A very practical issue. Dealing with authorization, SSH agent, design API, optimize big JS bundle, text vs varchar in database design. I hope you like these as much as I do.
Have a great week everyone.
Why Authorization is Hard
There’s a fundamental tension in authorization. Is it business logic or authorization logic? Should it be in the app, or separate?
Authorization wasn’t particularly fashionable in tech circles. Fast-forward to today, and Airbnb, Carta, Slack, and Intuit are all writing blog posts about the internal authorization systems they built. Suddenly it seems like authorization is a topic as cool as moving to Kubernetes!
The pitfalls of using ssh-agent, or how to use an agent safely
Using ssh-agent, your key can be transfered securely to a jumpbox and from that jump box you an login to another server using that key. But it has so many pitfall to the point many suggest to never use it. In this posts, we will see how we can leverage it safely. Because while proxyjump is useful for SSH, it’s won’t superuseful for thing like
Reverse-Engineering Apple Dictionary
Tooling, process, strategy to understand Apple Dictionary format. Like how the author walked us through his though process. These kind of article can be very helpful to show how to approach a problem when its knowledge isn’t searchable on google and you gotta be figure it yourself
Practical API Design at Netflix, Part 1: Using Protobuf FieldMask
Nextflix heavily uses gRPC for the purpose of backend to backend communication.
When processing a request it is often beneficial to know which fields the caller is interested in and which ones they ignore.
How can they understand which fields the caller doesn’t need to be supplied in the response in a gRPC request?
Postgres: Boundless `text` and Back Again
Lesson from Stripe engineering on why they used
text, then switch to
varchar(n). The TLDR is that client may not enforce length limit and cause huge text ended up in database
How to look at the stack with gdb
Maynot related to our daily work that much but it’s a really good post to laid our how we can look at a bunch of hexdump and understand what is what. Even if you don’t use C or gdb I’m strongly advise to give this a read
Code to read
Simple and performant client for PostgreSQL, MySQL, and SQLite. If you want to see how to write a database client, look no more. It also supports migration.
Lightweight, fully spec-compliant HTML5 server-sent events library.
If your communication is one-way such as you are only interested into event return from servers, then SSE is much more lightweight and easy to implement than websocket.
An experimental Ruby profiler in BPF
A script language like Python or Lua written in Rust, with exactly the same syntax as Go’s.
Telegram WebRTC (VoIP)
Basically allow you to create userbots that can record and broadcast in voice chats, make and receive private calls.
an Open Source implementation of a Content Delivery Network
An open source, self-hosted implementation of the Tailscale control server
Based on Wireguard VPN, allow you to create a mesh network between multiple hosts. Including a webui for management as well.
checks the configuration of given server accessible over internet during SSH handshake - notably supported encryption and MAC algorithms, and an overview of offered server public keys.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this