Hi everyone, ! 👋
Welcome to issue #139. Yet another issue with lot of security article. Probably due to me is working on a security-related app and suddenly all I read is security.
Everywhere I works, at some point the problem of data schema migration occurs. So seeing big company like Github build tools, and share their workflow is super useful for us. We may not need to implement whatever they did but at least we can see how others are doing it. I usually like to share this kind of article a lot because they are what people are doing, way better than any theory-only article.
This post does not outline any new vulnerabilities in Google Cloud Platform but outlines ways that an attacker who has already gained an unprivileged foothold on a cloud instance may perform reconnaissance, privilege escalation and eventually complete compromise of an environment.
Say Alice wants to talk to Bob securely? They need to share a key to secure their conversation. But how do they secure the process of sharing the key? This books help you implement these kind of systems
An attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default.
I’m never a fan of EV cert. They added no value yet cost lot of money. The EV certificate significantly increases the time it takes to secure the connection between browser and server and therefore extends how long users stare at a blank screen, waiting for the page to start rendering
It uses Django as an example but really any framework can make these mistake.
We’ll look at the overall architecture of the front-end. How can you load essential resources first, and maximize the probability that the resources are already in the cache? HubSpot even consider Frontend Performance as a Feature
Webpack is almost the defactor asset building nowsaday. Many frameworks include it as the official way. However, Webpack is super slow by default. Here, Etsy shares how they are able to build 13,200 assets in 4 minutes.
Browser are fundamental in our daily life but we usually consider them as a blackbox with a massive code base. So how we learn more and hack on them? This post is a list of resource for fundamental understanding, books, tools to dive into browser internally. If you don’t have much time, at least read How Browsers Work and The Chrome comic book
I’m not a fan of these kind of tutorial. But this article is very useful where it show how to leverage GPU to speed up thing. If you are interested in GPU, WebGL then this article is for you.
Basically when you delete thing in Postgres. It won’t really be delete on disk, just mark as deletion
until we run VACUUM. If you want to delete whole table, best to just
an open source intercept proxy written in Go. Like Charles Proxy or MITMProxy. It makes use of goproxy as core proxy implementation and the interface is implemented with QT.Go
an implementation of ChaCha20 in Bash scriptBash
This is an implementation of Git using (almost) entirely POSIX shell.Bash
Since they has a single file. It’s super fun and interesting to read these.multi lang
🎨 Diagram as Code for prototyping cloud system architecturesPython
provides a small DSL to check your data for inconsistencies.Ruby
At this point, sort is solved proble. Just use any sort implement in your standard library or some well-know implement of fast sort algorithm. Yet, people are still researching in this area, to find “better” algorithm.C
DyanmoDB is a managed database by AWS where you access use HTTP API. You don’t have to worry about downtime, upgrade version or anything. It also has very weird pattern like suggest using one table for everything
ElasticSearch to PostgreSQL loader
A summarized of tools that we should know and use.
provides detailed session and/or object audit logging via the standard PostgreSQL logging facility.
web server scanner for security
Explore, map, compare, and download U.S. data
Better Dev Link