Interesting Links for Week 6 of 2024

Austral: A Systems Language with Linear Types and Capabilities

I came across Austral a month ago. While writing Common Golang Code Review Comments, Golang's foot guns made me think about it again.

Austral has similar design goals to Golang and Zig. Borretti is building a language that "must be simple enough fit in a single person’s head" and makes writing secure code easy.

Austral has proper union types that solve Tony Hoare's Billion Dollar mistake. Union types also enable us to accurately model real world state.

Other languages have these features, but what makes Austral novel is statically check resource management. In short, Linear Types allow us to have Rust-like resource management for more things than just memory. The compiler can make sure we close files, free locks, etc.

Austral linear typing enables a way to statically check that functions are secure. Its capability system can statically enforce that string formatting can't use the network. It can prevent supply chain attacks and restrict risky functionality to rigorously vetted code.

It is exciting to see a new language that focuses on simplicity, reducing foot guns, and making secure programming easier. Time will tell if it gets traction. It has some stiff competition.

Image Scrubber

Image Scrubber is a useful tool for removing metadata from photos and to securely censor faces.

Given that there are now reliable deblurring algorithms. It is nice to have a tool to censor images with a deblurring resistant algorithm. No Face, No Case!

There are CLI tools to scrub metadata from files, but it is handy to have an online, browser only tool to scrub and blur photos when those tools are not available.

A Distributed Systems Reading List

Fred Hebert of Learn You Some Erlang fame has written a good primer and reading list on distributed systems.

Distributed systems are notoriously hard. We like to hand-wave away this fact. Given that nearly everything we do is at least two nodes sharing state, we should stop lying to ourselves. We're not immune to the problems that come with implementing distributed systems. Everything is distributed (even embedded systems).

How to create a GPG subkey for signing

GPG creates a master key that can sign data and certify sub-keys. This requires that you to keep the master key on your computer when signing commits or signing packages.

The Debian project recommends using sub-key for signing so you can secure your master key. The Secure Git guide condensed these steps.

Keyoxide and ariadne.id

Keyoxide is an open-source service for verifying identities in a decentralized way. It uses an open standard called ariadne.id for proving your identity. Keyoxide basically provides an open, decentralized replacement for Keybase's identity verification process.

Heltec Capsule Sensor V3

I was recently in a situation where the cell networks were overloaded, and my group got separated. We struggled to find each other using Signal because we couldn't get messages out to the internet.

I have been tinkering with Meshtastic as a possible solution to this problem. I bought a couple Heltec V3 boards to play with. Unfortunately they are still a bit of a DIY affair.

When I saw the announcement of the Heltec Capsule Sensor V3 I immediately impulse bought one.

It seems like a nice little self-contained solution that I could configure with a pre-shared key, hand off to a friend, and be able to text and locate them securely.

I have concerns about its range, durability, and battery life. My Heltec V3 boards get about a day idling on a 1000Mah battery and the capsule has 250mAh battery. We'll see in March when people start getting these to see how viable they are.

Command Line Interface Guidelines

Command Line Interface Guide is a great resource for building human-first CLI programs.

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/

A hilarious and horrifying comedy of errors in personal data mishandling. They did nearly everything wrong.

ESP32 Embedded Rust at the HAL: I2C Scanner

https://apollolabsblog.hashnode.dev/esp32-embedded-rust-at-the-hal-i2c-scanner

Another excellent post on embedded Rust by Omar Hiari. This time they show us how to integrate I2C devices with an ESP32 board.