How to win at CORS
CORS is complicated because it’s a standard implement on client side, by browsers. it’s up to browser to do what it wants or needs to implement. CORS also evolved due to the complexity of modern app. The result leads to many outdated documents about CORS. Example, did you know that when using
Access-Control-Allow-Origin: * then you cannot pass cookie? but it’s up to client to implement that protection. Or if we pass cookie,
Access-Control-Allow-Credentials has to be existed in preflight. And when and why browser made preflight requests. Great, it’s getting complicated ;-)
How Microsoft reduced Windows 11 update size by 40%
Microsoft delivers the latest Windows security and user experiences updates monthly. Updates are modular meaning that, regardless of which update you currently have installed, you only need the most recent quality update to get your machine up to date.
With the fast pace of Windows security and quality fixes, distributing this large amount of updated content takes up substantial bandwidth. Reducing this network transfer is critical for a great experience. Moreover, users on slower networks can struggle to keep their machines up to date with the latest security fixes if they cannot download the package.
Tune sorting operations in PostgreSQL with work_mem
Most databases involve heavy sorting operations before the data is analyzed, visualized, and presented to end-users. Often, depending on the complexity of the query and the volume of data to be sorted, it not only turns out to be highly expensive operation, but capable enough to bring chaos in a production environment. It’s critical not just to tune resources required for sorting, but also do so sensibly, so you can achieve the desired result by sorting fewer rows from a table instead of having to scan the whole table.
Smart CSS Solutions For Common UI Challenges
Writing CSS has probably never been more fun and exciting than it is today. In this post we’ll take a look at common problems and use cases we all have to face in our work and how to solve them with modern CSS.
I particularly like the Form Field Focus without outlines and going to implement it for all of my username/password form in the future.
IoT Hacking and Rickrolling My High School District
A very thoughful and responsible whitehat hacking of a school district to take over all of network device to play same sound all at the same time.
Also hat off to how the administrator team handles the hack.
Just the same Letsencrypt expiration topic. But this time, the OS CA cert are fine and up to date but apparently the application has a HTTP client that uses its own CA bundle and it’s broke once Letsencrupt CA expired.
How not to blow up the production database
When running a production database, one needs to carefully consider all the data access patterns. The usual trap people fall into is optimizing for one data access pattern at the cost of all others. This causes production systems to fail spectacularly or lose millions of dollar as the system becomes slower over time.
The team at battlefy presents us how they evolve from reduce write, calculation on read, cache to using materialized views.
Code to read
A mini x86-64 assembler for fun
2kB immutable date-time library alternative to Moment.js with the same modern API
A powerful little TUI framework 🏗
Arbitrary-precision fixed-point decimal numbers in go that can handle up to 2^31 digits after the decimal point.
🚴 Call stack profiler for Python. Shows you why your code is slow!
a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Have ever write a shell script and want a real window UI to input data? Hook up to sixtyfps. Basically from your shell script, you call sixtyfps, pass a UI DSL into stdin and sixtyfps render the UI. User enter data, click “OK”, and sixtyfps quite, and write back output to stdout where your shell script can access and parse it. Very useful. Read introduction post
Turn a Raspberry Pi into an Airplay server using RPiPlay to enable screen mirroring on tvs, monitors and projectors.
Quickly create and run optimised Windows, macOS and Linux desktop virtual machines.
Open source API client alternative to postman, insomnia.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this