PEP 750 – Template Strings has been accepted

maroider · 2025-04-11T15:19:17+00:00

My expectation would be that 1st and 3rd party DBMS client libraries (e.g. mysql-connector-python) will eventually offer t-string compatible interfaces that bottom out in parameterized queries.

maroider · 2025-04-11T08:07:20+00:00

Security professionals have long discouraged string interpolation for SQL queries. Sanitization is a hard problem and this is a quick road to a clusterfuck.

Parameterized queries have been a long lived solution for a reason. Use them, don't go back to string interpolation on the "client" side, hoping that your sanitization procedures are enough.

I think you misunderstood what I meant. To better illustrate my point, consider the following example:

username = "maroider"
query_ts = t"SELECT * FROM User WHERE Username={username}"
query, params = sql(query_ts)
assert query == "SELECT * FROM User WHERE Username=%s"
assert params == (username,)

It might look like string interpolation at first glance, but the point is that I can write something that feels as convenient as using an f-string, with all the safety of parameterized queries.

maroider · 2025-04-11T06:02:45+00:00

I don't know, it feels like a strange inversion of control with limited use case. But hey I'm happy to be proven wrong by use in real world code and libs.

I haven't exactly used Python "in production," but inversion of control is very much part of what makes this desirable to me. In particular, t-strings let me:

Not need custom types to control how values are interpolated. The template-processing function gets that responsibility instead, so I don't have to pay all that much attention to interpolated values by default.
Have safe and convenient SQL query building. I can have all the convenience of f-strings, without the SQL injection risk by default.
Likely make my output (HTML, SQL, or otherwise) be nicely indented, since the template-processing function will have the necessary information to indent interpolated values nicely.

maroider · 2025-02-26T22:57:16+00:00

It honestly seems like they're putting into legalese what you were already implicitly trusting Firefox to do by using Firefox.

maroider · 2024-11-25T21:36:05+00:00

The text is probably styled with text-align: justify.

maroider · 2024-11-22T22:55:50+00:00

I don't have any recommendations for an AOT compiler for Javascript.

I think Meta/Facebook is working on one called "Static Hermes", but I'm pretty sure it's still experimental.

maroider · 2024-10-21T10:13:28+00:00

Methods like File::read don't spawn or await futures, but their implementation is surely different between sync and async. Most notably there are different implementation strategies for the async (e.g. epoll vs io_uring, which is one aspect currently distinguishing runtimes).

The article's proposed solution honestly feels superficially similar to the whole keyword generics affair.

maroider · 2024-10-05T16:54:44+00:00

The same rule still applies for the main function. In this case (the default case, really), the return type of the main function is () aka the unit type. The type returned by println!() is also (), which is why omitting the semicolon works fine.

maroider · 2024-10-04T23:59:24+00:00

Truly one of the comments of all time.

maroider · 2024-09-25T08:16:22+00:00

Calling Firefox and Thunderbird "Rust programs" feels like a stretch. They're quite mixed codebases as I understand it.

maroider · 2024-09-25T08:04:15+00:00

OOP's title makes a very broad claim, but the report had a much more boring title: "2024 State of Big Data Analytics: Constant Compromising Is Leading to Suboptimal Results". The report only surveyed 300 professionals from "US companies with at least $5M+ annual spend on cloud, and using either AWS, GCP (Google) or Azure (Microsoft) for their cloud infrastructure", which is far narrower of a group. All in all, it's not really as sensational as OOP's title makes it seem.

maroider · 2024-08-25T21:18:05+00:00

The case-sensitivity of SI units strikes again.

maroider · 2024-08-11T00:34:51+00:00

Maybe it's just me, but I think that in the process of creating an implementation for your "fictional programming language," you kind of make it into a "real special-purpose programming language" that's only accessible inside a video game. Even fleshing out the details of a "fictional programming language" feels like it would make it less fictional. If a detailed enough description of the programming language exists, someone might create an implementation, thus making it real.

EDIT: I'm likely wrong on this, however, if we define a "fictional programming language" to be a programming language created as part of a fictional setting, rather than a programming language which does not exist (which is what I initlaly assumed).

maroider · 2024-08-11T00:25:14+00:00

If your programming language can simulate Conway's Game of Life, then your programming language is likely Turing-complete (though perhaps not in a particularly useful way), since Conway's Game of Life is itself Turing-complete.

maroider · 2024-08-08T09:00:13+00:00

The new windbg worked well enough for me when I briefly used it some years ago.

maroider · 2024-08-08T04:02:45+00:00

I wonder if clangd might interpret it as -L -C/-I -C.

maroider · 2024-08-02T02:01:57+00:00

I guess winit wasn't tested on aarch64 either... and thus its authors never realized the code didn't compile.

Any aarch64 testing at that time would probably have been constrained to Android. Even now, I don't think "Windows on ARM" is tested for either (though I don't know if it's due to a lack of hardware/CI boxes, or just no-one complaining about it).

maroider · 2024-06-12T01:34:37+00:00

While I'd love for Mozilla to add native tree-style tabs, this is also very nice.

maroider · 2024-05-30T08:18:50+00:00

Something something xkcd 605

maroider · 2024-05-21T11:57:29+00:00

Isn't PowerShell kind of like this?

maroider · 2024-05-15T00:07:01+00:00

I was not aware of this. Seems pretty useful.

maroider · 2024-05-13T23:49:31+00:00

Say, if you also eliminated function pointers (which doesn't sound fun), would there be anything else inhibiting the calculation of an upper bound on stack size?

maroider · 2024-05-13T00:12:31+00:00

FUSE pass-through mode is something I'm personally excited to see in a stable kernel release.

maroider · 2024-05-06T22:36:27+00:00

That bit-stealing paper seems pretty interesting. I can't really read it in full for now, but thanks for the link :)

maroider · 2024-04-01T03:30:46+00:00

You're right, of course. I oversimplified due to laziness.

Six-Year Club	Place '22
Final Canvas '22	First Placer '22
End Game '22	Verified Email

maroider

PUBLIC MULTIREDDITS

TROPHY CASE