Hi all,
We come back to my second week :). If you like BetterDev, please help spead word out by refer to your friends. Buy Me a coffee would be great too
In previous email, I said about a new self hosted section. Due to a bug the sefl hosted doesn’t appear in email, you can go back to re-read the previous issue for awesome tool that you can run on your own hardware.
Onward to our news issue today.
First thing, there is a suppy chain attack on xz, it has assigned CVE-2024-3094, If you had install xz 5.6.x, that version is affected. If it’s a server, better to destroy and rebuild a new server with xz 5.4.
If you’re using mac, you can check which xz version you had installed
brew info xz
If it return 5.6, perform an brew upgrade xz and it will rollback to 5.4.
Continue on this story, no one know the real identity of the attacker so far. He has spend 2 years contribute code in a legitimate way. 2 years of works. Had he implement the backdoor correctly and not causing slowness, probably no one has notice. Someone shared a similar story on mastodon.
Another dance in open source community is the Redis license change, rest assured that if you’re just using Redis as an end-user theree is nothign change, you will be continue to use it. On top of that, Linux foundation has already launch Valkey , which is a fork of Redis right before the license change. In Redis codebase, top changeset contributions by employe is Tencent, not even Redis Lab. Alibaba comes in third place, then Huawei. So I think there will be definetely a path to the official Redis, similar to the IO.js story back in the old day, where everyone switch to the community fork. So no action require as an end-user, in the meantime, exploring the new ValKey project.
Let’s talk about one of the most performance-sensitive programs you run every day: your operating system. Since every speedup gives you more computer to compute with, an OS is never fast enough, so you can always find kernel and driver developers optimizing the bejesus out of their code.
A brief introduction to antennas, superheterodyne receivers, and signal modulation schemes.
Due to its easi of use, and its forgiven model, promise remain an unclear? should I use return Promise<Value> or, return Promise.Resolve(value). all of that. Let look deeper to understand their execution model.
In the process of improving Knock performance, Knock engineers found ourselves in the weeds hacking our Postgres driver, and we wanted to share some fun learnings we’ve gathered so far.
Many applications that run on Raspberry Pis and similar single-board computers — for example, environmental data loggers that report to a central database server — don’t really need to store any state locally on the Pi’s SD card. This means you can run the Pi with a read-only root filesystem, which will dramatically increase the SD card’s lifetime. Also good discussion on Hacker News for alternative method
Pretty much any home computers are behind a NAT, mean multiple computer share a same public ip. In the TCP/UDP packet, there is a port, the pair ip:port can be used to track which host and send the packet back. But ping operate with ICMP, and ICMP packet doesnt have a port field. So how does NAT work for ICMP packets?
When a website ask you to hold down a key, what can happen? What is User Gesture? How to defend.
Anytime you start to implement HIPAA, SOC, NIST PCE-DSS, the file integrity monitoring come up? who changed this file? when? what is changed? In this articule, we look into that with Tetragon. Not just for security, say you have a config file, such as an env file that is source before application run, tracking changes to this file can help spot and solve problem in an outage too.
What is the process of this? what tooling, what setup, what is a step by step guide in layman term.
Apple Pay is great, but I think there is some misunderstanding out there about the details of how it works.
A useful article to go over commont leaks in Go, method to find them.
Faster utf8.Valid using multi-byte processing without SIMD. Up to 50% faster than the standard library. Can be a useful tool to deal with email parser for example where we want to filter out non utf8 character
GoParse simple SQL statements into an abstract syntax tree (AST) with the visited tableList and convert it back to SQL
JavaScriptScalable, Low-latency and Hybrid-enabled Vector Search in Postgres. Revolutionize Vector Search, not Database.
Rusta gem that allows your application to send notifications of varying types, over various mediums, to various recipients. Be it a Slack notification to your own team when some internal event occurs or a notification to your user, sent as a text message, email, and real-time UI element in the browser, Noticed supports all of the above (at the same time)!
RubyLightweight Postgres packaged as WASM into a TypeScript library for the browser, Node.js, Bun and Deno. Use case is you may run an interactive embeded postgres in browser for a playground postgres application.
owerful real-time, eBPF-based Security Observability and Runtime Enforcement such as monitoring file changes, block operation to file etc.
A pure Go minimal operating system. Based on Linux and K8S. It runs on a fleet of bare metal or cloud machines and provides users with a hardened, production ready Kubernetes, without the overhead of traditional Linux distributions or configuration management systems.
GoCLI tool for saving complete web pages as a single HTML file
eBPF distributed networking observability tool for Kubernetes.
a performance focused drag and drop library that can be used to power any drag and drop experience on any tech stack. Pragmatic drag and drop makes working with the browsers powerful and flexible built in drag and drop functionality safe and easy.
a SQL engine and CLI tool that lets you manage your data transformation projects with ease. use Quary to transform their raw data tables into actionable and trustworthy insights. Teams do so by layering well documented and tested transformations into useful insights ready for consumptio
Fast Training of Diffusion Transformer for Photorealistic Text-to-Image Synthesis
A bundle of many app into a single web ui provide you with: app store, vpn , auth server, reverse proxy server, cron job and more.
an advanced open-source desktop environment in the browser, designed to be feature-rich, exceptionally fast, and highly extensible. It can be used to build remote desktop environments or serve as an interface for cloud storage services, remote servers, web hosting platforms, and more
BetterDev Link
Every Monday