"Mitigating soft verification issues in R8 and D8" by outlining references to newer APIs into API-specific types.


It's nice to see this supported! Four years or so this was actually rejected by D8/R8 as being not its problem. As a result AndroidX changed rules to do it manually: github.com/androidx/androidx/b

> Calls to new APIs gated on `SDK_INT` *must* be made from version-specific static inner classes to avoid verification errors that negatively affect run-time performance

@tagir_valeev Needs pulled into its own method so that it can have a semantic name and optionally documentation about behavior or even tests. The behavior is not self-evident. I wouldn't trust a follow-up with someone replacing it using some other clever trick to purportedly have the same behavior, so I don't trust it as-is.

New Coil release! 2.3.0 includes baseline profiles and a new coil-test artifact, which should help a lot with screenshot testing. Also a few assorted bug fixes. Check it out!


I built my own memory profiler (in #Rust, on #Linux)

And lived to tell the story in video form, apparently:

@omm I have never used any vim. Rarely is text input the limit to my programming. Usually it's my brain figuring out what to actually do.

If you use github.com/mdogan/homebrew-zul then a `brew update` and `brew install zulu-jdk20` will get you an automatically-updating JDK 20 living alongside all your others.

heyooooooo new article: "A world to win: WebAssembly for the rest of us" wingolog.org/archives/2023/03/

Of interest if you wonder: why does it seem like only rust and C are winning with WebAssembly? what is the deal with garbage collection? how would you compile scheme to wasm? how can I win with my weirdo altlang? also, is WebAssembly haunted? guaranteed success or your money back!

The Effective Interview ⚡️ with @jw is finally out 🚀

Go give it a read! 👇 lots of learnings and advice on this one.


"Exploiting aCropalypse: Recovering Truncated PNGs"

My writeup on exploiting CVE-2023-21036 (un-cropping Android screenshots!)


The ongoing Docker drama left me wanting to control my Docker image hosting, so I went digging into the API traffic of 'docker pull'.

Turns out it's easy to use your own domain as the hostname for Docker images, all without having to self-host your own full registry: httptoolkit.com/blog/docker-im

Blogpost about Docker Hub and wider FOSS community: woju.eu/blog/2023/03/foss-and-

(special greetings to @bagder)

oh my god, you can turn off those fucking EVIL sign in with #google popovers on random websites

> Security
> Signing in with Google
> Google Account sign-in prompts

I argue we (#curl) should NOT pay docker. Not give in to extortion. This might mean that someone else soon suddenly will register our name and can serve whatever image they want there. 5 *billion* pulls indicate there's a user or two that might fall victim for this.

That's on docker, not us.

@neilmadden Light & Magic which chronicles the history of ILM effect studio.

@grodin I'm working on AssertK now to bring it into every target and not just some.


All these years later, I just can’t get comfortable with a computer platform where you can write code for it, but the vendor gets to say whether or not people can run your code.

I thought that was wrong the day it was announced and still do.

The money says I’m in a minority. I’m comfortable with that.

The Web remains the only platform without a proprietor. Treasure it.

I did something cool but untraditional knowing in the back of my mind that App Review might reject it.

And they did making my effort wasted and ensuring I don't try drawing outside the lines for a long time.

Nothing discourages thinking different like Apple App Review.

@grodin Thanks for the heads up! In practice, like Truth, it's API leaves a lot to be desired. I think AssertK does a better job for a Truth/AssertJ-like API.

HOWEVER, AssertK is lacking support for the native targets I need so I'm actually using Truthis! (for now)

Show older

This server is a place for Jake Wharton. Are you Jake Wharton? This is your place. Are you not Jake Wharton? Well, at least you can find him here.