Security headers quick reference
There are certain of headers that just by adding them make browser protect the app from a certain kind of attack. Here is a quick walk through for some common ones.
GCP Penetration Testing Notes
Penetration teams start from the lowest level of the infrastrucuture, understanding every aspect of privilege and permission. We as a developer don’t have time to focus on all of them and just use one we most frequently use, which create blind spot for us. By understanding all of these aspect enable us to make information choice when designing infrastructure and make it more secure
Postgres Full Text Search vs the rest
In recent years, there are a bunch of search enginer appear to take on ElasticSearch such as TypeSense, MeiliSearch, Toshi. So how Postgress FTS compare to them in term of performanc for ingesting, query and accuracy.
Six consideration when managing PostgreSQL indexes
Needless to say what to index is an art. Over index and the app slow down on write, or make the engine harder to decide what index to use. Here, knock team shares with us their signal that they use to make decision on indexing.
How to draw hexagons grid
This guide will cover various ways to make hexagonal grids, the relationships between different approaches, and common formulas and algorithms
Have you work on a very big app where a few old customers cannot upgrade their system for whatever reason and we have to maintain backward compatible and hack around? This is exactly what happen with WebKit browser engine, they have very ugly hack that check and hard code domain name, css selector to account for old websites.
A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic
Have you ever setup some tricky services where it cannot be exposed to the world directly and goes through a few proxy or tunnel, using a few iptables trick. It’s impossible to debug those without invoking tcdump to know where the traffic hit, how does it flow? But remember tcpdump syntax is tedious and I keep coming to this examples all the time
Code to read
Captcha implement 100% in-house using Rust and ImageMagick to generate pictures instead of relying on system like google or hcaptcha.
An NTP implementation in Rust
If you want to know how to generate the waveform of an audio file, read on
experimental profiler/tracer that is capturing wallclock timelines for each goroutine. It’s very similar to the Chrome profiler
A curated collection of diagramming tools used by leading software engineering teams
Enlightened library to convert HTML and CSS to SVG
Have you write bash script and want user to have a menu where they can cycle through with arrow key and type enter to select? or you want to collect user input? but want to format the input promp nicely. Or confirmation to do something. There are a lot of detail that is hard to make a great UX with Bash alone. So we ended up write a lost of bash helper. gum a standalone single binary tool that help just that.
PostgreSQL pooler with sharding, load balancing and failover support.
A lightweight, framework-agnostic database migration tool. Give it a list of SQL file and it ensures those SQL files are executed on your database. It’s especially pair great with projects that share same db or app that use mulktiple database since now you can manage migration out of the application deployment life cycle.
Generate HTTP load and plot the results in real-time
Generate your Go project in a single click with multiple option such as db, authentication, html template or json only
Run a command when a file or a directory changed.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this