SSRF inside Google production network
CSRF is very common but SSRF is something we overlooked. If our app fetches remote content
such as taking screenshot of website, do health check, our app maybe tricked into loading
resource in internal infrastructure.
11 Ways (Not) to Get Hacked in Kubernetes
Starting with the control plane, building up through workload and network security, and finishing with a projection into the future of security, here is a list of handy tips to help harden your clusters and increase their resilience if compromised.
Assembly Language for Beginners [pdf]
Probably not many reader of betterdev write assembly, but this give insight into how computer works: CPU, register, machine code,
numeral system and more.
Riot games approach to anti-cheat
Combating cheats is an ever-evolving arms race. The scope and complexity of cheat development grows every year along with the stakes in online gaming. The pressure is on for game studios to level up when it comes to detecting and preventing bad actors
How Tinder keeps your exact location (a bit) private
The Tinder app tracks its users’ locations in order to tell potential matches how far away they are from each other.
Tinder has 2 innovations to protect this: divides the city up into grid squares, very roughly 1 mile by 1 mile in size,
and calculates distances using what appears to be an entirely custom formula.
Geosharded Recommendations Part 1: Sharding Approach
Tinder shards their database by storing users who are physically near each other in the same shard. They share about the
design and its outcome: load balance, score and shard size and eventually use Google’s S2 Cell & Geosharding Algorithm
with hilbert curve.
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this