214
I will send you newest post from subreddit /r/programming
Simon Willison on Technical Blogging
https://www.reddit.com/r/programming/comments/1qeo9gx/simon_willison_on_technical_blogging/
<!-- SC_OFF -->Simon shares how he got into blogging, the blogs he enjoys reading, and his tips for others <!-- SC_ON --> submitted by /u/swdevtest (https://www.reddit.com/user/swdevtest)
[link] (https://writethatblog.substack.com/p/simon-willison-on-technical-blogging) [comments] (https://www.reddit.com/r/programming/comments/1qeo9gx/simon_willison_on_technical_blogging/)
You can’t control what you can’t see: cost visibility in growing organizations
https://www.reddit.com/r/programming/comments/1qeizln/you_cant_control_what_you_cant_see_cost/
submitted by /u/justanotherdevblog (https://www.reddit.com/user/justanotherdevblog)
[link] (https://justanotherdevblog.com/2026/01/14/you-cant-control-what-you-cant-see-cost-visibility-in-growing-organizations/) [comments] (https://www.reddit.com/r/programming/comments/1qeizln/you_cant_control_what_you_cant_see_cost/)
[link] (https://www.youtube.com/watch?v=bqtqltqcQhw) [comments] (https://www.reddit.com/r/programming/comments/1qeho0v/if_you_have_ever_seen_beautiful_cgi_simulations/)
Читать полностью…
The way I run standup meetings by Marc G Gauthier
https://www.reddit.com/r/programming/comments/1qegncf/the_way_i_run_standup_meetings_by_marc_g_gauthier/
submitted by /u/RevillWeb (https://www.reddit.com/user/RevillWeb)
[link] (https://marcgg.com/blog/2024/11/20/standup/) [comments] (https://www.reddit.com/r/programming/comments/1qegncf/the_way_i_run_standup_meetings_by_marc_g_gauthier/)
Hands-On Introduction to Unikernels
https://www.reddit.com/r/programming/comments/1qef1xn/handson_introduction_to_unikernels/
submitted by /u/iximiuz (https://www.reddit.com/user/iximiuz)
[link] (https://labs.iximiuz.com/tutorials/unikernels-intro-93976514) [comments] (https://www.reddit.com/r/programming/comments/1qef1xn/handson_introduction_to_unikernels/)
Introducing flask-gae-logging, for a better DX when building Flask apps in Google AppEngine
https://www.reddit.com/r/programming/comments/1qebq14/introducing_flaskgaelogging_for_a_better_dx_when/
<!-- SC_OFF -->Hey everyone, I've been working with Flask on Google App Engine (GAE) and found the logging experience a bit annoying. After transition in Python3, the lack of clear, structured logging and severity propagation across the request lifecycle was a major pain point. So, I decided to create a custom Cloud Logging handler specifically for Flask apps deployed on GAE. ✨ Introducing FlaskGAEMaxLogLevelPropagateHandler with flask-gae-logging package! ✨ This handler groups logs from the same request lifecycle and ensures the highest log level is propagated consistently. If you've been pulling your hair out trying to get clean, organized logs on GAE, this might just save your sanity. Key Features: Grouping of logs within the same request lifecycle. Propagation of the maximum log level. Easy integration with your existing Flask app. Some extra, nice-to-have, log filters for GAE. I’ve written an article detailing how it works and how you can integrate it into your project. Would love to hear your thoughts, feedback, or any other logging pain points you’ve encountered on GAE with Flask! 🔗 Check out the article: https://medium.com/gitconnected/flask-logging-in-google-app-engine-is-not-a-nightmare-anymore-with-flask-gae-logging-962979738ea6 🔗 GitHub Repo: https://github.com/trebbble/flask-gae-logging Happy coding! 🚀 <!-- SC_ON --> submitted by /u/SearchMobile6431 (https://www.reddit.com/user/SearchMobile6431)
[link] (https://medium.com/gitconnected/flask-logging-in-google-app-engine-is-not-a-nightmare-anymore-with-flask-gae-logging-962979738ea6) [comments] (https://www.reddit.com/r/programming/comments/1qebq14/introducing_flaskgaelogging_for_a_better_dx_when/)
Newer AI Coding Assistants Are Failing in Insidious Ways
https://www.reddit.com/r/programming/comments/1qdv6h0/newer_ai_coding_assistants_are_failing_in/
submitted by /u/CackleRooster (https://www.reddit.com/user/CackleRooster)
[link] (https://spectrum.ieee.org/ai-coding-degrades) [comments] (https://www.reddit.com/r/programming/comments/1qdv6h0/newer_ai_coding_assistants_are_failing_in/)
Software Development Waste
https://www.reddit.com/r/programming/comments/1qdredf/software_development_waste/
submitted by /u/milanm08 (https://www.reddit.com/user/milanm08)
[link] (https://newsletter.techworld-with-milan.com/p/software-development-waste) [comments] (https://www.reddit.com/r/programming/comments/1qdredf/software_development_waste/)
We maintain a blocklist of sensitive headers that get stripped automatically: javascript const SENSITIVE = ["authorization", "cookie", "set-cookie", "x-api-key"]; const safeHeaders = Object.fromEntries( Object.entries(original).filter(([k]) => !SENSITIVE.includes(k.toLowerCase())) ); 8. Hot-reloading without losing state Platform-as-a-Service environments treat configs as immutable. But restarting just to rotate an API key drops all SSE connections. We implemented a polling loop that reads config every 5 seconds. The tricky part is reconciliation: If urlCount increases from 3→5: generate 2 new webhook IDs If urlCount decreases from 5→3: don't delete existing IDs (prevents data loss) Auth key changes take effect immediately without restart 9. Self-healing bootstrap for corrupted configs If a user manually edits the JSON config and breaks the syntax, the server shouldn't crash in a loop. The fix: On startup, we detect parse errors and auto-recover: javascript try { config = JSON.parse(await readFile("INPUT.json")); } catch { console.warn("Corrupt config detected. Restoring defaults..."); await rename("INPUT.json", "INPUT.json.bak"); await writeFile("INPUT.json", JSON.stringify(defaults)); config = defaults; } The app always starts, and the user gets a clear warning. TL;DR: The "easy" parts of building a real-time webhook service are actually full of edge cases—especially around proxies, security, and memory management. Happy to discuss any of these patterns in detail. Source code (https://github.com/ar27111994/webhook-debugger-logger) if you want to see the implementations. <!-- SC_ON --> submitted by /u/ar27111994 (https://www.reddit.com/user/ar27111994)
[link] (https://github.com/ar27111994/webhook-debugger-logger) [comments] (https://www.reddit.com/r/programming/comments/1qdof8e/the_surprisingly_tricky_parts_of_building_a/)
Cursor CEO Built a Browser using AI, but Does It Really Work?
https://www.reddit.com/r/programming/comments/1qdo9r3/cursor_ceo_built_a_browser_using_ai_but_does_it/
submitted by /u/ImpressiveContest283 (https://www.reddit.com/user/ImpressiveContest283)
[link] (https://www.finalroundai.com/blog/cursor-ceo-browser-made-using-ai) [comments] (https://www.reddit.com/r/programming/comments/1qdo9r3/cursor_ceo_built_a_browser_using_ai_but_does_it/)
Catching API regressions with snapshot testing
https://www.reddit.com/r/programming/comments/1qdnj1f/catching_api_regressions_with_snapshot_testing/
submitted by /u/mallenspach (https://www.reddit.com/user/mallenspach)
[link] (https://kreya.app/blog/api-snapshot-testing/) [comments] (https://www.reddit.com/r/programming/comments/1qdnj1f/catching_api_regressions_with_snapshot_testing/)
Why forcing a developer to take time off actually helped
https://www.reddit.com/r/programming/comments/1qdj4jh/why_forcing_a_developer_to_take_time_off_actually/
submitted by /u/dymissy (https://www.reddit.com/user/dymissy)
[link] (https://leadthroughmistakes.substack.com/p/when-the-right-call-is-to-stop-the) [comments] (https://www.reddit.com/r/programming/comments/1qdj4jh/why_forcing_a_developer_to_take_time_off_actually/)
Programmer in Wonderland
https://www.reddit.com/r/programming/comments/1qdglkv/programmer_in_wonderland/
<!-- SC_OFF -->Hey Devs, Do not become The Lost Programmer in the bottomless ocean of software abstractions, especially with the recent advent of AI-driven hype; instead, focus on the fundamentals, make the magic go away and become A Great One! <!-- SC_ON --> submitted by /u/BinaryIgor (https://www.reddit.com/user/BinaryIgor)
[link] (https://binaryigor.com/programmer-in-wonderland.html) [comments] (https://www.reddit.com/r/programming/comments/1qdglkv/programmer_in_wonderland/)
Alternatives to MinIO for single-node local S3
https://www.reddit.com/r/programming/comments/1qde8c9/alternatives_to_minio_for_singlenode_local_s3/
submitted by /u/rmoff (https://www.reddit.com/user/rmoff)
[link] (https://rmoff.net/2026/01/14/alternatives-to-minio-for-single-node-local-s3/) [comments] (https://www.reddit.com/r/programming/comments/1qde8c9/alternatives_to_minio_for_singlenode_local_s3/)
Quick Fix Archaeology - 3 famous hacks that changed the world
https://www.reddit.com/r/programming/comments/1qd8mj4/quick_fix_archaeology_3_famous_hacks_that_changed/
submitted by /u/damian2000 (https://www.reddit.com/user/damian2000)
[link] (https://www.dodgycoder.net/2026/01/quick-fix-archaeology-3-famous-hacks-that-changed-the-world.html) [comments] (https://www.reddit.com/r/programming/comments/1qd8mj4/quick_fix_archaeology_3_famous_hacks_that_changed/)
How to make a Blog
https://www.reddit.com/r/programming/comments/1qelrri/how_to_make_a_blog/
<!-- SC_OFF -->Using make and pandoc instead of your typical static site generator to build a blog. <!-- SC_ON --> submitted by /u/erikwasunavailable (https://www.reddit.com/user/erikwasunavailable)
[link] (https://blog.erikwastaken.dev/posts/2026-01-16-how-to-make-a-blog.html) [comments] (https://www.reddit.com/r/programming/comments/1qelrri/how_to_make_a_blog/)
The Astro Technology Company joins Cloudflare | Astro
https://www.reddit.com/r/programming/comments/1qeilrk/the_astro_technology_company_joins_cloudflare/
submitted by /u/ReallySuperName (https://www.reddit.com/user/ReallySuperName)
[link] (https://astro.build/blog/joining-cloudflare/) [comments] (https://www.reddit.com/r/programming/comments/1qeilrk/the_astro_technology_company_joins_cloudflare/)
If You Have Ever Seen Beautiful CGI Simulations Of Realistic Flocking Behaviour With Birds, You Might Wonder How It Is Done - This Is How:
https://www.reddit.com/r/programming/comments/1qeho0v/if_you_have_ever_seen_beautiful_cgi_simulations/
<!-- SC_OFF -->The fundamental premise is that flocking is a bottom-up phenomenon, which emerges almost magically from a few simple rules. Once the rules are found and tested, the programmer can create a model of them in code which he, or she will execute to test that it works. This model is then handed to a graphic artist that can then take this model to drive graphics software to draw it on screen. Modern graphics processors, as you have seen, can create strikingly realistic, jaw-dropping images. Sure, the artist may be talented, but the real credit goes to the person who created the model. I am not trying to diminish the creativity, or imagination of the artist. In our case, the wizard behind the model of flocking behaviour was a young man named Craig Reynolds, who discovered a few simple rules in 1986. Look him up. Here are Reynold’s rules: Rule 1: Steer to avoid collisions. This is a repulsive force. It ensures that the birds do not collide. Each bird maintains a small protected zone around itself. If another bird enters this zone, then the bird steers in the opposite direction. Rule 2: Steer towards the average heading of local flockmates. The bird looks at the velocity (speed + direction) of its neighbours and tries to match it. This behaviour gives the flock its “flow” and prevents individuals from scattering in different directions. Rule 3: Steer to move toward the average position (centre of mass) of local flock mates. This makes the bird want to be in the middle of the group it can see. It prevents individuals from drifting off into isolation, ensuring the group remains a "flock" rather than a collection of independent actors. There is a subtle but vital detail in Reynold’s logic: Reynolds specified that individual birds don’t see the whole flock; they only see what is nearby. This is why a flock can split around buildings and other obstacles and rejoin as a group. If you are not a programmer, stop reading here. Programmers will probably want an example of how these simple rules are actually coded. Here is my implementation, written in pseudo-code, because I am language agnostic. Note that Reynolds called the birds “Boids” to differentiate them from real birds: // Calculate the three forces for a single Boid 'b' PROCEDURE calculate_forces(boid b, flock): Vector separation_force = [0, 0] Vector alignment_avg_vel = [0, 0] Vector cohesion_avg_pos = [0, 0] int neighbor_count = 0 FOR EACH boid neighbor IN flock: IF neighbor != b AND distance(b, neighbor) < VISUAL_RADIUS: neighbor_count++ // Rule 1: Separation (Vector points AWAY from neighbor) IF distance(b, neighbor) < PROTECTED_RANGE: separation_force += (b.position - neighbor.position) // Rule 2: Alignment (Accumulate velocities) alignment_avg_vel += neighbor.velocity // Rule 3: Cohesion (Accumulate positions) cohesion_avg_pos += neighbor.position IF neighbor_count > 0: // Finalize Alignment: Average the velocity and steer toward it alignment_avg_vel /= neighbor_count alignment_force = (alignment_avg_vel - b.velocity) * ALIGN_WEIGHT // Finalize Cohesion: Find center of mass and steer toward it cohesion_avg_pos /= neighbor_count cohesion_force = (cohesion_avg_pos - b.position) * COHESION_WEIGHT // Finalize Separation: Scale the repulsion separation_force *= SEPARATE_WEIGHT RETURN separation_force + alignment_force + cohesion_force If you’d like to find Craig then he can be found on the Internet here: http://www.red3d.com/cwr/ As you can see, his presence is very understated. <!-- SC_ON --> submitted by /u/MarioGianota (https://www.reddit.com/user/MarioGianota)
How ClickHouse handles strings
https://www.reddit.com/r/programming/comments/1qef2lv/how_clickhouse_handles_strings/
submitted by /u/f311a (https://www.reddit.com/user/f311a)
[link] (https://rushter.com/blog/clickhouse-strings/) [comments] (https://www.reddit.com/r/programming/comments/1qef2lv/how_clickhouse_handles_strings/)
Arrow's Either: The Kotlin Chapter of our Scary Words Saga
https://www.reddit.com/r/programming/comments/1qedne5/arrows_either_the_kotlin_chapter_of_our_scary/
submitted by /u/cekrem (https://www.reddit.com/user/cekrem)
[link] (https://cekrem.github.io/posts/arrow-either-kotlin-functors-monads/) [comments] (https://www.reddit.com/r/programming/comments/1qedne5/arrows_either_the_kotlin_chapter_of_our_scary/)
Grug Brained Developer a humorous but serious take on complexity in software
https://www.reddit.com/r/programming/comments/1qdvbpv/grug_brained_developer_a_humorous_but_serious/
<!-- SC_OFF -->A long-form essay reflecting on complexity as the core challenge in software development, with observations drawn from maintaining systems over time. It touches on abstraction, testing strategies, refactoring, APIs, tooling, and system design, framed in an intentionally simple and humorous tone. <!-- SC_ON --> submitted by /u/Digitalunicon (https://www.reddit.com/user/Digitalunicon)
[link] (https://grugbrain.dev/) [comments] (https://www.reddit.com/r/programming/comments/1qdvbpv/grug_brained_developer_a_humorous_but_serious/)
Go Home, Windows EXE, You're Drunk
https://www.reddit.com/r/programming/comments/1qdt9s5/go_home_windows_exe_youre_drunk/
submitted by /u/nicebyte (https://www.reddit.com/user/nicebyte)
[link] (https://gpfault.net/posts/drunk-exe.html) [comments] (https://www.reddit.com/r/programming/comments/1qdt9s5/go_home_windows_exe_youre_drunk/)
The Influentists: AI hype without proof
https://www.reddit.com/r/programming/comments/1qdqtk0/the_influentists_ai_hype_without_proof/
submitted by /u/iamapizza (https://www.reddit.com/user/iamapizza)
[link] (https://carette.xyz/posts/influentists/) [comments] (https://www.reddit.com/r/programming/comments/1qdqtk0/the_influentists_ai_hype_without_proof/)
The surprisingly tricky parts of building a webhook debugger: SSE memory leaks, SSRF edge cases, and timing-safe auth
https://www.reddit.com/r/programming/comments/1qdof8e/the_surprisingly_tricky_parts_of_building_a/
<!-- SC_OFF -->I've been working on a webhook debugging tool and wanted to share some of the non-obvious engineering problems I ran into. These aren't specific to my project—they're patterns that apply to any Node.js service handling real-time streams, user-supplied URLs, or API authentication. 1. SSE connections behind corporate proxies don't work (until you pad them) Server-Sent Events seem simple: open a connection, keep it alive with heartbeats. But many users reported 10+ second delays before seeing any data. The cause: Corporate proxies and Nginx buffer responses until they hit a size threshold (often 4KB). Your initial : connected\n\n message is 13 bytes—nowhere close. The fix: javascript res.setHeader("X-Accel-Buffering", "no"); res.setHeader("Content-Encoding", "identity"); // Disable compression res.write(": connected\n\n"); res.write(`: ${" ".repeat(2048)}\n\n`); // 2KB padding forces flush Also, one setInterval per connection is a memory leak waiting to happen. With 500 connections, you have 500 timers. A single global timer iterating a Set cut our memory usage by ~40%. 2. String comparison leaks your API key (timing attacks) If you're validating API keys with ===, you're vulnerable. The comparison returns early on the first mismatched character, so an attacker can measure response times to guess the key character-by-character. The fix: crypto.timingSafeEqual ensures constant-time comparison: javascript const safeBuffer = expected.length === provided.length ? provided : Buffer.alloc(expected.length); // Prevent length leaking too if (!timingSafeEqual(expected, safeBuffer)) { /* reject */ } 3. SSRF is harder than you think (IPv6 mapped addresses) We allow users to "replay" webhooks to arbitrary URLs. Classic SSRF vulnerability. The obvious fix is blocking private IPs like 127.0.0.1 and 10.0.0.0/8. The gotcha: ::ffff:127.0.0.1 bypasses naive regex blocklists. It's an IPv4-mapped IPv6 address that resolves to localhost. We had to: Resolve DNS (A + AAAA records) before making the request Normalize IPv6 addresses to IPv4 where applicable Check against a comprehensive blocklist including cloud metadata (169.254.169.254) 4. In-memory rate limiters can OOM your server Most rate limiters use a simple Map. A botnet scanning with 100k random IPs will grow that map indefinitely until you crash. The fix: Sliding Window + LRU eviction. We cap at 1,000 entries. When full, the oldest IP is evicted before inserting a new one. Memory stays bounded regardless of attack volume. 5. Searching large datasets without loading them into memory Users can replay webhooks from days ago. Naively loading thousands of events into memory to find one by ID will OOM your container. The fix: Iterative pagination with early exit: ```javascript while (true) { const { items } = await dataset.getData({ limit: 1000, offset, desc: true }); if (items.length === 0) break; const found = items.find((i) => i.id === targetId); if (found) return found; offset += 1000; // Only fetch next chunk if not found } ``` This keeps memory constant regardless of dataset size. 6. Replay retry with exponential backoff (but only for the right errors) When replaying webhooks to a user's server, network blips happen. But blindly retrying every error is dangerous—you don't want to hammer a 404. The pattern: Distinguish transient from permanent errors: ```javascript const RETRYABLE = ["ECONNABORTED", "ECONNRESET", "ETIMEDOUT", "EAI_AGAIN"]; if (attempt >= 3 || !RETRYABLE.includes(error.code)) throw err; const delay = 1000 * Math.pow(2, attempt - 1); // 1s, 2s, 4s await sleep(delay); ``` 7. Header stripping for safe replay If you replay a production webhook to localhost, you probably don't want to forward the Authorization: Bearer prod_secret_key header.
Windows? Linux? Browser? Same Executable
https://www.reddit.com/r/programming/comments/1qdnx4a/windows_linux_browser_same_executable/
submitted by /u/double-happiness (https://www.reddit.com/user/double-happiness)
[link] (https://hackaday.com/2026/01/15/windows-linux-browser-same-executable/) [comments] (https://www.reddit.com/r/programming/comments/1qdnx4a/windows_linux_browser_same_executable/)
How to Make Architecture Decisions: RFCs, ADRs, and Getting Everyone Aligned
https://www.reddit.com/r/programming/comments/1qdjwul/how_to_make_architecture_decisions_rfcs_adrs_and/
submitted by /u/trolleid (https://www.reddit.com/user/trolleid)
[link] (https://lukasniessen.medium.com/how-to-make-architecture-decisions-rfcs-adrs-and-getting-everyone-aligned-ab82e5384d2f) [comments] (https://www.reddit.com/r/programming/comments/1qdjwul/how_to_make_architecture_decisions_rfcs_adrs_and/)
Spring Then & Now: What’s Next? • Rod Johnson, Arjen Poutsma & Trisha Gee
https://www.reddit.com/r/programming/comments/1qdizlc/spring_then_now_whats_next_rod_johnson_arjen/
submitted by /u/goto-con (https://www.reddit.com/user/goto-con)
[link] (https://youtu.be/04WwkBc6cZ8?list=PLEx5khR4g7PINwOsYrkwz3lTTJUYoXC53) [comments] (https://www.reddit.com/r/programming/comments/1qdizlc/spring_then_now_whats_next_rod_johnson_arjen/)
Responsible disclosure of a Claude Cowork vulnerability that lets hidden prompt injections exfiltrate local files by uploading them to an attacker’s Anthropic account
https://www.reddit.com/r/programming/comments/1qdg7i4/responsible_disclosure_of_a_claude_cowork/
<!-- SC_OFF -->From the article: Two days ago, Anthropic released the Claude Cowork research preview (a general-purpose AI agent to help anyone with their day-to-day work). In this article, we demonstrate how attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in Claude.ai chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability — it was acknowledged but not remediated by Anthropic. <!-- SC_ON --> submitted by /u/sean-adapt (https://www.reddit.com/user/sean-adapt)
[link] (https://www.promptarmor.com/resources/claude-cowork-exfiltrates-files) [comments] (https://www.reddit.com/r/programming/comments/1qdg7i4/responsible_disclosure_of_a_claude_cowork/)
Python Program Obfuscation Tool
https://www.reddit.com/r/programming/comments/1qdbx4r/python_program_obfuscation_tool/
submitted by /u/stackoverflooooooow (https://www.reddit.com/user/stackoverflooooooow)
[link] (https://www.pixelstech.net/article/1761539496-python-program-obfuscation-tool) [comments] (https://www.reddit.com/r/programming/comments/1qdbx4r/python_program_obfuscation_tool/)
Why your coding agent keeps undoing your architecture
https://www.reddit.com/r/programming/comments/1qd84xf/why_your_coding_agent_keeps_undoing_your/
<!-- SC_OFF -->Wrote a little about my workflow using ADRs and coding agents. <!-- SC_ON --> submitted by /u/myusuf3 (https://www.reddit.com/user/myusuf3)
[link] (https://mahdiyusuf.com/why-your-coding-agent-keeps-undoing-your-architecture/) [comments] (https://www.reddit.com/r/programming/comments/1qd84xf/why_your_coding_agent_keeps_undoing_your/)