/http-is-not-simple/) [comments] (https://www.reddit.com/r/programming/comments/1ml0zpd/http_is_not_simple/)
We shouldn’t have needed lockfiles
https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/
submitted by /u/wheybags (https://www.reddit.com/user/wheybags)
[link] (https://tonsky.me/blog/lockfiles/) [comments] (https://www.reddit.com/r/programming/comments/1ml0x4s/we_shouldnt_have_needed_lockfiles/)
How I made my embedding based model 95% accurate at classifying prompt attacks (only 0.4B params)
https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/
<!-- SC_OFF -->I’ve been building a few small defense models to sit between users and LLMs, that can flag whether an incoming user prompt is a prompt injection, jailbreak, context attack, etc. I'd started out this project with a ModernBERT model, but I found it hard to get it to classify tricky attack queries right, and moved to SLMs to improve performance. Now, I revisited this approach with contrastive learning and a larger dataset and created a new model. As it turns out, this iteration performs much better than the SLMs I previously fine-tuned. The final model is open source on HF and the code is in an easy-to-use package here: https://github.com/sarthakrastogi/rival Training pipeline - Data: I trained on a dataset of malicious prompts (like "Ignore previous instructions...") and benign ones (like "Explain photosynthesis"). 12,000 prompts in total. I generated this dataset with an LLM. I use ModernBERT-large (a 396M param model) for embeddings. I trained a small neural net to take these embeddings and predict whether the input is an attack or not (binary classification). I train it with a contrastive loss that pulls embeddings of benign samples together and pushes them away from malicious ones -- so the model also understands the semantic space of attacks. During inference, it runs on just the embedding plus head (no full LLM), which makes it fast enough for real-time filtering. The model is called Bhairava-0.4B. Model flow at runtime: User prompt comes in. Bhairava-0.4B embeds the prompt and classifies it as either safe or attack. If safe, it passes to the LLM. If flagged, you can log, block, or reroute the input. It's small (396M params) and optimised to sit inline before your main LLM without needing to run a full LLM for defense. On my test set, it's now able to classify 91% of the queries as attack/benign correctly, which makes me pretty satisfied, given the size of the model. Let me know how it goes if you try it in your stack. <!-- SC_ON --> submitted by /u/sarthakai (https://www.reddit.com/user/sarthakai)
[link] (https://github.com/sarthakrastogi/rival) [comments] (https://www.reddit.com/r/programming/comments/1mkrdqd/how_i_made_my_embedding_based_model_95_accurate/)
Broken Authorization Is the #1 Web App Security Risk — and Most of Us Are Still Hand-Rolling It
https://www.reddit.com/r/programming/comments/1mkqw6a/broken_authorization_is_the_1_web_app_security/
<!-- SC_OFF -->We interviewed Sohan Maheshwar (Lead Dev Advocate at AuthZed, ex-Amazon) for ShiftMag, and he didn’t mince words: “Just as you’d never build your own authentication, you shouldn’t be writing your own authorization code.” OWASP ranked broken authorization as the top web app security risk in 2024. Yet most teams still bake it in themselves — fine for small apps, a ticking time bomb at scale. Sohan also talks about: Why DevRel went from niche to essential in under a decade; AI’s “first wave” (debugging & augmentation) vs. the “next wave” (autonomous agents needing new infra + auth models) and the death of one-size-fits-all tooling. What’s your take — build your own authZ, or always use an external system? <!-- SC_ON --> submitted by /u/shift_devs (https://www.reddit.com/user/shift_devs)
[link] (https://shiftmag.dev/sohan-maheshwar-authorization-is-key-to-app-security-dont-get-it-wrong-4734/) [comments] (https://www.reddit.com/r/programming/comments/1mkqw6a/broken_authorization_is_the_1_web_app_security/)
Learn C by Building Projects – From FizzBuzz to Neural Networks!
https://www.reddit.com/r/programming/comments/1mkp1vu/learn_c_by_building_projects_from_fizzbuzz_to/
<!-- SC_OFF -->I've created a curated collection of small C projects designed to help you master core concepts through hands-on practice. 🌟 What’s Inside: Projects sorted by difficulty (⭐1 to ⭐5) Clear objectives for each project Diverse topics: Cryptography, graphics (SDL2), physics sims, data structures, OS internals, and more <!-- SC_ON --> submitted by /u/FraLindi (https://www.reddit.com/user/FraLindi)
[link] (https://github.com/mrparsing/C-Projects) [comments] (https://www.reddit.com/r/programming/comments/1mkp1vu/learn_c_by_building_projects_from_fizzbuzz_to/)
Building a Carbon and Price-Aware Kubernetes Scheduler
https://www.reddit.com/r/programming/comments/1mko3jg/building_a_carbon_and_priceaware_kubernetes/
submitted by /u/congolomera (https://www.reddit.com/user/congolomera)
[link] (davemasselink/building-a-carbon-and-price-aware-kubernetes-scheduler-f305cd3df0f1?source=friends_link&sk=6c662720d5a3758bf017bc870e823293" rel="nofollow">https://medium.com/@davemasselink/building-a-carbon-and-price-aware-kubernetes-scheduler-f305cd3df0f1?source=friends_link&sk=6c662720d5a3758bf017bc870e823293) [comments] (https://www.reddit.com/r/programming/comments/1mko3jg/building_a_carbon_and_priceaware_kubernetes/)
Scar - A language for easy concurrency, statically typed, with clean syntax
https://www.reddit.com/r/programming/comments/1mkhznb/scar_a_language_for_easy_concurrency_statically/
<!-- SC_OFF -->Because of the poor state of multithreading in Nim and the reliance on external libraries like Arraymancer for heavy numerical workloads (also the performance issues with boxed values due to ref object everywhere), I started writing a language from scratch, with built-in support for concurrency via parallel blocks (without macros) and a C backend, similar to Nim. Example: int glob_value = 0 float glob_value_2 = 0.0 parallel: glob_value = some_heavy_task() glob_value_2 = some_other_heavy_task() The idea is to make things like accessing shared memory concurrently a trivial process by automating the generation of thread synchronization code. Also there are parallel fors, like so: parallel for x = 1 to 5: print "x = %d" | x parallel for y = 10 to 20: print "y = %d" | y sleep 0.1 print "Nested parallel for loop completed." It is not ready for use at all currently, though will likely see further development until it is. <!-- SC_ON --> submitted by /u/god1235414 (https://www.reddit.com/user/god1235414)
[link] (https://github.com/navid-m/scar) [comments] (https://www.reddit.com/r/programming/comments/1mkhznb/scar_a_language_for_easy_concurrency_statically/)