This week, people discover some applications like zoom, amazon music app are exposing a local web server without authentication. They are implemented to use as a GIF pixel to avoid CORS. To make thing worse, a few listens on
0.0.0.0 so anyone in LAN can
curl it. Since they are unauthenticated, it’s so easy to be exploit. So this week we have many links about security: encyrpting, signing.
Picking good name is hard. Bob Nystrom walks us through some refactor to turn long name to short name. He’s also the author of a few artciles about compilers and interpreters which we linked to in this same issue below.
Encrypting data is all about making sure that only the right people can view the data you’ve encrypted. There are two primary forms of data encryption: symmetric and asymmetric. The hardest thing about encrypting data isn’t encryption, it’s key management.
If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number. The code to demo this is 100% open source so you will be able to learn about bluetooth and decode data transferting too. Pretty cool I must say.
Amazon Music App run a server on your laptop so it can spin up process such as open the app and play a song to by pass Mac built-in safety net in browsers that seek confirmation from users. We investigate how to find process listen on port, disassembly it, run it with a debugger set breakpoints right before the decryption calls, and read the encryption key and IV from memory. I learn a lot from it.
You’re trying to differentiate between a legitimate user and an attacker, usually by getting the legitimate user to prove that they know a credential that the attacker doesn’t. Advices from Latacora, a security firms on how to do that properly.
This is a wip book and available to read online. We link to them before. This is a new chapter. Even if you don’t want to write an interpreters, it still worth to read to understand more about function call: call stack, frame,
Avito has 600+ servers, 270TB of images, 20TB in Postgres on 100 nodes. The author shares Avito’s experience in different cases of standby usage: replication, avoid stale reads, pitfall when using standby with high request rate.
Some direction for how to think about consistency levels in the context of ACID-compliant database systems.
Have you heard about algebraic effects? I don’t. It turned out that algebraic effects are a cool concept and not as scary as I thought from those whitepaper pdfs.
It’s easy to mix them up.
Perhaps the smallest useful terminal multiplexer in the worldC
A library allow us to move, drag, resize, scale, rotate any element. Support React/Preact too.TypeScript
Have fun analyse data from the dataset ‘Baby Names from Social Security Card Applications - National Data’.Python
Find time-consuming database queries for ActiveRecord-based Rails AppsRuby
Go lib for rendering progress bars in terminal applications.Go
A talk from “Data Council SF ‘19”. It is also an article to summary the video.
an SSH Certificate Authority that runs as a AWS Lambda function
A dead simple vpn
Full featured and highly configurable SFTP server software
An easy-to-use BI server built for SQL lovers. Power data analysis in SQL and gain faster business insights
a distributed system intended for streaming data between various heterogeneous source and destination systems. Use cases: Kafka mirroring, capture MySQL change data events…
Better Dev Link