by HELLO EVERYONE!!! It’s September 26th, 2025, and you are reading the 80th edition of the Codeminer42’s tech news report. Let’s check out what the tech world showed us this week!
JSON is not JSON Across Languages – by dochia.dev blog
JSON, designed as a simple data interchange format, exhibits inconsistencies across programming languages due to varying interpretations of its specification. Integer precision varies, date and time parsing lacks a native JSON type, resulting in diverse format interpretations and potential errors.
Our plan for a more secure npm supply chain – by Xavier René-Corail
GitHub is enhancing npm security by implementing stricter authentication, including required two-factor authentication (2FA) for local publishing and seven-day limited granular tokens. They are deprecating legacy classic tokens and TOTP 2FA, migrating to FIDO-based 2FA, and encouraging trusted publishing to remove API tokens from build systems. Recent actions include removing over 500 compromised packages and blocking uploads with malware indicators following the Shai-Hulud attack. The goal is to restore trust in the open source ecosystem by mitigating risks from account takeovers and self-replicating malware.
Adventures in CPU contention – by André Arko
The article discusses a significant performance difference observed in the jj Version Control System (VCS) test suite, with SSD tests taking 239 seconds compared to 37 seconds on a ramdisk, highlighting CPU contention issues. Testing on different Macs (M4 Max with 16 cores and M3 Ultra with 32 cores) showed varied results, with more cores sometimes worsening performance on ramdisks beyond 12 cores. The slowdown is linked to increased fdatasync() calls, breaking through filesystem caches and causing contention, possibly due to shared resources like CPU cache or IO bus. Benchmarks using hyperfine revealed that SSD performance plateaus after 4 cores, suggesting APFS filesystem limitations.
The Coyier CSS Starter – by Chris Coyier
The Coyier CSS Starter is an opinionated CSS starter kit created by Chris Coyier, designed primarily for his own use in demos and projects, focusing on styles he frequently applies or forgets. It is not a comprehensive reset but aims to add useful styles, enhance user experience, and address common issues, using only logical properties and avoiding custom properties in favor of Open Props. Check it out!
The Rabbit Hole of Building a Filesystem Watcher – by Amandeep Singh
Building a filesystem watcher involves challenges such as fanotify’s inability to monitor directories recursively and its requirement for additional /proc lookups to fetch process credentials. Using eBPF, one can hook into kernel VFS layer functions, but this approach faces issues like unstable ABIs across kernel releases and the complexity of writing path filtering logic in kernelspace. Additionally, LSM hooks offer a more stable alternative for monitoring, but may not be available in all kernel versions.
Supporting the future of the open web: Cloudflare is sponsoring Ladybird and Omarchy – by Mari Galicer & Sam Rhea
Cloudflare is sponsoring two independent open source projects: Ladybird, which aims to build a completely independent browser from the ground up, and Omarchy, an opinionated Arch Linux setup for developers. This sponsorship is part of Cloudflare’s efforts to support a healthy ecosystem for the open web. Cloudflare has a history of supporting open-source software through its own projects and external initiatives. The announcement highlights the importance of a diverse ecosystem, especially at this moment.
Defer: Resource cleanup in C with GCCs magic – by joexbayer
The article discusses implementing a defer mechanism in C using GCC-specific extensions, particularly the cleanup attribute and nested functions, to automate resource cleanup. It explains how the cleanup attribute calls a function when a variable goes out of scope, and combines it with nested functions for a defer macro similar to Go’s defer. This approach, while experimental and non-portable, simplifies resource management in C functions with multiple return paths.
Rails pluralize Just Got 4x Faster – by Prateek Choudhary
Rails pluralize helper was optimized to be up to 4 times faster for uncountable words, improving ActiveSupport Inflector’s performance. Key changes include regex caching and a dedicated cache for English inflections. This benefits applications that frequently use pluralization in views, data processing, and API responses.
The Complete Guide to Dev Containers in Ruby on Rails – by Julian Rubisch
Dev Containers provide a standardized way to create portable, reproducible development environments for Ruby on Rails using Docker containers. Rails supports dev containers with pre-built images and a rails new --devcontainer command to set up a new app with Docker. The setup includes features like Ruby, Node.js, and PostgreSQL client utilities, and can be customized with additional tools via devcontainer.json. The environment can be run locally in VS Code or remotely in GitHub Codespaces, ensuring consistency across teams and eliminating "works on my machine" issues.
A Developer’s Guide to Negative Testing APIs – by dochia.dev blog
Negative testing for APIs focuses on how they handle malformed, malicious, or edge-case requests, ensuring robust error handling and input validation. It tests scenarios like numeric overflows, Unicode injections, JSON parsing vulnerabilities, and HTTP method confusion to enhance security and reliability. This approach helps identify vulnerabilities in authentication, rate limiting, and error message disclosures, preventing unauthorized access and system exploitation. Comprehensive negative testing is essential for APIs to fail gracefully under adverse conditions, reducing security incidents and improving system robustness.
How a String Library Beat OpenCV at Image Processing by 4x – by Ash Vardanian
Albumentations, an image augmentation library with over 100 million PyPI downloads, replaced parts of OpenCV, which has 32 million monthly downloads, with StringZilla for a better implementation of Look-Up Tables (LUTs). Check it out to understand how this string library outperformed OpenCV.
Languages, Tools & Framework releases
PostgreSQL 18 Released
PostgreSQL 18 introduces a new asynchronous I/O subsystem, improving performance up to 3× for storage reads and enhancing index usage. It features virtual generated columns for on-demand value computation and the uuidv7() function for better UUID indexing. Major version upgrades are faster with retained planner statistics, and OAuth 2.0 authentication support improves SSO integration. Additional enhancements include skip scan lookups on multicolumn B-tree indexes and parallel GIN index builds.
—
And that’s all for this week! Wish you all a great weekend and happy coding!
We want to work with you. Check out our Services page!
