Secure your connection by limit outgoing connection
For years, I was just a reader, consume information and share with BetterDev audience. But that’s going to chance. I’m trying to make article and video screencast so I had some thing to offer to the world to share my limited knowledge and experience.
This will be my first post ever, and I don’t even have blog setup yet so I’m leverage “buymeacoffee” link.
I read about many hacks recently, some are very high profile hack on some dependencies, so how do we defend these hack? Since our app now run untrusted cost?
I want to share my though and my approach on how I defense these attacks.
SSH: More than secure shell
SSH is the defactor to get a shell run in a remote host. But it can do more such as port forwarding or an intermediate host to access other host
The HTTP crash course nobody asked for
Explain HTTP at a very deep but at same time in a very practical manner so you can see and simule how thing work at plain text level. You will see the whole HTTP requests payload, how it was made and how to send it ray character by character.
One of Python great feature IMHO is its decorator system. Literally just by adding
@decorator_name right before your function definiton, suddenly we can run custom code around the function.
The wasted potential of CSS attribute selectors
Every classes we added to our CSS has a cost in term of space and parse time. BEM standarize the modifier concept so we have class like
menu--is-active. Modern HTML utilize ARIA for accessibility so stuff like screen reader can understand its current page/active syntax for example. So why don’t we use `menu[aria-current=‘page’] to customize its style. Make it broader we can even customize a link based on its domain, instead of adding extra parameter and at the same time it’s super flexible. Example: a[href^=https://specific-domain.com].
From Development to Real Users: How to Create a Web Performance Story
Some of the most common questions asked when it comes to work with performance are, How do you convince stakeholders that improving the performance of your project is actually worth the investment? How can you prove that the work is necessary to begin with? Or prove that you have shipped improvements? And what is the impact of certain changes on users in different scenarios?
A Look at Postgres 15: MERGE Command with Examples
update conflict is very powerful to update if row is already existed. But there is tricky case such as if data is already existed, delete it. Such as toggle a row by insert/delete, not easy to do with updatte conflict but now can do with
merge. update conflict also rely on a contrain,
Honeycomb Incident Review: Shepherd Cache Delays
Honeycomb is an event logging platform where log and metric can be send to it for viewing and analyzing. They have an outage of 8 hours on Sep 8th, 2022. This post is an analysis of that incident. We will learn a lot from these real world incident, seeing how those world class term debug and troubleshoot their infra.
What interesting is that Honeycomp cannot find the root cause and have accepted that they probably won’t find out how it all came together. The data simply isn’t there, their runway has been extended, and they’re now looking for longer-term fixes that circumvent the overall pattern.
The Linux-PAM Module Writers' Guide
PAM is an amazing feature of Linux that allows to customization the authentication process of an application on Linux. Such as when SSH to the node, we can add extra MFA verification. You can write PAM plugin by writing dynamic so lib that Linux can load, and PAM can call the specific funciton. Think of its like a set of function we have to expose to be called. They usually written in C, but in modern way we can easily hook up to Go, Rust, Zig and make it super easy to custimization the authentication process on a SSH server for example
Code to read
sqlite3vfshttp is a sqlite3 VFS for querying remote databases over http(s). This allows you to perform queries without needing to download the complete database first.
A Tiny WebGL helper Library
psd.js: a psd file parser
If you curious how PSD files are structure and parse it to get all the object, layer then read on
Pure Ruby implement of scp. great to read and understand all tcp detail of it
an experiment to minimize the barrier between Python and Rust to unlock the full potential of high level languages. Build your own Runtime using standard CPython and extend it with Rust
Lightning-fast and Powerful Code Editor written in Rust
an open source framework for building and running fast, secure, and composable cloud microservices with WebAssembly
Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan.
an open-source development toolkit to help Data Scientists and Machine Learning (ML) Engineers prototype and productionize ML pipelines in days not weeks.
Fast file synchronization and network forwarding for remote development
They had quite a bit of supported platform
Have you ever debug some tricky thing only happen in prod in a K8S cluster and wish you can hook up local process as if it was a container run inside the prod cluster to connect to prod resources and debug it?
Now you can do that with mirrord. Also read their introduction article
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this