Common Nginx misconfigurations that leave your web server open to attack
Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them.
Breaking down and fixing Kubernetes
Kubernetes solves complex problem and it is itself complex. Today we will break the cluster, delete certificates, rejoin nodes on live, and doing all this fancy stuff without possible downtime for already running services.
Read Consistency with Database Replicas
Read Replicas are great to reduce load on primary node. But they can be lagged behind? In this post, Shopify show us the solution the Database Connection Management team at Shopify chose to solve variable lag and how they solved the issues we ran into.
Faster data migrations in Postgres
walk through the tradeoffs to consider while using pg_dump and pg_restore for your Postgres database migrations—and how you can optimize your migrations for speed, too.
How I cut GTA Online loading times by 70%
reverse engineering GTA to fix a bottle neck in JSON parsing. Really impressive on figuring out the bottle beck without accessing to souce code and even patch it with a hash map to utilize caching.
How Etsy Prepared for Historic Volumes of Holiday Traffic in 2020
Site traffic leapt up in the second quarter, when lockdowns went into widespread effect, by an amount it normally would have taken several years to achieve.
For context about Etsy, as of 2020 Q4 they had 81 million active buyers and over 85 million items for sale.
XSS Attack Examples and Mitigations
Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.
Code to read
Libraries for creating and controlling interactive web pages with Python 3.7 and above.
🔍 Rails N+1 queries auto-detection with zero false positives / false negatives
This is a pure Ruby implementation of the Secure Remote Password protocol (SRP-6a), which is a ‘zero-knowledge’ mutual authentication system. You’ll some cool trick such as constant time string comparison.
Node.js library for parsing crontab instructions
Go package to make lightweight ASCII line graph ╭┈╯ in command line apps with no other dependencies.
transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages.
a small CLI tool for generating a TLS self-signed (“TOFU”) ECC certificate and private key, suitable for using in small distributed networks, like gemini.
Easy email forwarding for your domain
Hanami is a service that allow you to forward email from your domain to personal email and sending email through your domain as well. You can also create unlimited alias on your domain and all of them will be foreward to your personal email.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this