Illustrated Redirection Tutorial
Have you ever type command like 2>&1, 3>&2 out of habit without a deep understanding behind it? If so, this article is for you. it explaind the concept of file descriptor and what 1, 2, 3 mean.
RBAC like it was meant to be
How you would go to design an access control system? In this article, tailscale show us how they approach Role Base Access Control in its original design.
How does Google Authenticator work?
When you scan a QR code on any site that support MFA(Multi Factor Authentication), the bar code contains a secret token. The the 6 digit one time password is the result of a function that take input of original secret token and current time stamp. We’ll learn exact steps which that function do
Computers are the easy part
Mailchimp deploy new code that add a log statement. Then their job queue is backed up and job are no longer run. Nothing changes except that log statement.
But it’s just a log so they look for in other places. Turning out, the log statement in root cause. But isn’t that obvious that the log is the cuprit? Why no one though so?
Programmers Don’t Understand Hash Functions
Using a hash function for the wrong purpose, or in a place where it doesn’t provide the expected properties, can lead to security vulnerabilities. Some of these vulnerabilities aren’t obvious or straightforward, either, which only serves to magnify confusion.
Designing the Ledgers API with Optimistic Locking
Optimistic locking in a strategy that we will allow read, and for write we will assume conflict are unlikely, and if it’s conflict we will lock/error out but we push the decision far down the chain. One of way is to add a column
lock_version and when upgrading we attempt to compare the current lock_version if it’s different that means the row is updated elsewhere and we will abort it. Let’s apply that into API design
Code to read
A micro HTML/SVG render
An HTTP/1.1 client, written from scratch for Node.js
A Tiny Git-compatible Git Implementation
We usually have to give dev access to a Rails production console so they can debug or manipulate data. How can we protect sensitive data of customers while still allow dev fetch other data? How can we audit the access?
The gem also go hand it hand with [audits1984](https://github.com/basecamp/audits1984(
Low level HTTP server library in Rust
a library for reading, creating and manipulating PDF files in python
Allow you to express diagram in code(using ReactJS). Checkout the example for a quick demo.
Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more…
Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
A lightweight LDAP server for development, home use, or CI
CLI tool designed to help you automate your Gitops workflow, by automatically creating and merging GitHub Pull Requests to update specific content in Git repositories.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this