Hi everyone, this week is security week.
First, if you used CircleCI, make sure to rotate any secret since they suffered a breach. Second, Slack private repository got hacked too, and there is no customer data there but regardless, if your company use Slack, best to be rotate as well. Third, Pytorch got a supply chain attack and compromise too, luckily only for nightly build, so if you don’t use nightly build, you’re fine
The infrastructure behind ATMs
This isn’t quite a technical post but I think it’s amazing that when we walk to ATM and withdrawal our money, it just works and very reliable too.
moving to cloud: How to do Migrations the wrong way
Mercri ecently moved databases from local files in the codebase to an online Database. It took longer than expected but with good reason. The project started as POC and turn into a success, so they live with data in local files until traffic spike 10x and data is added at the 10x rate too
Easy, alternative soft deletion: `deleted_record_insert`
Soft delete is a technique where instead of removing data, we flag it as deleted by using a column like “deleted: true” or “deleted_at: time”. It seemed smart, cool, and very convenience since the data is there to refer back.
However, it is easy to lead to mistake and complex our query. Every query has to check for it, index need to be built around, whoever join data need to check for it and so on.
It adds up quickly and everytime I used it, I regret in the end, and just delete data for real.
Here is another middle approach: use a completely new table with jsonb to store the whole record.
Understanding Layout Algorithms
Working with CSS layout is like just tweaking thing unil it works, exmaple the margin collasible I found is very confusing.
The author share with us the mental model shift that makes CSS more intuitive
Docker on MacOS is slow and how to fix it
A tutorial to walk through understanding why docker is slow in term of OS on mac and a few solution. In short, Mutagen is what I plan to look into for my work too. We linked to Mutagen before and it’s a great tool. I heard good feedback
Verifiable AES: encryption using zero-knowledge proofs
Encryption is transforming messages into random-looking texts to ensure confidentiality between two parties. What is our objective here? We want to generate proof allowing us to verify an encryption algorithm, ensuring it does what it was designed for.
Code to read
Reddit UI is very slow to load, constantly nagge us to use mobile app.
Luckily they have a very openapi and people build UI on top of it. librreddit is built on rust, focus on content and run very fast.
Part of my routine is source content from Reddit and IO found libreddit is a much easiser way to navigate reddit nowadays.
a VM and compiler for Lua in Go. A good tool to add scriptable feature to your app. Another I approach I used is Otto
The simplest, fastest repository for training/finetuning medium-sized GPTs.
I like these small codebase to help me understanding more about these GPT and AI concept.
osv.dev is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.
Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories. It’s quite a big codebase but we can learn how thing is structure in these kind of tool.
A MongoDB compatible server but use Postgres to persist data behind the scene. Most MongoDB users do not require any advanced features offered by MongoDB; however, they need an easy-to-use open-source database solution. Recognizing this, FerretDB is here to fill that gap.
wish: Make SSH apps, just like that!
This probably should be in “Read code” but I think it could be a very valuable tools to design SSH-based tool.
One of my use case is I have a very expensive build server which maynot being used often, let them run around is costly, so I setup a smaller node, and forward TCP traffic to the bigger node. When there is no connection, it shutdown the expensive node, and when the first request come in, it boot up the expensive server.
Tools for synching and streaming files from Windows to Linux extract from Google Stadia project.
Open source on-call scheduling, automated escalations, and notifications so you never miss a critical alert
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this