Hi, everyone. It has been almost 6 months with out any betterdev issue :-). It was due to my busy schedule. I finally started to get thing back on track. I will come back to my regular schedule of one issue every week again to capture the spirit of development every week. Thank you for being a supporter. If you are no longer interested in betterdev, click in the unsubscribe link at the bottom of the email to unsubscribe.
There are certain of headers that just by adding them make browser protect the app from a certain kind of attack. Here is a quick walk through for some common ones.
Penetration teams start from the lowest level of the infrastrucuture, understanding every aspect of privilege and permission. We as a developer don’t have time to focus on all of them and just use one we most frequently use, which create blind spot for us. By understanding all of these aspect enable us to make information choice when designing infrastructure and make it more secure
In recent years, there are a bunch of search enginer appear to take on ElasticSearch such as TypeSense, MeiliSearch, Toshi. So how Postgress FTS compare to them in term of performanc for ingesting, query and accuracy.
Needless to say what to index is an art. Over index and the app slow down on write, or make the engine harder to decide what index to use. Here, knock team shares with us their signal that they use to make decision on indexing.
This guide will cover various ways to make hexagonal grids, the relationships between different approaches, and common formulas and algorithms
Have you work on a very big app where a few old customers cannot upgrade their system for whatever reason and we have to maintain backward compatible and hack around? This is exactly what happen with WebKit browser engine, they have very ugly hack that check and hard code domain name, css selector to account for old websites.
There are quite good practices to apply to any container such as not using root, run multistage build etc.
Have you ever setup some tricky services where it cannot be exposed to the world directly and goes through a few proxy or tunnel, using a few iptables trick. It’s impossible to debug those without invoking tcdump to know where the traffic hit, how does it flow? But remember tcpdump syntax is tedious and I keep coming to this examples all the time
Captcha implement 100% in-house using Rust and ImageMagick to generate pictures instead of relying on system like google or hcaptcha.
RubyRustexperimental profiler/tracer that is capturing wallclock timelines for each goroutine. It’s very similar to the Chrome profiler
A curated collection of diagramming tools used by leading software engineering teams
Enlightened library to convert HTML and CSS to SVG
Have you write bash script and want user to have a menu where they can cycle through with arrow key and type enter to select? or you want to collect user input? but want to format the input promp nicely. Or confirmation to do something. There are a lot of detail that is hard to make a great UX with Bash alone. So we ended up write a lost of bash helper. gum a standalone single binary tool that help just that.
PostgreSQL pooler with sharding, load balancing and failover support.
A lightweight, framework-agnostic database migration tool. Give it a list of SQL file and it ensures those SQL files are executed on your database. It’s especially pair great with projects that share same db or app that use mulktiple database since now you can manage migration out of the application deployment life cycle.
Generate HTTP load and plot the results in real-time
Generate your Go project in a single click with multiple option such as db, authentication, html template or json only
Run a command when a file or a directory changed.
BetterDev Link
Every Monday