Simple bugs with complex exploits
To the untrained eye, this bug does not look exploitable, but as shown on the bug report, Sergey made use of TurboFan’s typer to gain access to a very powerful exploitation primitive: an array whose length field is much larger than its capacity. This primitive provides an attacker with an out-of-bounds access primitive on the V8 heap, which can very easily lead to code execution
HOT updates in postgresql for better performance
HOT stand for “Heap Only Tuple”. It is a feature that overcomes some of the inefficiencies of how PostgreSQL handles UPDATEs.
Update adds a new row version call tuple. In other words, an update is like delete followed by an insert. Essentially, UPDATE-heavy workloads are challenging for PostgreSQL. This is the area where HOT updates help.
Anatomy of a Good Test
Show what makes a test a good one and describe desired and unwanted properties. Interestingly enough, all those properties hold, no matter how isolated or integrated the test is
Building the Next Evolution of Cloud Networks at Slack
Network is the backbone of almost any cloud application. When companies scale, we add more network, qa, staging, prod, support, rds, elasticache. Eventually we need to allow those network to communicate with each others.
How to manage that complexity? Adding a new network and allow traffic flow require you to add a new route table. A single bad route can cause lost traffic? Let’s learn how Slack manage that complexity
Let's build a Full-Text Search engine
This is in Golang code sample but you get the idea of building an inverted index, text analysis, tokenizer, filter and the trick to drop stop words - because almost anything in English contains them(such as them, I, you, etc)
Code to read
Can you imagine a battleships game implement with SQL? Yes, this is that level 9000 of SQL.
a compile-time spell checker using only typescript’s type checker. obviously not that serious, but it does work.
Last week, I included diagrams, a tool allow us to define graph using Python code. This time we have a loose port of diagrams
a basic proof of concept (horribly hacked together) that allows annotating method declarations to automatically be specialized and compiled to C.
Scan your site for security headers. Useful to know what headers you should set to enhance security.
a fast, memory-efficient Canvas 2D-based chart for plotting time series, lines, areas, ohlc & bars; from a cold start it can create an interactive chart containing 150,000 data points in 135ms
Turn shell commands into web services
Tiny XSS Payload
A few XSS snippet that you can use whenever you want to test some XSS, or test it on your own site :-).
an embeddable SQL OLAP database management system. Like SQLite but has more Postgres-like features.
A load testing tool aimed to perform real-time analysis, inspired by vegeta and jplot.
A lightweight, framework-agnostic database migration tool.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this